Share via

Azure Databricks Serverless IPs

Josue Gonzalez 170 Reputation points
2025-07-31T00:28:42.8+00:00

I'm looking for the list of IP addresses used by Azure Databricks Serverless so I can whitelist them in Azure Firewall to allow access to our internal applications. I've already whitelisted the West US region IPs mentioned in https://learn.microsoft.com/en-us/azure/databricks/resources/ip-domain-region, but it didn't work.

I also checked https://www.microsoft.com/en-my/download/details.aspx?id=56519&msockid=35acd442551c688128a3c24454bb69c3 but there are 100s of IPs in that list and would be hard to manage.

Azure Databricks
Azure Databricks

An Apache Spark-based analytics platform optimized for Azure.

Answer accepted by question author

Anonymous
2025-07-31T10:34:24.43+00:00

Hello Josue Gonzalez,

Thanks for reaching out on Microsoft Q&A!

Instead of manually tracking hundreds of IPs, you can configure your firewall to recognize a service tag called AzureDatabricks.

Service tag as a label that represents all the IPs used by a specific Azure service. Azure maintains it automatically, so it always reflects the correct, up-to-date ranges for that service.

In this case, AzureDatabricks includes both control and data plane IPs, and ensures that Databricks workloads can reach your internal apps without needing you to update anything manually.

Follow the steps to configure your firewall to allow traffic from Databricks Serverless:

Open Azure Portal:

Navigate to your Azure Firewall resource

Create a Network Rule Collection:

  • Name: Allow-Databricks-Outbound
  • Priority: 200 (make sure this is higher than any deny rules)
  • Action: Allow

Add a Rule to the Collection:

  • Rule name: DatabricksToInternalApps
  • Protocol: TCP or Any
  • Source type: Service Tag
  • Source: AzureDatabricks
  • Destination type: IP Address
  • Destination: your internal app IP range (e.g., 10.0.5.4/32)
  • Port: your app’s port (e.g., 443 or 8443)

Save and Apply:

Make sure this rule is placed above any conflicting deny rules, so it takes precedence.

Verify the connectivity:

Enable diagnostics on Azure Firewall and check NetworkRuleLog in Azure Monitor.

Test connectivity directly from Databricks:

%sh
curl -v https://10.0.5.4:8443/healthcheck

You should see a 200 OK response or whatever your app normally returns.

Please refer this Microsoft document for more details on service tags:

https://learn.microsoft.com/en-us/azure/firewall/service-tags

Hope this helps. Let me know if you have any further questions or need additional assistance. Also, if these answers your query, do click the "Upvote" and click "Accept the answer" of which might be beneficial to other community members reading this thread.

Thanks,

Kalyani

Was this answer helpful?

1 person found this answer helpful.
0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.