@Andrew Chung - Thanks for the question and using MS Q&A platform.
According to the official documentation: Available service tags, Azure Synapse Analytics Apache Spark pools do not have a service tag. The IP addresses of the Spark pools are not static and can vary widely, as you have observed. Therefore, it is not possible to create a network security group rule that allows traffic from a specific IP address range.
However, you can use the Azure Synapse Analytics workspace's managed private endpoint feature to secure your Spark pools. With managed private endpoints, you can create a private endpoint for your Spark pool that is accessible only from your virtual network. This way, you can restrict access to your Spark pool to only the resources in your virtual network.
For more details, refer to Synapse Managed private endpoints.
Appreciate if you could share the feedback on our feedback channel. Which would be open for the user community to upvote & comment on. This allows our product teams to effectively prioritize your request against our existing feature backlog and gives insight into the potential impact of implementing the suggested feature.
Hope this helps. Do let us know if you any further queries.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.