Ensure That Private Endpoints Are Used Where Possible
Why This Matters
Without private endpoints, Azure Cosmos DB accounts are accessible over public endpoints, which increases the attack surface and exposes sensitive data to potential unauthorized access. Private endpoints ensure that traffic to your Cosmos DB remains within the Azure backbone network, providing granular control over which services and networks can communicate with the database. This is critical for meeting compliance requirements like CIS and protecting data in transit.
What Aether365 Checks
Aether365 verifies that each Azure Cosmos DB account has at least one private endpoint configured and that public network access is disabled. This check appears in the Aether365 dashboard under the azure-cosmosdb category and flags any account that relies solely on public connectivity.