Powerpipe MCP Server →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
15Dashboards
1464Benchmarks
449Queries
2Variables
GitHub

Control: 3.1.5 Ensure that Unity Catalog is configured for Azure Databricks

Description

Unity Catalog is a centralized governance model for managing and securing data in Azure Databricks. It provides fine-grained access control to databases, tables, and views using Microsoft Entra ID identities. Unity Catalog also enhances data lineage, audit logging, and compliance monitoring, making it a critical component for security and governance.

  • Enforces centralized access control policies and reduces data security risks.
  • Enables identity-based authentication via Microsoft Entra ID.
  • Improves compliance with industry regulations (e.g. GDPR, HIPAA, SOC 2) by providing audit logs and access visibility.
  • Prevents unauthorized data access through table-, row-, and column-level security (RLS & CLS).

Remediation

Use the remediation procedure written in this article: https://learn.microsoft.com/en-us/azure/databricks/data-governance/unity-catalog/get-started

Default Value

New workspaces have Unity Catalog enabled by default. Existing workspaces may require manual enablement.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v400_3_1_5

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v400_3_1_5 --share

SQL

This control uses a named query:

select
  id as resource,
  'info' as status,
  'Manual verification required.' as reason,
  display_name as subscription
from
  azure_subscription;

Tags

category = Compliance
cis = true
cis_item_id = 3.1.5
cis_level = 1
cis_section_id = 3.1
cis_type = manual
cis_version = v4.0.0
plugin = azure
service = Azure/General