![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 74%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBA%3C/text%3E%3C/svg%3E)
Azure Machine Learning
An Azure machine learning service for building and deploying models.
Hello Alexander !
Thank you for posting on Microsoft Learn.
Serverless Spark compute in AML cannot access Blob Storage accounts that are locked behind private endpoints or VNet integration, because serverless Spark runs outside your private VNet and doesn't support managed private connectivity.
You can use a VM or cluster with VNet injection can access your private Blob Storage.
You can create a Compute Cluster or Compute Instance and assign it to the same VNet/subnet where your Blob is accessible and then use that for your notebooks instead of serverless Spark if you need private access.
If you must use serverless Spark and the data is non-sensitive or you're okay with temporary exposure, you need to generate a SAS URL with read permissions and then access the blob in Spark like this:
spark.read.format("parquet").load("https://<your-storage-account>.blob.core.windows.net/<container>/<path>?<SAS-token>")
If you control the firewall rules of your Blob Storage, you can enable public access temporarily and allow only Azure Datacenter IP ranges for the region your workspace is in.
Keep in mind that it is not recommended for production environments.
If you're using ADLS Gen2 and your storage supports OAuth access and hierarchical namespace, you can use Azure Active Directory passthrough with identity-based access.
But this only works if your public endpoint is accessible from the Spark environment.