Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
16Dashboards
1651Benchmarks
486Queries
8Variables
GitHub

Control: 2.1.5 Ensure that Unity Catalog is configured for Azure Databricks

Description

Unity Catalog is a centralized governance model for managing and securing data in Azure Databricks. It provides fine-grained access control to databases, tables, and views using Microsoft Entra ID identities. Unity Catalog also enhances data lineage, audit logging, and compliance monitoring, making it a critical component for security and governance.

- Enforces centralized access control policies and reduces data security risks.
- Enables identity-based authentication via Microsoft Entra ID.
- Improves compliance with industry regulations (e.g. GDPR, HIPAA, SOC 2) by providing audit logs and access visibility.
- Prevents unauthorized data access through table-, row-, and column-level security (RLS & CLS).

Remediation

Use the remediation procedure written in this article: https://learn.microsoft.com/enus/azure/databricks/data-governance/unity-catalog/get-started.

Default Value:

New workspaces have Unity Catalog enabled by default. Existing workspaces may require manual enablement.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v500_2_1_5

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v500_2_1_5 --share

SQL

This control uses a named query:

select
  id as resource,
  'info' as status,
  'Manual verification required.' as reason,
  display_name as subscription
from
  azure_subscription;

Tags

category = Compliance
cis = true
cis_item_id = 2.1.5
cis_level = 1
cis_section_id = 2.1
cis_type = manual
cis_version = v5.0.0
plugin = azure
service = Azure