Azure Databricks workspaces should disable public network access
March 21, 2025 ยท View on GitHub
SYNOPSIS
Azure Databricks workspaces should disable public network access.
DESCRIPTION
Disabling public network access improves security by ensuring that the resource isn't exposed on the public internet. You can control exposure of your resources by creating private endpoints instead.
RECOMMENDATION
Consider configuring Databricks workspaces to disable public network access, using private endpoints to control connectivity.
EXAMPLES
Configure with Azure template
To deploy workspaces that pass this rule:
- Set the
properties.publicNetworkAccessproperty toDisabled.
For example:
{
"type": "Microsoft.Databricks/workspaces",
"apiVersion": "2023-02-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"sku": {
"name": "standard"
},
"properties": {
"managedResourceGroupId": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', 'example-mg')]",
"publicNetworkAccess": "Disabled",
"parameters": {
"enableNoPublicIp": {
"value": true
}
}
}
}
Configure with Bicep
To deploy workspaces that pass this rule:
- Set the
properties.publicNetworkAccessproperty toDisabled.
For example:
resource databricks 'Microsoft.Databricks/workspaces@2023-02-01' = {
name: name
location: location
sku: {
name: 'standard'
}
properties: {
managedResourceGroupId: managedRg.id
publicNetworkAccess: 'Disabled'
parameters: {
enableNoPublicIp: {
value: true
}
}
}
}