https://community.databricks.com/t5/data-engineering/disable-public-network-access-on-databricks-managed-storage/m-p/154760#M54136 <P><STRONG>Issue Description:</STRONG><BR />I am attempting to disable public network access on the Azure <STRONG>Databricks managed storage account</STRONG>. However, I am encountering the following error:</P><P>Failed to save resource settings — access is denied due to a deny assignment created by Azure Databricks on the managed resource group.</P><P>Although the client has Microsoft.Storage/storageAccounts/write permission, the operation is blocked by a <STRONG>system deny assignment</STRONG> associated with the Databricks workspace.</P><P>The <STRONG>goal is to block all public access to the databricks managed storage account</STRONG> while ensuring secure connectivity for:</P><P>&nbsp;-- Control Plane → Storage Account<BR />-- Compute Plane (Databricks clusters) → Storage Account<BR />-- External Sources → Storage Account (via Private Endpoint or other secure mechanisms only)</P><P><BR /><STRONG>Context / Query:</STRONG><BR />Based on the Microsoft documentation on Databricks storage firewall support, it mentions:</P><P>"<A href="https://learn.microsoft.com/en-us/azure/databricks/security/network/storage/firewall-support" target="_blank">Enable firewall support for your workspace storage account - Azure Databricks | Microsoft Learn</A>"</P><P>“Contact your Azure Databricks account team to update the managed resource group configuration before proceeding.”</P><P><STRONG>I would like to understand:</STRONG></P><P>1)&nbsp; Whether the firewall support approach allows disabling public network access for the managed storage account<BR />2). If not directly, what is the recommended architecture/configuration to:<BR />&nbsp; &nbsp; a). Restrict public access<BR />&nbsp; &nbsp; b). Ensure Control Plane and Compute Plane connectivity<BR />&nbsp; &nbsp; c). Enable secure external access (Private Endpoint / VNet-based access)</P><P><BR /><STRONG>Ask:</STRONG><BR />--&gt; Whether disabling public access on the managed storage account is supported in this setup<BR />--&gt; If yes, the exact steps/configuration required<BR />--&gt; If not, the alternative secure approach to meet the above requirements</P> Thu, 16 Apr 2026 17:52:13 GMT MyProfile 2026-04-16T17:52:13Z https://community.databricks.com/t5/data-engineering/disable-public-network-access-on-databricks-managed-storage/m-p/154760#M54136 <P><STRONG>Issue Description:</STRONG><BR />I am attempting to disable public network access on the Azure <STRONG>Databricks managed storage account</STRONG>. However, I am encountering the following error:</P><P>Failed to save resource settings — access is denied due to a deny assignment created by Azure Databricks on the managed resource group.</P><P>Although the client has Microsoft.Storage/storageAccounts/write permission, the operation is blocked by a <STRONG>system deny assignment</STRONG> associated with the Databricks workspace.</P><P>The <STRONG>goal is to block all public access to the databricks managed storage account</STRONG> while ensuring secure connectivity for:</P><P>&nbsp;-- Control Plane → Storage Account<BR />-- Compute Plane (Databricks clusters) → Storage Account<BR />-- External Sources → Storage Account (via Private Endpoint or other secure mechanisms only)</P><P><BR /><STRONG>Context / Query:</STRONG><BR />Based on the Microsoft documentation on Databricks storage firewall support, it mentions:</P><P>"<A href="https://learn.microsoft.com/en-us/azure/databricks/security/network/storage/firewall-support" target="_blank">Enable firewall support for your workspace storage account - Azure Databricks | Microsoft Learn</A>"</P><P>“Contact your Azure Databricks account team to update the managed resource group configuration before proceeding.”</P><P><STRONG>I would like to understand:</STRONG></P><P>1)&nbsp; Whether the firewall support approach allows disabling public network access for the managed storage account<BR />2). If not directly, what is the recommended architecture/configuration to:<BR />&nbsp; &nbsp; a). Restrict public access<BR />&nbsp; &nbsp; b). Ensure Control Plane and Compute Plane connectivity<BR />&nbsp; &nbsp; c). Enable secure external access (Private Endpoint / VNet-based access)</P><P><BR /><STRONG>Ask:</STRONG><BR />--&gt; Whether disabling public access on the managed storage account is supported in this setup<BR />--&gt; If yes, the exact steps/configuration required<BR />--&gt; If not, the alternative secure approach to meet the above requirements</P> Thu, 16 Apr 2026 17:52:13 GMT https://community.databricks.com/t5/data-engineering/disable-public-network-access-on-databricks-managed-storage/m-p/154760#M54136 MyProfile 2026-04-16T17:52:13Z https://community.databricks.com/t5/data-engineering/disable-public-network-access-on-databricks-managed-storage/m-p/154784#M54142 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/225471">@MyProfile</a>&nbsp;This would be helpful, check once -&nbsp;<A href="https://learn.microsoft.com/en-us/answers/questions/1707749/managed-storage-accounts-compliance" target="_blank">https://learn.microsoft.com/en-us/answers/questions/1707749/managed-storage-accounts-compliance</A></P> Fri, 17 Apr 2026 06:19:28 GMT https://community.databricks.com/t5/data-engineering/disable-public-network-access-on-databricks-managed-storage/m-p/154784#M54142 Sumit_7 2026-04-17T06:19:28Z