Add Support for Service Tags to Azure Cosmos DB Firewalls
At the moment CosmosDB firewall rules are restricted to IP addresses or ranges. 0.0.0.0 is too permissive and permits access from other Azure users Subscriptions. It would be beneficial if it were possible to use Service tags in security rule definition to reduce the complexity of the Cosmodb firewall configuration in the manner available to Virtual Networks, Firewall or NSGs.
It is impractical to download the list of Microsoft Azure Datacenter IPs to check and update firewall rules.
Michael, if you have further feedback please let us know by emailing us at firstname.lastname@example.org.
Will close this item.