When configuring a SQL Database, what must be in place to allow Azure services to access it?

To allow Azure services to access a SQL Database, specifying an IP range in the firewall is necessary because SQL Databases in Azure have built-in security features that restrict access based on network rules. By defining an IP range, you enable specific Azure services, or from particular networks, to communicate with the SQL Database securely.

This method supports a principle of least privilege, allowing only designated IP addresses or ranges to connect. It ensures that the database is safeguarded against unwanted access, while still permitting necessary services to function without interruption.

Other options, while they might relate to security practices in general, do not specifically address the immediate requirement for configuring access to SQL Databases in this context. Public access could expose the database to unwanted external traffic, creating potential security risks. The creation of a service principal is more relevant to authentication procedures for specific applications rather than configuring network access. Network isolation can enhance security but is more about entirely restricting access as opposed to specifically allowing Azure services to interact with the database.