Databricks recommends not to use mount points in a production setup for security reasons. These setup instructions here are provided as a quick solution for quickstart environments.
- Search for "Microsoft Entra ID" in the Azure portal and select the corresponding service.
- Select "Manage > App registrations" and list "All applications".
- Add a new app registration, Account type "Single tenant", e.g. named "DatabricksEntraIdApp".
- Select "Manage > Certificates & secrets".
- Add new client secret to the app.
- Copy and temporarily store the secret value. It will be displayed only right after the creation of the client secret.
- Get "Application (client) ID" and "Directory (tenant) Id" of the app. See Overview.
- Create an Azure Key Vault.
- Add role "Key Vault Administrator" to your user.
- Add secrets, see keys in the notebook.
- Add Role "Key Vault Administrator" to app "AzureDatabricks".
- Add Secret Scope in Databricks via https://YOUR-DATABRICKS-HOST/#secrets/createScope, get DNS Name (Vault URI) and Resource ID from the Azure Key Vault properties.
- Add the created Microsoft Entra ID app as "Storage Blob Data Contributor" to the container(s).
- Change the name of the storage account and the list of the containers in the notebook.