cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Azure Databricks DBFS Root, Storage Account Networking

sintsan
New Contributor II

‎04-20-2023 06:00 AM

For an Azure Databricks with vnet injection, we would like to change the networking on the default managed Azure Databricks storage account (dbstorage) from Enabled from all networks to Enabled from selected virtual networks and IP addresses.

Can this be done and if not can you point to some docs describing how the managed storage account is secured?

Thanks!

0 Kudos
3 REPLIES 3

karthik_p
Esteemed Contributor

‎04-20-2023 09:54 AM

@Sander Sintjorissen​ As far as i know storage config for azure is different from aws. but it looks in azure during workspace configuration encryption is enabled by default for your storage, if you want to have more security you can go with "Double Encryption for DBFS Root"

https://learn.microsoft.com/en-us/azure/databricks/security/keys/double-encryption

0 Kudos

sintsan
New Contributor II
In response to karthik_p

‎04-20-2023 09:03 PM

@karthik p​  Thank you for your answer, although it does not really answer my question. Reading this post https://community.databricks.com/s/question/0D53f00001mFBAkCAO/network-security-for-dbfs-storage-acc... I understand the current workaround is to create another Azure SA and then redirect logs, etc to that account.

Is there any descriptive documentation on Azure Databricks as to what the impact of having Allow All in networking on DBFS Root actually is?

Thanks!

0 Kudos

karthik_p
Esteemed Contributor

‎04-24-2023 07:35 PM

@Sander Sintjorissen​ usually root storage bucket has below directories present in article

https://learn.microsoft.com/en-us/azure/databricks/dbfs/root-locations

to store logs related to auditing you can create another storage and add that. hope this helps

0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.