Provisioning Azure AD Applications and Service Principal for Data Access in Databricks Spark Jobs

Correct Answer: D Option D is correct.

The process of creating Azure AD application and Service principal using that service principal to mount or directly access data in an ADLS Gen2 storage account consists of the following consequent steps:

Create an Azure AD app that will create an associate service principal required to access the storage account.

Create an Azure Key Vault-backed secret scope that will store the client secret associated with the Azure AD app.

Save the client secret associated with the Azure AD app in the Azure Key Vault.

Assign roles to the application to provide the service principal with the required permissions to access the ADLS Gen2 account.

Reference:

The correct sequence to provision Azure AD applications and Service principal to direct access data in ADLS gen2 account to process data in Databricks Spark jobs is as follows:

1. Create an Azure AD app that will create an associate service principal required to access the storage account. This step involves creating an Azure AD app and associating it with a service principal that will be used to access the ADLS Gen2 storage account. The service principal is an identity that can be used to authenticate and access the storage account.

2. Create an Azure Key Vault-backed secret scope that will store the client secret associated with the Azure AD app. This step involves creating a secret scope in Azure Databricks that will be used to securely store the client secret associated with the Azure AD app. The secret scope will be backed by an Azure Key Vault that will store the secret securely.

3. Save the client secret associated with the Azure AD app in the Azure Key Vault. This step involves saving the client secret associated with the Azure AD app in the Azure Key Vault-backed secret scope that was created in step 2. This will ensure that the client secret is securely stored and can be accessed by the Databricks Spark jobs.

4. Assign roles to the application to provide the service principal with the required permissions to access the ADLS Gen2 account. This step involves assigning the necessary roles to the Azure AD app and service principal to provide them with the required permissions to access the ADLS Gen2 account. The roles will define the level of access that the service principal has to the storage account.

5. Authenticate and access the ADLS Gen2 through a mount point. This step involves authenticating and accessing the ADLS Gen2 storage account through a mount point in Azure Databricks. The mount point provides a convenient way to access the storage account without having to manually specify the storage account credentials in the Databricks Spark jobs.

6. Use Databricks CLI to access the ADLS Gen2 storage account. This step involves using the Databricks CLI to access the ADLS Gen2 storage account. The CLI provides a command-line interface that can be used to interact with the storage account and perform various operations such as uploading and downloading data.

Therefore, the correct sequence of tasks to accomplish the objective is option B: 3 > 2 > 1 > 4.