Azure Databricks Workspaces should disable public network access
HIGH
Ensures Azure Databricks workspaces are not accessible from the public internet.
What does this mean?
This recommendation ensures that Azure Databricks workspaces have public network access disabled. All access should be routed through private endpoints or VNet injection to prevent unauthorized access from the internet.
Benefits of implementation
- Eliminates public internet exposure of the Databricks workspace
- Protects sensitive data processing environments
- Aligns with network segmentation best practices
Drawbacks and considerations
- Requires VNet injection or Private Link setup
- Users must connect through VPN or ExpressRoute
- More complex initial configuration
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- HIGH
- Category
- Databricks
- Azure Resource
- Frameworks
- 1 frameworks
- Last updated
- 2026-02-12