Control: Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.01 - Ensure that Azure Databricks is deployed in a customer-managed virtual network (VNet)
Configures auditing against a CIS Benchmark item.
Level: 1
Networking for Azure Databricks can be set up in a few different ways. Using a customer-managed Virtual Network (VNet) (also known as VNet Injection) ensures that compute clusters and control planes are securely isolated within the organization’s network boundary. By default, Databricks creates a managed VNet, which provides limited control over network security policies, firewall configurations, and routing.
Using a customer-managed VNet ensures better control over network security and aligns with zero-trust architecture principles. It allows for: - Restricted outbound internet access to prevent unauthorized data exfiltration. - Integration with on-premises networks via VPN or ExpressRoute for hybrid connectivity. - Fine-grained NSG policies to restrict access at the subnet level. - Private Link for secure API access, avoiding public internet exposure.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.01 - Ensure that Azure Databricks is deployed in a customer-managed virtual network (VNet)
- Azure > CIS v5.0
- Azure > CIS v5.0 > 2 - Analytics Services
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv5-0#/control/types/r020101
- tmod:@turbot/cis#/control/categories/v071401
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv5-0#/control/types/r020101"
Get Controls