https://community.databricks.com/t5/administration-architecture/network-security-perimeter-post-setup-questions/m-p/158147#M5293 <P>I've set up the network security perimeter with Terraform using&nbsp;<A href="https://learn.microsoft.com/en-us/azure/databricks/security/network/serverless-network-security/serverless-nsp-firewall" target="_blank">Configure an Azure network security perimeter for Azure resources - Azure Databricks | Microsoft Learn</A>&nbsp;as my guide.&nbsp; All of the resources associated to the NSP, and the Status of each is "Succeeded (View issues)"</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Rjdudley_0-1780421763241.png" style="width: 400px;"><img src="https://community.databricks.com/t5/image/serverpage/image-id/27475iB0A0CEFF90330FC3/image-size/medium?v=v2&amp;px=400" role="button" title="Rjdudley_0-1780421763241.png" alt="Rjdudley_0-1780421763241.png" /></span></P><P>When I view the issue, it says</P><P class="lia-indent-padding-left-30px">Provisioning state<BR />Succeeded</P><P class="lia-indent-padding-left-30px">Issue type<BR />MissingIdentityConfiguration</P><P class="lia-indent-padding-left-30px">Description<BR />Enabling a managed identity (MI) is required to support intra-perimeter communication between resources. Only requests authenticated using MI are permitted for intra‑perimeter access. While some capabilities for certain resources may continue to function without a MI, enabling one is strongly recommended to ensure secure access within the same perimeter or across linked perimeters.</P><P class="lia-indent-padding-left-30px">Suggested access rules<BR />None</P><P class="lia-indent-padding-left-30px">Suggested resource IDs<BR />None</P><P class="lia-indent-padding-left-30px">Suggested fix<BR />Enable managed identity (MI) to ensure this resource can securely access other resources within the same perimeter or across linked perimeters. This is recommended even though certain capabilities may still operate without one.</P><P>I didn't see anything in the docs one way or the other for this, is it a problem or can we ignore it?</P><P>Following the "Verify ..." step, I get this response (the path was copied from the table's Details)</P><P class="lia-indent-padding-left-30px">[RequestId={guid} ErrorClass=INVALID_PARAMETER_VALUE.LOCATION_OVERLAP] Input path url 'abfss://{container}@{storage account}.dfs.core.windows.net/__unitystorage/schemas/{guid}/tables/{guid}' overlaps with managed storage within 'CheckPathAccess' call.</P><P>It looks like that is working, but then again, no discussion one way or the other.&nbsp; Is this expected since all our data access us through UC tables and therefore all locations are UC managed?</P> Tue, 02 Jun 2026 17:41:19 GMT Rjdudley 2026-06-02T17:41:19Z https://community.databricks.com/t5/administration-architecture/network-security-perimeter-post-setup-questions/m-p/158147#M5293 <P>I've set up the network security perimeter with Terraform using&nbsp;<A href="https://learn.microsoft.com/en-us/azure/databricks/security/network/serverless-network-security/serverless-nsp-firewall" target="_blank">Configure an Azure network security perimeter for Azure resources - Azure Databricks | Microsoft Learn</A>&nbsp;as my guide.&nbsp; All of the resources associated to the NSP, and the Status of each is "Succeeded (View issues)"</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Rjdudley_0-1780421763241.png" style="width: 400px;"><img src="https://community.databricks.com/t5/image/serverpage/image-id/27475iB0A0CEFF90330FC3/image-size/medium?v=v2&amp;px=400" role="button" title="Rjdudley_0-1780421763241.png" alt="Rjdudley_0-1780421763241.png" /></span></P><P>When I view the issue, it says</P><P class="lia-indent-padding-left-30px">Provisioning state<BR />Succeeded</P><P class="lia-indent-padding-left-30px">Issue type<BR />MissingIdentityConfiguration</P><P class="lia-indent-padding-left-30px">Description<BR />Enabling a managed identity (MI) is required to support intra-perimeter communication between resources. Only requests authenticated using MI are permitted for intra‑perimeter access. While some capabilities for certain resources may continue to function without a MI, enabling one is strongly recommended to ensure secure access within the same perimeter or across linked perimeters.</P><P class="lia-indent-padding-left-30px">Suggested access rules<BR />None</P><P class="lia-indent-padding-left-30px">Suggested resource IDs<BR />None</P><P class="lia-indent-padding-left-30px">Suggested fix<BR />Enable managed identity (MI) to ensure this resource can securely access other resources within the same perimeter or across linked perimeters. This is recommended even though certain capabilities may still operate without one.</P><P>I didn't see anything in the docs one way or the other for this, is it a problem or can we ignore it?</P><P>Following the "Verify ..." step, I get this response (the path was copied from the table's Details)</P><P class="lia-indent-padding-left-30px">[RequestId={guid} ErrorClass=INVALID_PARAMETER_VALUE.LOCATION_OVERLAP] Input path url 'abfss://{container}@{storage account}.dfs.core.windows.net/__unitystorage/schemas/{guid}/tables/{guid}' overlaps with managed storage within 'CheckPathAccess' call.</P><P>It looks like that is working, but then again, no discussion one way or the other.&nbsp; Is this expected since all our data access us through UC tables and therefore all locations are UC managed?</P> Tue, 02 Jun 2026 17:41:19 GMT https://community.databricks.com/t5/administration-architecture/network-security-perimeter-post-setup-questions/m-p/158147#M5293 Rjdudley 2026-06-02T17:41:19Z