Microsoft DocumentDB

Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes
Asset Inventory
Design Guidance:
Tag resources, resource groups, and subscriptions for logical organization - Azure Resource Manager
docsmsft
Microsoft.DocumentDB/databaseAccounts
Kind
​Azure Resource Manager​
​Terraform​
Location
​Azure Resource Manager​
​Terraform​
Name
​Azure Resource Manager​
​Terraform​
Tags
​Azure Resource Manager​
​Terraform​
Design for High Availability
Microsoft.DocumentDB/databaseAccounts
Backup Policy-Type
​Azure Resource Manager​
​Terraform​
Enable Automatic Failover
​Azure Resource Manager​
​Terraform​
Locations
​Azure Resource Manager​
​Terraform​
Locations-Is Zone Redundant
​Azure Resource Manager​
​Terraform​
Autoscale Settings-Max Throughput
​Azure Resource Manager​
​Terraform​
Locations-Failover Priority
​Azure Resource Manager​
​Terraform​
Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces
Autoscale Settings-Max Throughput
​Azure Resource Manager​
Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/tables
Autoscale Settings-Max Throughput
​Azure Resource Manager​
Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/graphs
Autoscale Settings-Max Throughput
​Azure Resource Manager​
Microsoft.DocumentDB/databaseAccounts/sqlDatabases
Autoscale Settings-Max Throughput
​Azure Resource Manager​
Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers
Autoscale Settings-Max Throughput
​Azure Resource Manager​
Options-Throughput
​Azure Resource Manager​
Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/storedProcedures
Autoscale Settings-Max Throughput
​Azure Resource Manager​
Options-Throughput
​Azure Resource Manager​
CORS Headers
Microsoft.DocumentDB/databaseAccounts
Cors
​Azure Resource Manager​
​Terraform​
Cors-Allowed Headers
​Azure Resource Manager​
​Terraform​
Cors-Allowed Origins
​Azure Resource Manager​
​Terraform​
Cors-Exposed Headers
​Azure Resource Manager​
​Terraform​
Cors-Max Age In Seconds
​Azure Resource Manager​
​Terraform​
Secure Response Headers
Design Guidance:
Azure Cosmos DB Gremlin response headers
docsmsft
Microsoft.DocumentDB/databaseAccounts
Cors-Allowed Methods
​Azure Resource Manager​
​Terraform​
Subnet Isolation
Design Guidance:
Configure virtual network based access for an Azure Cosmos account
docsmsft
Microsoft.DocumentDB/databaseAccounts
Ip Rules-Ip Address Or Range
​Azure Resource Manager​
​Terraform​
Firewalls
Design Guidance:
Configure an IP firewall for your Azure Cosmos DB account
docsmsft
Microsoft.DocumentDB/databaseAccounts
Is Virtual Network Filter Enabled
​Azure Resource Manager​
​Terraform​
Virtual Network Rules
​Azure Resource Manager​
​Terraform​
Virtual Network Rules-Id
​Azure Resource Manager​
​Terraform​
Virtual Network Rules-Ignore Missing Vnet Service Endpoint
​Azure Resource Manager​
​Terraform​
Protect Cryptographic Keys
Design Guidance:
Configure customer-managed keys for your Azure Cosmos DB account
docsmsft
Use Key Vault to store and access Azure Cosmos DB keys
docsmsft
Microsoft.DocumentDB/databaseAccounts
Key Vault Key Uri
​Azure Resource Manager​
​Terraform​
Network Access Points Enforcing Network Access
Microsoft.DocumentDB/databaseAccounts
Public Network Access
​Azure Resource Manager​
​Terraform​
Backups
Microsoft.DocumentDB/databaseAccounts
Periodic Mode Properties-Backup Interval In Minutes
​Azure Resource Manager​
​Terraform​
Periodic Mode Properties-Backup Retention Interval In Hours
​Azure Resource Manager​
​Terraform​

Microsoft Devices

Microsoft EventGrid

Last modified 1yr ago

Kind	Azure Resource Manager	Terraform
Location	Azure Resource Manager	Terraform
Name	Azure Resource Manager	Terraform
Tags	Azure Resource Manager	Terraform

Backup Policy-Type	Azure Resource Manager	Terraform
Enable Automatic Failover	Azure Resource Manager	Terraform
Locations	Azure Resource Manager	Terraform
Locations-Is Zone Redundant	Azure Resource Manager	Terraform
Autoscale Settings-Max Throughput	Azure Resource Manager	Terraform
Locations-Failover Priority	Azure Resource Manager	Terraform

Autoscale Settings-Max Throughput	Azure Resource Manager
Options-Throughput	Azure Resource Manager

Cors	Azure Resource Manager	Terraform
Cors-Allowed Headers	Azure Resource Manager	Terraform
Cors-Allowed Origins	Azure Resource Manager	Terraform
Cors-Exposed Headers	Azure Resource Manager	Terraform
Cors-Max Age In Seconds	Azure Resource Manager	Terraform

Is Virtual Network Filter Enabled	Azure Resource Manager	Terraform
Virtual Network Rules	Azure Resource Manager	Terraform
Virtual Network Rules-Id	Azure Resource Manager	Terraform
Virtual Network Rules-Ignore Missing Vnet Service Endpoint	Azure Resource Manager	Terraform

Periodic Mode Properties-Backup Interval In Minutes	Azure Resource Manager	Terraform
Periodic Mode Properties-Backup Retention Interval In Hours	Azure Resource Manager	Terraform