![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 8%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
Azure Databricks
An Apache Spark-based analytics platform optimized for Azure.
2,551 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 9%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
@Gaikwad, Ashwini Welcome to Microsoft Q&A forum and thanks for reaching out here.
After going through the below documentation my understanding is that when an organization has multiple workspaces, Databricks recommends having one workspace (a private web auth workspace that you create in the same region as your Azure Databricks workspaces) for the AAD, whose purpose is no other than authentication. Its only purpose is hosting the browser authentication private endpoint connection from a specific transit VNet to your actual production Azure Databricks workspaces in that region.
It is important to understand that a properly configured network configuration is exactly one browser authentication private endpoint for each Azure Databricks region for each private DNS zone. The browser authentication private endpoint configures private web authentication for all Private Link workspaces in the region that share the same private DNS zone.
As you are using Custom DNS, I would highly encourage you to please reach out to your Azure Databricks representative for a detailed discussion about the implementation.
Source article: Enable Azure Private Link as a standard deployment
Hope this info helps.
Thank you