Control: 3.1.5 Ensure that Unity Catalog is configured for Azure Databricks
Description
Unity Catalog is a centralized governance model for managing and securing data in Azure Databricks. It provides fine-grained access control to databases, tables, and views using Microsoft Entra ID identities. Unity Catalog also enhances data lineage, audit logging, and compliance monitoring, making it a critical component for security and governance.
- Enforces centralized access control policies and reduces data security risks.
- Enables identity-based authentication via Microsoft Entra ID.
- Improves compliance with industry regulations (e.g. GDPR, HIPAA, SOC 2) by providing audit logs and access visibility.
- Prevents unauthorized data access through table-, row-, and column-level security (RLS & CLS).
Remediation
Use the remediation procedure written in this article: https://learn.microsoft.com/en-us/azure/databricks/data-governance/unity-catalog/get-started
Default Value
New workspaces have Unity Catalog enabled by default. Existing workspaces may require manual enablement.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v400_3_1_5
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v400_3_1_5 --share
SQL
This control uses a named query:
select id as resource, 'info' as status, 'Manual verification required.' as reason, display_name as subscriptionfrom azure_subscription;