Update ADLS access instructions for private endpoints#2691
Update ADLS access instructions for private endpoints#2691sarathsasidharan wants to merge 1 commit intoMicrosoftDocs:mainfrom
Conversation
Clarified requirements for accessing ADLS storage accounts behind private endpoints. Added statements which make it clear that if storage is public then there is no additional setup required , if this is private then additonal setup is required to get this to work
|
@sarathsasidharan : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
|
Learn Build status updates of commit ef3c075: ✅ Validation status: passed
For more details, please refer to the build report. |
There was a problem hiding this comment.
Pull request overview
Updates the Azure Databricks private endpoint mirroring documentation to clarify when extra configuration is needed to access Azure Data Lake Storage (ADLS) from a Databricks workspace, depending on whether the storage account is publicly accessible or private.
Changes:
- Adds guidance stating no extra setup is needed when the ADLS storage account is public.
- Adds guidance indicating additional configuration is needed when the ADLS storage account is behind a private endpoint, with a link to the relevant setup section.
| The virtual network data gateway securely routes traffic between the mirrored Azure Databricks catalog item and the Azure Databricks workspace. It uses a private endpoint within your virtual network and Azure backbone connectivity. This architecture ensures that all communication remains isolated within private IP spaces and avoids public network exposure. For more information, see [What is a virtual network (VNet) data gateway?](/data-integration/vnet/overview) | ||
|
|
||
| You can also connect to your ADLS storage accounts that are behind a private endpoint. For more information, see [Enable network security access for your Azure Data Lake Storage Gen2 account](azure-databricks-tutorial.md#enable-network-security-access-for-your-azure-data-lake-storage-gen2-account). | ||
| There is no additonal setup required if the ADLS storage account being used by the databricks workspace is public. |
There was a problem hiding this comment.
This sentence uses unclear/colloquial wording ("is public") and inconsistent capitalization ("databricks"). Consider rephrasing in second person and specifying what “public” means (for example, public network access enabled vs. behind a private endpoint) to avoid ambiguity.
| There is no additonal setup required if the ADLS storage account being used by the databricks workspace is public. | |
| You don't need any additional setup if the ADLS storage account used by your Azure Databricks workspace allows public network access and isn't restricted to private endpoints. |
| You can also connect to your ADLS storage accounts that are behind a private endpoint. For more information, see [Enable network security access for your Azure Data Lake Storage Gen2 account](azure-databricks-tutorial.md#enable-network-security-access-for-your-azure-data-lake-storage-gen2-account). | ||
| There is no additonal setup required if the ADLS storage account being used by the databricks workspace is public. | ||
|
|
||
| For ADLS storage accounts which are behind a private endpoint you will need to setup trusted access to get access to the data. For more information, see [Enable network security access for your Azure Data Lake Storage Gen2 account](azure-databricks-tutorial.md#enable-network-security-access-for-your-azure-data-lake-storage-gen2-account). |
There was a problem hiding this comment.
Wording/terminology: "setup" should be "set up" (verb), remove the extra double-space, and align "trusted access" with the established term "Trusted workspace access" used in the linked guidance. Also avoid the repeated phrase "get access to get access" for readability.
| For ADLS storage accounts which are behind a private endpoint you will need to setup trusted access to get access to the data. For more information, see [Enable network security access for your Azure Data Lake Storage Gen2 account](azure-databricks-tutorial.md#enable-network-security-access-for-your-azure-data-lake-storage-gen2-account). | |
| For ADLS storage accounts that are behind a private endpoint, you need to set up Trusted workspace access to access the data. For more information, see [Enable network security access for your Azure Data Lake Storage Gen2 account](azure-databricks-tutorial.md#enable-network-security-access-for-your-azure-data-lake-storage-gen2-account). |
| The virtual network data gateway securely routes traffic between the mirrored Azure Databricks catalog item and the Azure Databricks workspace. It uses a private endpoint within your virtual network and Azure backbone connectivity. This architecture ensures that all communication remains isolated within private IP spaces and avoids public network exposure. For more information, see [What is a virtual network (VNet) data gateway?](/data-integration/vnet/overview) | ||
|
|
||
| You can also connect to your ADLS storage accounts that are behind a private endpoint. For more information, see [Enable network security access for your Azure Data Lake Storage Gen2 account](azure-databricks-tutorial.md#enable-network-security-access-for-your-azure-data-lake-storage-gen2-account). | ||
| There is no additonal setup required if the ADLS storage account being used by the databricks workspace is public. |
There was a problem hiding this comment.
Spelling: "additonal" should be "additional".
| There is no additonal setup required if the ADLS storage account being used by the databricks workspace is public. | |
| There is no additional setup required if the ADLS storage account being used by the databricks workspace is public. |
|
@sarathsasidharan This pull request was opened in the public repo. PMs should work in the private repo, per the Microsoft Docs contributor guide. We can keep this PR open for review and merge, but would you make future content updates in the private repo? Thank you! Can you review the proposed changes? IMPORTANT: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
|
@sarathsasidharan please review Copilot's suggestions, especially the typo fix. |
|
This pull request has been inactive for 14 days, and an |
Clarified requirements for accessing ADLS storage accounts behind private endpoints. Added statements which make it clear that if storage is public then there is no additional setup required , if this is private then additonal setup is required to get this to work
Thank you for contributing to Microsoft Fabric documentation
Fill out these items before submitting your pull request:
If you are working internally at Microsoft:
Provide a link to an Azure DevOps Boards work item that tracks this feature/update.
Who is your primary Skilling team contact? @mention them individually tag them and let them review the PR before signing off.
For internal Microsoft contributors, check off these quality control items as you go
1. Check the Acrolinx report: Make sure your Acrolinx Total score is above 80 minimum (higher is better) and with no spelling issues. Acrolinx ensures we are providing consistent terminology and using an appropriate voice and tone, and helps with localization.
2. Successful build with no warnings or suggestions: Review the build status to make sure all files are green (Succeeded).
3. Preview the pages:: Click each Preview URL link to view the rendered HTML pages on the review.learn.microsoft.com site to check the formatting and alignment of the page. Scan the page for overall formatting, and look at the parts you edited in detail.
4. Check the Table of Contents: If you are adding a new markdown file, make sure it is linked from the table of contents.
5. #sign-off to request PR review and merge: Once the pull request is finalized and ready to be merged, indicate so by typing
#sign-offin a new comment in the Pull Request. If you need to cancel that sign-off, type#hold-offinstead. Signing off means the document can be published at any time. Note, this is a formatting and standards review, not a technical review.Merge and publish
#sign-off, there is a separate PR Review team that will review the PR and describe any necessary feedback before merging.#sign-offagain. The PR Review team reviews and merges the pull request into the specified branch (usually the main branch or a release- branch).