https://community.databricks.com/t5/administration-architecture/disable-allow-trusted-microsoft-services-to-bypass-this-firewall/m-p/106451#M2808 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/142274">@rdadhichi</a>,</P> <P>Have you set "Allow access from" to "Private endpoint and selected networks" on the firewall?</P> Tue, 21 Jan 2025 12:58:49 GMT Alberto_Umana 2025-01-21T12:58:49Z https://community.databricks.com/t5/administration-architecture/disable-allow-trusted-microsoft-services-to-bypass-this-firewall/m-p/106446#M2805 <P>Currently even when using vnet injected Databricks workspace, we are unable to fetch the secrets from AKV if the '<STRONG>Allow trusted Microsoft services to bypass this firewall' is disabled.<BR /></STRONG>The secret is used a AKV backed secret scope and the key vault is private (public access disabled).<BR /><BR />Our security requirement is to disable this and use private endpoints only. We have tried a few things like :<BR />1. NCC configuration to create a private endpoint from databricks to key vault</P><P>2. Verifying the dns entries and nslookup from the notebook gives the correct private ip of the kv<BR /><BR />Is this a limitation as we could not find any documentation that would help us disabling this without breaking things.<BR />Official troubleshooting doc also asks to keep this enabled<BR /><A href="https://kb.databricks.com/security/troubleshoot-key-vault-access#:~:text=Inspect%20the%20firewall%20configuration%20on%20the%20key%20vault&amp;text=Click%20Networking.,firewall%3F%20is%20set%20to%20Yes." target="_self">Troubleshooting 403</A>&nbsp;<BR /><BR /><BR /><BR /></P> Tue, 21 Jan 2025 12:42:52 GMT https://community.databricks.com/t5/administration-architecture/disable-allow-trusted-microsoft-services-to-bypass-this-firewall/m-p/106446#M2805 rdadhichi 2025-01-21T12:42:52Z https://community.databricks.com/t5/administration-architecture/disable-allow-trusted-microsoft-services-to-bypass-this-firewall/m-p/106451#M2808 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/142274">@rdadhichi</a>,</P> <P>Have you set "Allow access from" to "Private endpoint and selected networks" on the firewall?</P> Tue, 21 Jan 2025 12:58:49 GMT https://community.databricks.com/t5/administration-architecture/disable-allow-trusted-microsoft-services-to-bypass-this-firewall/m-p/106451#M2808 Alberto_Umana 2025-01-21T12:58:49Z https://community.databricks.com/t5/administration-architecture/disable-allow-trusted-microsoft-services-to-bypass-this-firewall/m-p/106500#M2810 <P>There are no such settings.<BR /><BR />We have Disabled Public access .&nbsp;<BR />We have Private endpoints created for the KV in the same vnet and can do a successfull nslookup from a notebook in our workspace<BR /><BR /><BR />Our requirement is to dsable the exception : ' Allow Trusted services....'<BR /><BR />Please let me know if this is possible or not</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="rdadhichi_0-1737468820054.png" style="width: 400px;"><img src="https://community.databricks.com/t5/image/serverpage/image-id/14246i4F5664AB67DF5990/image-size/medium?v=v2&amp;px=400" role="button" title="rdadhichi_0-1737468820054.png" alt="rdadhichi_0-1737468820054.png" /></span></P><P>&nbsp;</P> Tue, 21 Jan 2025 14:16:10 GMT https://community.databricks.com/t5/administration-architecture/disable-allow-trusted-microsoft-services-to-bypass-this-firewall/m-p/106500#M2810 rdadhichi 2025-01-21T14:16:10Z https://community.databricks.com/t5/administration-architecture/disable-allow-trusted-microsoft-services-to-bypass-this-firewall/m-p/115657#M3264 <P>Any update on this? Is it possible to disable the&nbsp;<SPAN>' Allow Trusted services....' rule if you are using a private endpoint or whitelist certain IPs? Or is it required no matter what?</SPAN></P> Wed, 16 Apr 2025 12:52:21 GMT https://community.databricks.com/t5/administration-architecture/disable-allow-trusted-microsoft-services-to-bypass-this-firewall/m-p/115657#M3264 bauerbrett1 2025-04-16T12:52:21Z