How to use ARM template to restrict publicBlobAccess to managed Databricks storage account

Leerdam van, J (Jean-Marc) 16 Reputation points
2020-12-04T07:52:20.833+00:00

In our organisation we are required to disable publicBlobAccess and enable TLS1_2 as minimum version on all storage accounts. Preferably we also use StorageV2 type instead of BlobStorage.
When we create Databricks workspace, using ARM template, the managed storage account that is automatically created is a BlobStorage account, with blob public access enabled, and TLS1_0 as minimum version.

I have searched the ARM documentation pages, but not found a way to influence the creation of the managed storage account.

How can we adjust our Microsoft.Databricks/workspaces resource section in the ARM templates to disable public Blob access and set TLS1_2 as the minimum version?

Azure Databricks
Azure Databricks
An Apache Spark-based analytics platform optimized for Azure.
2,150 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Janne Kujanpää 1 Reputation point
    2020-12-14T20:19:32.887+00:00

    I have similar request but with different approach

    In my opinion publicBlobAccess should be always disabled by default for databricks managed storage account to match best practices and to match a new(=still preview) ASC rule. Built-in deny rule of the managed resource group disables changing content of the RG and ASC alerts cannot be manually fixed by changing resource settings.

    Azure Databricks creates safe in managed RG but created resources should not cause any bogus alerts in ASC and force users to add resources into exemption list.

    refs:

    I hope this will be considered and this would solve half of the OP's problem.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.