Azure-CosmosDB-Cosmos-DB-Public-Access-Disabled

Severity : Critical

Description: This control ensures that Microsoft Azure Cosmos DB accounts should not be accessible from internet other the allowed IPs/IP Ranges. firewall and the virtual network configuration protecting CosmoDB accounts must not allow policy with 0.0.0.0 and should provide access to selected networks.

Remediation Steps:

Perform following to update App Service configuration:

1. Login to Azure Portal using https://portal.azure.com.

2. Go to Azure Cosmos DB.

3. Go to Firewall and virtual networks under Settings.

4. Click on Selected networks.

5. Add specific IP address in firewall. Remove 0.0.0.0 if exist.

6. Click Save.

Important:

Reference:

• https://docs.microsoft.com/en-us/azure/cosmos-db/firewall-support

• https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-configure-firewall