Hi @NadithK ,
The option to create a private endpoint for the Databricks root storage (DBFS) is currently in preview, so it may not be available in all regions or subscription types.
Once the private endpoint has been created, you can modify the firewall rules on your firewall to allow traffic to the DBFS storage only through the remote endpoint. This will ensure that all traffic to the storage goes through the private endpoint and is not routed through the public internet.
Regarding the error message you encountered, it seems like you may have a deny assignment enabled in your environment that is preventing you from creating the private endpoint. You may need to modify the assignment to allow the creation of the private endpoint or contact your Azure administrator for assistance with modifying the assignment.
Finally, note that enabling VNET injection does not automatically make the Databricks root storage private. You will still need to configure a private endpoint for the storage, as outlined above, to ensure that all traffic to the storage goes through a private network.