Control: Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.04 - Ensure that users and groups are synced from Microsoft Entra ID to Azure Databricks
Configures auditing against a CIS Benchmark item.
Level: 1
To ensure centralized identity and access management, users and groups from Microsoft Entra ID should be synchronized with Azure Databricks. This is achieved through SCIM provisioning, which automates the creation, update, and deactivation of users and groups in Databricks based on Entra ID assignments. Enabling this integration ensures that access controls in Databricks remain consistent with corporate identity governance policies, reducing the risk of orphaned accounts, stale permissions, and unauthorized access.
Syncing users and groups from Microsoft Entra ID centralizes access control, enforces the least privilege principle by automatically revoking unnecessary access, reduces administrative overhead by eliminating manual user management, and ensures auditability and compliance with industry regulations.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.04 - Ensure that users and groups are synced from Microsoft Entra ID to Azure Databricks
- Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.04 - Ensure that users and groups are synced from Microsoft Entra ID to Azure Databricks > Attestation
- Azure > CIS v4.0 > Maximum Attestation Duration
- Azure > CIS v4.0
- Azure > CIS v4.0 > 03 - Analytics Services
- Azure > CIS v4.0 > 03 - Analytics Services > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv4-0#/control/types/r030104
- tmod:@turbot/cis#/control/categories/v071602
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv4-0#/control/types/r030104"
Get Controls