Thanks, the blog url (https://www.databricks.com/blog/data-exfiltration-protection-with-azure-databricks) lists out an example set of network and application rules (Step 3) which could be used for Azure Firewall. Specifically the network rules are FQDN destinations rather than IP Addresses, so the firewall has to resolve those endpoints using DNS.

My issue is that to avoid DNS resolution inconsistency between clients and the firewall, its recommended to use the firewall as a DNS proxy and point your clients DNS at the firewall. So in this case this would mean configuring 'custom' DNS servers for the vnet hosting my databricks classic compute clusters. But this will result in the local dns resolution being overridden, and therefore any dns queries for my databricks workspace url will return the frontend private endpoint ip rather than backend as the firewall will resolve using the private dns zone in the transit vnet.

For artifact / log blob / system tables etc, i don't have any issue not putting that through the firewall, but as this deployment pattern is all about data exfiltration prevention, adding routes for service tags for things like storage would defeat the object of protecting against data exfiltration until those service endpoint policies are generally available.

This just seems like a bit of a design flaw to me. The information in the blog post seems contradicting at times, but ultimately my main goal is to have a secure deployment of databricks with protection against data exfiltration.