Policy: Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks
This section covers security recommendations for Azure Databricks workspaces.
Azure Databricks is an Apache Spark-based analytics platform optimized for the Microsoft Azure cloud services platform. These recommendations ensure Databricks workspaces are deployed and configured securely.
Primary Policy
This policy is used with the following primary policy:
Related Policies
- 2.01.01 - Ensure that Azure Databricks is deployed in a customer-managed virtual network (VNet)
- 2.01.02 - Ensure that network security groups are configured for Databricks subnets
- 2.01.03 - Ensure that traffic is encrypted between cluster worker nodes
- 2.01.04 - Ensure that users and groups are synced from Microsoft Entra ID to Azure Databricks
- 2.01.05 - Ensure that Unity Catalog is configured for Azure Databricks
- 2.01.06 - Ensure that usage is restricted and expiry is enforced for Databricks personal access tokens
- 2.01.07 - Ensure that diagnostic log delivery is configured for Azure Databricks
- 2.01.08 - Ensure critical data in Azure Databricks is encrypted with customer-managed keys (CMK)
- 2.01.09 - Ensure 'No Public IP' is set to 'Enabled'
- 2.01.10 - Ensure 'Allow Public Network Access' is set to 'Disabled'
- 2.01.11 - Ensure private endpoints are used to access Azure Databricks workspaces
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Examples [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/cis
- tmod:@turbot/azure-cisv5-0#/policy/types/s0201
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv5-0#/policy/types/s0201"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv5-0#/policy/types/s0201"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI