Use Entra ID Client Authentication and Azure RBAC where possible
Why This Matters
Token-based authentication for Azure Cosmos DB requires persistent secrets stored on the client side, which increases the risk of credential exposure and complicates security management. By switching to Entra ID authentication with Azure RBAC, you eliminate stored credentials, enable multi-factor authentication, and centralize access control across all Azure resources. This significantly reduces the attack surface and aligns with security best practices for identity management.
What Aether365 Checks
Aether365 verifies that your Azure Cosmos DB accounts are configured to use Entra ID client authentication and Azure RBAC instead of token-based authentication. This check appears in the Aether365 dashboard under azure-cosmosdb checks as "Use Entra ID Client Authentication and Azure RBAC where possible" (AZURE.118).