https://community.databricks.com/t5/data-engineering/how-azure-databricks-manages-network-security-group-rules/m-p/21874#M14942 <P>How Azure Databricks manages network security group rules</P><P></P> Tue, 22 Jun 2021 09:30:57 GMT User16826994223 2021-06-22T09:30:57Z https://community.databricks.com/t5/data-engineering/how-azure-databricks-manages-network-security-group-rules/m-p/21874#M14942 <P>How Azure Databricks manages network security group rules</P><P></P> Tue, 22 Jun 2021 09:30:57 GMT https://community.databricks.com/t5/data-engineering/how-azure-databricks-manages-network-security-group-rules/m-p/21874#M14942 User16826994223 2021-06-22T09:30:57Z https://community.databricks.com/t5/data-engineering/how-azure-databricks-manages-network-security-group-rules/m-p/21875#M14943 <P>The NSG rules listed in the following sections represent those that Azure Databricks auto-provisions and manages in your NSG, by virtue of the delegation of your VNet’s host and container subnets to the&nbsp;</P><P>Microsoft.Databricks/workspaces</P><P>&nbsp;service. You do not have permission to update or delete these NSG rules; any attempt to do so is blocked by the subnet delegation. Azure Databricks must own these rules in order to ensure that Microsoft can reliably operate and support the Azure Databricks service in your VNet.</P><P>Some of these NSG rules have&nbsp;<I>VirtualNetwork</I>&nbsp;assigned as the source and destination. This has been implemented to simplify the design in the absence of a subnet-level service tag in Azure. All clusters are protected by a second layer of network policy internally, such that cluster A cannot connect to cluster B in the same workspace. This also applies across multiple workspaces if your workspaces are deployed into a different pair of subnets in the same customer-managed VNet</P> Tue, 22 Jun 2021 09:31:15 GMT https://community.databricks.com/t5/data-engineering/how-azure-databricks-manages-network-security-group-rules/m-p/21875#M14943 User16826994223 2021-06-22T09:31:15Z