Currently even when using vnet injected Databricks workspace, we are unable to fetch the secrets from AKV if the 'Allow trusted Microsoft services to bypass this firewall' is disabled.
The secret is used a AKV backed secret scope and the key vault is private (public access disabled).
Our security requirement is to disable this and use private endpoints only. We have tried a few things like :
1. NCC configuration to create a private endpoint from databricks to key vault
2. Verifying the dns entries and nslookup from the notebook gives the correct private ip of the kv
Is this a limitation as we could not find any documentation that would help us disabling this without breaking things.
Official troubleshooting doc also asks to keep this enabled
Troubleshooting 403