For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-bvg.md. A documentation index is available at /llms.txt.

Databricks workspaces should have Secure Cluster Connectivity (No Public IP) enabled

azure

Description

Ensure that Azure Databricks workspaces have the “No Public IP” feature enabled. When enabled, cluster nodes are not assigned public IP addresses, reducing the attack surface by preventing direct internet connectivity to compute resources.

Remediation

Deploy Databricks workspaces with Secure Cluster Connectivity (No Public IP) enabled. For existing workspaces, redeploy with the enableNoPublicIp parameter set to true. See Enable secure cluster connectivity.