Azure Cosmos DB

Have feedback for Azure Cosmos DB product? Submit your idea here or upvote other ideas. All feedback is monitored and reviewed by the Azure Cosmos DB team. 

This site is for feature suggestions only. For technical questions or issues, please submit them to StackOverflow,where we and the community can better help you.

Please use the following categories when submitting your idea.

SQL API: Query language features, syntax using SQL API, indexing, any other core features in Azure Cosmos DB.

Gremlin API: Graph features and capabilities using Gremlin API.

Cassandra API: Features and capabilities using Cassandra API.

MongoDB API: Features and capabilities using MongoDB API.

Table API: Features and capabilities using Table API.

Etcd API: Features related to using etcd as a configuration store for Kubernetes.

Azure Synapse Link: Features related to Azure Cosmos DBanalytical store and Azure Synapse Analytics run-time support

Built-in Notebooks: Features related to built-in Notebooks in Azure Cosmos DB.

SDK: Features related to Azure Cosmos DB SDKs for SQL API.

Change Feed: Features related to Change Feed.

Management: All management features, backup/restore,monitoring, ARM, PowerShell and CLI.

Portal: All features for Azure Portal and Cosmos DB Explorer.

Emulator: Features related to the Azure Cosmos Emulator.

Other: Features not related to any other category.

Security:
Authentication, authorization,permissions and encryption features.

Monitoring:
Metrics, monitoring, alerts,and diagnostics features.

Server-side: Stored procedures, Triggers,and User-Defined Functions.
  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Please disable weak ciphers suites in *.documents.azure.com for TLS 1.2

    Please disable weak ciphers suites in *.documents.azure.com for TLS 1.2. I know we can disable the lower TLS versions but with TLS 1.2 weak ciphers are still enabled and when the client is not in our control (browser client accessing Cosmos DB using the read-only key) its a security risk.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Query data through the portal without showing keys

    We want our developers to see information in the cosmosdb when using data explorer in the portal. Unfortunately the roles to provied that option gives also read access to the keys. We don't want that our developers can see the keys.

    From what I can see, the Cosmos DB Account Reader only gives access to the “Read-Only Keys”. Without this access, even with all the other rights, the “Cosmos DB Account Reader” wouldn’t be able to see the information in the Data Explorer pane.

    I tested this by creating a custom RBAC role copy of the Cosmos DB Account Reader…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Userinfo for audit RU changes

    There is not currently audit RU changes to determine the userinfo. If an unauthorized user makes a change in CosmosDB RUs, it is impossible to make the audit.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    We have not yet documented this but this capability is now available. Customers can now audit changes to throughput changes in Cosmos DB.

    Here are the steps…

    1. Create and deploy an Azure Policy with an audit action on the throughput resource with a scope of the database account.

    2. Validate the service principals who should have access to the Cosmos account have proper RBAC roles.

    WARNING: This next step will prevent anyone with keys from changing throughput or making any change to Cosmos resources. If your applications using our SDK’s update throughput or make any other change to your Cosmos resources this will break. Unfortunately there is no way to provide this functionality without doing this next step.

    3. Next update the Cosmos account and set disableKeyBasedMetadataWriteAccess property to true. Can do this via ARM template or Azure Management Library. AML samples for Cosmos DB are here, https://github.com/Azure-Samples/cosmos-management-net

  • Don't see your idea?

Feedback and Knowledge Base