AzPolicyAdvertizer

last sync: 2025-Oct-31 18:22:59 UTC

Azure Cosmos DB accounts should not allow traffic from all Azure data centers

Source

Display name

Azure Cosmos DB accounts should not allow traffic from all Azure data centers

12339a85-a25c-4f17-9f82-4766f13f5c4c

Version

Versioning

Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]

Category

Description

Disallow the IP Firewall rule, '0.0.0.0', which allows for all traffic from any Azure data centers. Learn more at https://aka.ms/cosmosdb-firewall

Cloud environments

AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown

Available in AzUSGov

Unknown, no evidence if Policy definition is/not available in AzureUSGovernment

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Audit
Allowed
Audit, Deny, Disabled

RBAC role(s)

none

Rule aliases

IF (3)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.DocumentDB/databaseAccounts/ipRangeFilter	Microsoft.DocumentDB	databaseAccounts	properties.ipRangeFilter	True	False
Microsoft.DocumentDB/databaseAccounts/ipRules[*]	Microsoft.DocumentDB	databaseAccounts	properties.ipRules[*]	True	True
Microsoft.DocumentDB/databaseAccounts/ipRules[*].ipAddressOrRange	Microsoft.DocumentDB	databaseAccounts	properties.ipRules[*].ipAddressOrRange	True	True

Rule resource types

IF (1)

Microsoft.DocumentDB/databaseAccounts

Compliance

Not a Compliance control

Initiatives usage

none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2024-05-17 18:03:56	add	12339a85-a25c-4f17-9f82-4766f13f5c4c

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC