Share via

How do I add an inbound security rule if there is an default DenyAllInbound Rule that causes an error when attempting to create an inbound rule?

Parris Sikorski (ALLEGIS GROUP HOLDINGS INC) 0 Reputation points Microsoft Vendor
2024-04-30T17:39:32.7466667+00:00

|Received an email with: The public IP address range for the Azure Databricks control plane will be
updated on 30 May 2024—you may need to take action
You're receiving this email because you use Azure
Databricks.
To support infrastructure
improvements, Azure Databricks will begin using new control
plane components on 30 May 2024:

We'll update the ingress
Azure Databricks control plane public IP addresses (look for
the IP addresses listed next to Control Plane IPs, including webapp
in the table) and associated service tags.
We'll update the egress
Azure Databricks control plane public IP addresses (look for
the IP addresses listed next to Control Plane NAT in the table)
and associated service tags.

If you use a
firewall or proxy appliance to restrict user access to the Azure Databricks
control plane or to control outbound access to your resources, you'll
need to update your access rules to include the new IP addresses by 30 May
2024. Otherwise, user access to the Azure Databricks control plane may be
blocked and/or Azure Databricks control plane access to your resources may be
blocked.
Required
action
To ensure there's no disruption to
inbound or outbound connectivity to the Azure Databricks control plane, update your access rules
to include the new ingress and egress IP addresses by 30 May 2024.
If you don't use a
firewall or proxy appliance to restrict user access to the Azure Databricks
control plane or to control outbound access to your resources, you
won't be affected by this change and you don't need to take any action.
If you are not the
admin responsible for network connectivity to Azure Databricks, please
forward this email to that person.
Help and
support
If you have questions, get answers
from community experts in Microsoft Q&A. If
you have a support plan and you need technical help, open the Azure portal and
select the question mark icon at the top of the page.
Links provided herein may take you
to a third-party website and are provided for convenience only. Third-party
websites are subject to the third-party's terms and privacy statements.| | -------- | |The public IP address range for the Azure Databricks control plane will be updated on 30 May 2024—you may need to take action You're receiving this email because you use Azure Databricks. To support infrastructure improvements, Azure Databricks will begin using new control plane components on 30 May 2024: We'll update the ingress Azure Databricks control plane public IP addresses (look for the IP addresses listed next to Control Plane IPs, including webapp in the table) and associated service tags. We'll update the egress Azure Databricks control plane public IP addresses (look for the IP addresses listed next to Control Plane NAT in the table) and associated service tags. If you use a firewall or proxy appliance to restrict user access to the Azure Databricks control plane or to control outbound access to your resources, you'll need to update your access rules to include the new IP addresses by 30 May 2024. Otherwise, user access to the Azure Databricks control plane may be blocked and/or Azure Databricks control plane access to your resources may be blocked. Required action To ensure there's no disruption to inbound or outbound connectivity to the Azure Databricks control plane, update your access rules to include the new ingress and egress IP addresses by 30 May 2024. If you don't use a firewall or proxy appliance to restrict user access to the Azure Databricks control plane or to control outbound access to your resources, you won't be affected by this change and you don't need to take any action. If you are not the admin responsible for network connectivity to Azure Databricks, please forward this email to that person. Help and support If you have questions, get answers from community experts in Microsoft Q&A. If you have a support plan and you need technical help, open the Azure portal and select the question mark icon at the top of the page. Links provided herein may take you to a third-party website and are provided for convenience only. Third-party websites are subject to the third-party's terms and privacy statements.| |Account information Subscription ID: d29db777-a83d-4fcc-93eb-00c424d274ee Subscription name: Not available| |Please help us improve our communication by telling us what you think about this email in a survey.| |FacebookTwitterYouTubeLinkedIn This message from Microsoft is an important part of a program, service, or product that you or your company purchased or participates in. Microsoft respects your privacy. Please read our Privacy Statement. This is a mandatory service communication. To set your contact preferences for other communications, visit the Promotional Communications Manager. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 Microsoft|

I receive this error when attempting to add the IP range as inbound security rule.

User's image

User's image

Azure Databricks
Azure Databricks
An Apache Spark-based analytics platform optimized for Azure.
1,956 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. PRADEEPCHEEKATLA-MSFT 79,141 Reputation points Microsoft Employee
    2024-05-01T08:41:09.05+00:00

    @Parris Sikorski (ALLEGIS GROUP HOLDINGS INC) - Thanks for the question and using MS Q&A platform.

    Regarding the email which you have received, it's a general information: Microsoft Azure sent an email notifying that the public IP address range for the Azure Databricks control plane will be updated on 30 May 2024.

    If you use a firewall or proxy appliance, you may need to take action to update your access rules to include the new IP addresses by 30 May 2024.

    If you don't use a firewall or proxy appliance, you won't be affected by this change and don't need to take any action.

    User's image

    This error message indicates that there is a deny assignment in place that is preventing you from creating this security rule.

    By default this is an excepted behaviour: The deny assignment is created by Azure Databricks and it is designed to prevent users from making changes that could potentially compromise the security of the workspace. In this case, it seems that the deny assignment is preventing you from creating the security rule that you need.

    User's image

    To resolve this issue, you will need to open a support ticket and request that they modify the deny assignment to allow you to create the security rule.

    Alternatively, you can enable VNET for your Azure Databricks workspace, which will allow you to create the security rule without any issues.

    Hope this helps. Do let us know if you any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.