Control: 2.1.10 Ensure 'Allow Public Network Access' is set to 'Disabled'
Description
Disable public network access to prevent exposure to the internet and reduce the risk of unauthorized access. Use private endpoints to securely manage access within trusted networks.
Disabling public network access improves security by ensuring that Azure Databricks workspaces are not exposed on the public internet.
Remediation
Remediate from Azure Portal
- Go to
Azure Databricks. - Click the name of a workspace.
- Under
SettingsclickNetworking. - Under
Network access, next toAllow Public Network Access,click the radio button next toDisabled. - Click
Save. - Repeat steps 1-5 for each workspace requiring remediation.
Remediate from Azure CLI
For each workspace requiring remediation, run the following command to set publicNetworkAccess to Disabled:
az databricks workspace update --resource-group <resource-group> --name <workspace> --public-network-access Disabled
Remediate from PowerShell
For each workspace requiring remediation, run the following command to set PublicNetworkAccess to Disabled:
Update-AzDatabricksWorkspace -ResourceGroupName <resource-group> -Name <workspace> -PublicNetworkAccess Disabled
Default Value:
Allow Public Network Access is set to Enabled by default.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v500_2_1_10Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v500_2_1_10 --shareSQL
This control uses a named query:
select id as resource, 'info' as status, 'Manual verification required.' as reason, display_name as subscriptionfrom azure_subscription;