Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks
Why This Matters
Exposing Azure Cosmos DB to all networks, including the public internet, significantly increases the risk of unauthorized access and data breaches. By restricting network access to only selected, whitelisted networks, you reduce the attack surface and maintain tighter control over which systems can communicate with your database. This is a critical security measure for any organization handling sensitive or regulated data.
What Aether365 Checks
Aether365 verifies that each Azure Cosmos DB account's Networking configuration is set to "Selected Networks" rather than "All Networks". You can view this check in your Aether365 dashboard under the azure-cosmosdb service checks category.
How to Fix
To restrict Cosmos DB network access using the Azure portal: