Description

Azure will be performing necessary security maintenance to comply with updated TLS standards. What’s Changing During this maintenance: - TLS 1.0 and TLS 1.1 will be disabled for database connectivity. - All connections to Hive Metastore (HMS) must use TLS 1.2 going forward. - Databricks Runtime (DBR) versions 9.1 and later already use TLS 1.2 and are not affected. - Customers using DBR versions prior to 9.1 must upgrade or open a support ticket for guidance. If you currently reference Hive Metastore IP addresses directly in user-defined routes or firewalls, you must update your configuration before the maintenance window, following the instructions below. Failure to update these rules will result in Hive Metastore access failures and service outages (e.g., job failures, cluster start failures). Maintenance Window The migration will occur between 17:00 UTC and 19:00 UTC on March 13, 2026. Each region will experience a brief service interruption of approximately 5 minutes during this window. Action Required (must be completed prior to March 13, 2026) If your environment uses hard-coded Hive Metastore IP addresses: 1. Recommended: Update your user-defined routes or firewall rules (https://learn.microsoft.com/en-us/azure/databricks/security/network/classic/udr#azure-service-tags) to use the Azure SQL service tag instead of static HMS IP addresses. This ensures future IP changes do not cause outages. 2. If your security policy does not allow service tags: Add the reserved IP ranges (https://community.databricks.com/t5/product-platform-updates/ip-cidr-for-azure-databricks-hive-metastore/ba-p/133401) for Hive Metastore to your routing or firewall rules. If supported, you may also allow the HMS FQDNs provided in the same documentation. Customers who already allow Azure service tags or FQDN-based rules do not need to take further action and will not experience disruption to running jobs. These actions must be completed by March 13, 2026. If the maintenance is rescheduled, the same configuration changes will still be required prior to the revised window to prevent service disruption.  If you are unable to use Service Tags or FQDN, open a support request, and we will work with you. During this maintenance period, the following capabilities may be temporarily unavailable: - Workspace authentication requests may fail or timeout. - Cluster start/resize/termination requests may fail or time out. - Jobs relying on cluster start/resize/termination may not execute. - Jobs submitted through APIs/Schedulers may not execute. - UI and Databricks SQL queries may time out. - Users may experience failures launching Databricks SQL Serverless - Warehouses. - Users may not be able to access UC APIs. - Mosaic AI Model Serving and AI/BI Dashboard may be impacted.

Components

AI/BI, Compute, Databricks SQL, Lakeflow, Notebooks, Unity Catalog

Locations

Switzerland West

Schedule

March 13, 2026 17:00 - 19:00 UTC

Description

Azure will be performing necessary security maintenance to comply with updated TLS standards. What’s Changing During this maintenance: - TLS 1.0 and TLS 1.1 will be disabled for database connectivity. - All connections to Hive Metastore (HMS) must use TLS 1.2 going forward. - Databricks Runtime (DBR) versions 9.1 and later already use TLS 1.2 and are not affected. - Customers using DBR versions prior to 9.1 must upgrade or open a support ticket for guidance. If you currently reference Hive Metastore IP addresses directly in user-defined routes or firewalls, you must update your configuration before the maintenance window, following the instructions below. Failure to update these rules will result in Hive Metastore access failures and service outages (e.g., job failures, cluster start failures). Maintenance Window The migration will occur between 17:00 UTC and 19:00 UTC on March 13, 2026. Each region will experience a brief service interruption of approximately 5 minutes during this window. Action Required (must be completed prior to March 13, 2026) If your environment uses hard-coded Hive Metastore IP addresses: 1. Recommended: Update your user-defined routes or firewall rules (https://learn.microsoft.com/en-us/azure/databricks/security/network/classic/udr#azure-service-tags) to use the Azure SQL service tag instead of static HMS IP addresses. This ensures future IP changes do not cause outages. 2. If your security policy does not allow service tags: Add the reserved IP ranges (https://community.databricks.com/t5/product-platform-updates/ip-cidr-for-azure-databricks-hive-metastore/ba-p/133401) for Hive Metastore to your routing or firewall rules. If supported, you may also allow the HMS FQDNs provided in the same documentation. Customers who already allow Azure service tags or FQDN-based rules do not need to take further action and will not experience disruption to running jobs. These actions must be completed by March 13, 2026. If the maintenance is rescheduled, the same configuration changes will still be required prior to the revised window to prevent service disruption.  If you are unable to use Service Tags or FQDN, open a support request, and we will work with you. During this maintenance period, the following capabilities may be temporarily unavailable: - Workspace authentication requests may fail or timeout. - Cluster start/resize/termination requests may fail or time out. - Jobs relying on cluster start/resize/termination may not execute. - Jobs submitted through APIs/Schedulers may not execute. - UI and Databricks SQL queries may time out. - Users may experience failures launching Databricks SQL Serverless - Warehouses. - Users may not be able to access UC APIs. - Mosaic AI Model Serving and AI/BI Dashboard may be impacted.

Components

AI/BI, Compute, Databricks Apps, Databricks SQL, Lakeflow, Mosaic AI, Notebooks, Unity Catalog

Locations

Switzerland North

Schedule

March 13, 2026 17:00 - 19:00 UTC