I had an answer from Microsoft Support, it's not possible to connect to an Azure Data Lake store account with firewall enabled in a Non-managed VNET and they're not planned to support this.
Connect to storage account using private endpoint from a Notebook attached to a spark pool in Azure Synapse Analytics in a custom vNet
Hello
We are trying to connect to a storage account using private endpoint from a Notebook attached to a spark pool on Synapse.
Here are some key points of our configuration:
- We are NOT using the managed VNET and managed private endpoints features from Synapse. Our client requirements is to use a custom vNet.
- We created a private endpoint for the subresource "dfs" of the storage account, and configured the private DNS zone accordingly.
- We also create private endpoints for subresources "Dev" and "SqlOnDemand" for Synapse (we are not using dedicated pool), private DNS zones and in the same vNet too.
- We checked the DNS resolution, it's resolving the name privately.
- It's working when the storage account is set to : "Enabled from all networks"
- All components (synapse workspace, storage account, vnet are on the same subscription, same resource group and same location)
Below a diagram on what we are trying to achieve:
When we set the storage account to : "Enabled from selected virtual networks and IP adresses" with the configuration below:
We get this error message: Caused by: Operation failed: "This request is not authorized to perform this operation.", 403, GET,
So the question behind is: is it possible to reach a storage account from a spark pool using custom private endpoints in a custom vNET?