Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Severity : Critical

Description : Microsoft Azure Cosmos DB accounts should not be accessible from internet and only be accessed from within a VNET.

Remediation Steps : Modify firewall and the virtual network configuration for your Cosmos DB accounts to provide access to selected networks.

Description: This control ensures that Microsoft Azure Cosmos DB accounts should not be accessible from internet other the allowed IPs/IP Ranges. firewall and the virtual network configuration protecting CosmoDB accounts must not allow policy with 0.0.0.0 and should provide access to selected networks.

Remediation Steps:

Perform following to update App Service configuration:

  1. Login to Azure Portal using https://portal.azure.com.

  2. Go to Azure Cosmos DB.

  3. Go to Firewall and virtual networks under Settings.

  4. Click on Selected networks.

  5. Add specific IP address in firewall. Remove 0.0.0.0 if exist.

  6. Click Save.

Important:

Reference:

  • No labels