Configure Security for Cosmos DB

In this "Configure Security for Cosmos DB" virtual lab, learners will be introduced to the concept of the creation of Cosmos DB and configuration, testing of the security access, and the database. The technical skills learned in this lab are used in many vital job roles, such as Azure Administrators and Database Administrators.

45 minutes
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »


Today's applications are expected to be extremely responsive and continuously online. Azure Cosmos DB is a distributed, multi-model database assistance that allows users to elastically and separately compute throughput and storage over any number of Azure domains globally. It gives an extensive range of alternatives to secure and preserve the data, regardless of the arrangement.

In this hands-on virtual lab, you will learn how to protect your data from outside and internal threats, whether those threats be malicious or unintentional. Learners will see how an immeasurable pattern combined with the precise configuration can defend the company's most valuable asset: its data.

Understand the Scenario:

Data security is a distributed accountability between Azure Administrator, the client, and the database provider. In this virtual lab, you are an Azure administrator for a company that is migrating its primary web app from its on-premises datacenter to Azure. Your job responsibility is to create and deploy a new Cosmos DB and configure security access, as a proof of concept. You have to deploy the database, then restrict access and test the configuration. You are provided with an Azure resource group named @lab.CloudResourceGroup(1859). Name that contains no resources. You will create the necessary resources to complete the challenge.

Create an Azure Cosmos DB

There are many ways of managing access to the Cosmos database. One is IP address filtering. By default, this is disabled, so any IP address could probably access the database. In this section of the lab, learners will first create the Azure Cosmos DB by creating an Azure Cosmos DB account named cdb11746201 in the @lab.CloudResourceGroup(1859). Name resource group by using the Core (SQL) API. The API defines the kind of account to create. The Azure Cosmos DB gives five APIs. These are Core (SQL) and MongoDB for document data, Gremlin for graph data, Azure Table, and Cassandra. In this challenge, you will use Core(SQL) API. After this, a collection named Items will be created.

Configure security access

After successfully creating the Cosmos DB, the next step is to configure the security access. For this, learners will first open the Firewall and virtual network page. Here, they will learn how to add a new virtual network by configuring various settings such as Address space, Subnet, and Address range. Finally, they will learn how to open the Access control (IAM) page and assign the role of Cosmos DB Account Reader Role to the user

Test access to the Cosmos DB

Finally, learners will learn how to test access to the Cosmos DB. For this, they will again sign in to the Azure portal and navigate to the Cosmos DB account to test and open the Data Explorer. Here they will learn how to select the SQL query and execute the default query. Learners will then replace the existing code with the new code and fire various queries to test the access.

Lab Summary Conclusion

After completing the "Configure Security for Cosmos DB" virtual lab, you will have accomplished the following:

  • Created an Azure Cosmos DB.
  • Configured security access.
  • Tested access to the Cosmos DB