cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Product Platform Updates
Stay informed about the latest updates and enhancements to the Databricks platform. Learn about new features, improvements, and best practices to optimize your data analytics workflow.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

[Azure] Outbound public IP address ranges for the control plane will be updated May 20, 2025

GlorianaHM
Databricks Employee
Databricks Employee
a month ago

To improve the security and zone support availability of the Azure Databricks control plane, we'll be updating the outbound public IP address range and associated Databricks service tags on May 20, 2025.

Required Action:

If you use a resource firewall that allows access from the Azure Databricks control plane public IPs, you'll need to take two separate actions:

  1. Add the listed outbound public IP adresses before 20 May 2025.
  2. Remove the listed outbound public IP adresses between 4 August and 30 September 2025.

If you don't take these two actions, you may experience disruptions to Azure Databricks.

Help and support:

If you have any questions or require additional support, please contact your Databricks account team or open a support ticket with Azure Databricks.

6 Comments
Ria1
New Contributor II
4 weeks ago
4 weeks ago

If the databricks is configured using Vnet do we still need to make the above changes?

AlexEsibov
Databricks Employee
Databricks Employee
3 weeks ago
3 weeks ago

@Ria1 yes, it is agnostic of how Databricks is configured. This will impact any outbound requests from the Databricks control plane to services behind a firewall.

0 Kudos
Ria1
New Contributor II
3 weeks ago
3 weeks ago

@AlexEsibov - Could you please help me with the steps on where and how to add the IP's as we are using the VNet to connect from azure databricks to azure storage account.

Thanks in advance!

0 Kudos
loic
Contributor
3 weeks ago
3 weeks ago

@Ria1 I am not an expert but this is my understanding.

When you speak of "Vnet", you speak of "vnet injection" right? So here, it is only the private and public subnets of your "compute plan" that are injected in your VNET.

This update is only about outbound IPs of the "control plane" (which I guess, doesn't access your storage).

So my conclusion (if I am not wrong), is that you have nothing to do on your deployment regarding this update.

AlexEsibov
Databricks Employee
Databricks Employee
2 weeks ago
2 weeks ago

@loic @Ria1  - correct, for most customers, the Databricks control plane does not talk to customer storage accounts over NAT gateways. There are a small subset of customers in this boat but they would already know - the easiest way to confirm is to check if the current control plane IPs from the docs above are in the storage firewall. If they are, then you should update to include to also include the new control plane IPs. 

Ria1
New Contributor II
2 weeks ago
2 weeks ago

Thank you 🙂

0 Kudos
Popular Articles
li.common.scroll-to.top