I would not go for option 1 indeed as Hubert said.
Azure provided solutions (VNET injection etc) are preferred.
The IP range which is used for the Azure VMs (which Databricks uses) will be quite big so whitelisting that whole range defeats the use of a firewall.