Severity : Critical
Description : Microsoft Azure Cosmos DB accounts should not be accessible from internet and only be accessed from within a VNET.
Remediation Steps : Modify firewall and the virtual network configuration for your Cosmos DB accounts to provide access to selected networks.
Description: This control ensures that Microsoft Azure Cosmos DB accounts should not be accessible from internet other the allowed IPs/IP Ranges. firewall and the virtual network configuration protecting CosmoDB accounts must not allow policy with 0.0.0.0 and should provide access to selected networks.
Remediation Steps:
Perform following to update App Service configuration:
Login to Azure Portal using https://portal.azure.com.
Go to Azure Cosmos DB.
Go to Firewall and virtual networks under Settings.
Click on Selected networks.
Add specific IP address in firewall. Remove 0.0.0.0 if exist.
Click Save.
Important:
Reference: