cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Databricks Network Policies

mohsen-dbx
New Contributor II

โ€Ž02-27-2025 07:27 AM

Hi Databricks community. I have 2 questions that I'd appreciate if you can shed some lights on:

  1. Is the new Network Policies in Databricks account, only applicable to serverless compute or are these workspace-wide policies which apply to all other compute types? The databricks documentation Managing network policies for serverless egress control talks about the serverless egress control but it's not clear if this applies to other computes or not. Also nothing in the network policy menu hints at this being a feature for serverless compute.
  2. Also I have created a new policy and assigned a workspace to this policy. As you can see no domains is allowed and the policy is being enforced to the workspaces (I've redacted them). But I can still run any query from these workspaces to storage accounts. Also I can resolve any domain from notebooks. What am I misconfiguring here?

mohsendbx_0-1740670036975.png

 

0 Kudos
2 REPLIES 2

mohsen-dbx
New Contributor II

โ€Ž03-03-2025 01:41 PM

@support can you share your thoughts on the above please as no one else have responded.

0 Kudos

Rjdudley
Honored Contributor

โ€Ž03-06-2025 05:56 AM

I am not support, just a regular customer like you, but here is what I know:

1. Yes, serverless egress only applies to serverless.  There is another upcoming change you'll need to make for your classic compute, announced by Microsoft at Default outbound access in Azure - Azure Virtual Network | Microsoft Learn and mentioned by Databricks in Enable secure cluster connectivity - Azure Databricks | Microsoft Learn.

2. Not sure.  If the storage accounts are in Unity Catalog they will be automatically allowed.  Likewise, if you're running classic compute this policy won't be applied.  How did you try to resolve the domain--just a ping, or call an API?

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements