Merge pull request #1192 from MicrosoftDocs/main

1/8/2025 11:00 AM IST Publish

articles/cosmos-db/mongodb/vcore/TOC.yml

@@ -22,8 +22,6 @@
           href: tutorial-nodejs-web-app.md
 - name: Concepts
   items:
-    - name: Autoscale
-      href: autoscale.md
     - name: Free tier
       href: free-tier.md
     - name: Multicloud Solution
@@ -58,6 +56,8 @@
          href: partitioning.md
        - name: Compute and storage
          href: compute-storage.md 
+       - name: Autoscale
+         href: autoscale.md
        - name: Burstable tier
          href: burstable-tier.md
     - name: Indexing
@@ -112,12 +112,14 @@
           href: how-to-create-wildcard-indexes.md
         - name: Search and query text
           href: how-to-create-text-index.md
-    - name: Scale cluster
-      href: how-to-scale-cluster.md
-    - name: Upgrade cluster
-      href: how-to-upgrade-cluster.md
-    - name: Restore cluster
-      href: how-to-restore-cluster.md
+    - name: Manage cluster
+      items:
+      - name: Scale cluster
+        href: how-to-scale-cluster.md
+      - name: Upgrade cluster
+        href: how-to-upgrade-cluster.md
+      - name: Restore cluster
+        href: how-to-restore-cluster.md
     - name: Replication
       items:
       - name: Manage replication
@@ -132,10 +134,14 @@
         href: monitor-metrics.md
       - name: Monitor diagnostics logs
         href: how-to-monitor-diagnostics-logs.md
-    - name: Use Azure Private Link
-      href: how-to-private-link.md
-    - name: Create secondary users
-      href: secondary-users.md
+    - name: Security and data access
+      items:
+      - name: Manage private access
+        href: how-to-private-link.md
+      - name: Manage public access
+        href: how-to-public-access.md
+      - name: Create secondary users
+        href: secondary-users.md
 - name: Reference
   items:
     - name: Commands

articles/cosmos-db/mongodb/vcore/how-to-private-link.md

@@ -1,5 +1,5 @@
 ---
-title: Use Azure Private Link
+title: Use Azure Private Link with Azure Cosmos DB for MongoDB vCore
 titleSuffix: Azure Cosmos DB for MongoDB vCore
 description: Use Azure Private Link to connect to Azure Cosmos DB for MongoDB vCore over a private endpoint in a virtual network.
 author: khelanmodi
@@ -8,11 +8,11 @@ ms.service: azure-cosmos-db
 ms.subservice: mongodb-vcore
 ms.custom: ignite-2023, devx-track-azurecli
 ms.topic: how-to
-ms.date: 11/01/2023
+ms.date: 01/02/2025
 # CustomerIntent: As a security administrator, I want to use Azure Private Link so that I can ensure that database connections occur over privately-managed virtual network endpoints.
 ---
 
-# Enable Private access in Azure Cosmos DB for MongoDB vCore
+# Enable private access in Azure Cosmos DB for MongoDB vCore
 
 [!INCLUDE[MongoDB vCore](~/reusable-content/ce-skilling/azure/includes/cosmos-db/includes/appliesto-mongodb-vcore.md)]
 
@@ -187,7 +187,7 @@ az network private-link-resource list \
   --type Microsoft.DocumentDB/mongoClusters 
 ```
 
-## Next step
-
-> [!div class="nextstepaction"]
-> [Try Azure Cosmos DB for MongoDB vCore](quickstart-portal.md)
+## Related content
+- [Learn more about database security in Azure Cosmos DB for MongoDB vCore](./security.md)
+- [See guidance on how to enable public access](./how-to-public-access.md)
+- [Migrate to Azure Cosmos DB for MongoDB vCore](./migration-options.md)

articles/cosmos-db/mongodb/vcore/how-to-public-access.md

@@ -0,0 +1,91 @@
+---
+title: Enable and manage public access in Azure Cosmos DB for MongoDB vCore
+titleSuffix: Azure Cosmos DB for MongoDB vCore
+description: Enable public access and manage public access settings for an Azure Cosmos DB for MongoDB vCore cluster.
+author: niklarin
+ms.author: nlarin
+ms.service: azure-cosmos-db
+ms.subservice: mongodb-vcore
+ms.topic: how-to
+ms.date: 01/06/2025
+#Customer Intent: As a database adminstrator, I want to configure public access, so that I can connect to Azure Cosmos DB for MongoDB vCore cluster using public IP address.
+---
+
+# Manage public access on your Azure Cosmos DB for MongoDB vCore cluster
+
+[!INCLUDE[MongoDB vCore](~/reusable-content/ce-skilling/azure/includes/cosmos-db/includes/appliesto-mongodb-vcore.md)]
+
+You can use cluster-level firewall rules to manage public access to an Azure Cosmos DB for MongoDB vCore cluster. Public access can be enabled from a specific IP address or a range of IP addresses on the public Internet.  
+
+## Prerequisites
+
+- An existing Azure Cosmos DB for MongoDB vCore cluster.
+  - If you don't have an Azure subscription, [create an account for free](https://azure.microsoft.com/free).
+  - If you have an existing Azure subscription, [create a new Azure Cosmos DB for MongoDB vCore cluster](quickstart-portal.md).
+
+## Enable public access *during cluster creation* in the Azure portal
+
+> [!NOTE]
+> If no firewall rules are added to your Azure Cosmos DB for MongoDB vCore cluster, public network access to the cluster is disabled. If you don't add any firewall rules or [private endpoints](./how-to-private-link.md) during cluster creation, your cluster is created in a locked-down state. To enable access to a locked-down cluster, you must add firewall rules for public access or create private endpoints for private access after the cluster is created.
+
+To enable public access during cluster creation:
+
+1. [Start cluster creation and complete the **Basics** tab for a new Azure Cosmos DB for MongoDB vCore cluster](./quickstart-portal.md#create-a-cluster).
+1. On the **Networking** tab, select **Public access (allowed IP addresses)** in the **Connectivity method** section to open the firewall rules creation controls. 
+1. To add firewall rules, in the **Firewall rules** section, type in the firewall rule name, start IP v4 address, and end IP v4 address.
+    - To allow a single IP address, enter the same address in both the **Start IP address** and **End IP address** fields.
+
+    :::image type="content" source="media/how-to-public-access/add-firewall-rule-during-cluster-creation.png" alt-text="Screenshot of the firewall rule addition during a new Azure Cosmos DB for MongoDB vCore cluster creation.":::
+
+1. To quickly add your current public IP address (the address of the machine or device from which you’re accessing the Azure portal), select **Add current client IP address**.
+
+    > [!TIP]
+    > Verify your IP address before saving the configuration. In some cases, the IP address detected by the Azure portal may differ from the IP address used when accessing the Internet. To check your actual IP address, use a search engine to find tools like *what is my IP*.
+
+1. To allow cluster access from any IP address on the Internet, select **Add 0.0.0.0 - 255.255.255.255**. Even with this rule in place, users must authenticate with the correct username and password to access the cluster. However, it’s recommended to allow global access only temporarily and for non-production databases.
+
+## Manage existing cluster-level firewall rules through the Azure portal
+
+You can modify firewall rules for an existing cluster through the Azure portal.
+
+To **add** a firewall rule:
+
+1. On the Azure Cosmos DB for MongoDB vCore cluster page, under **Settings**, select **Networking**.
+1. In the **Public access**, in the **Firewall rules** section, type in the firewall rule name, start IP v4 address, and end IP v4 address. 
+    - To allow a single IP address, enter the same address in both the **Start IP address** and **End IP address** fields.
+
+    :::image type="content" source="media/how-to-public-access/firewall-rule-settings-management.png" alt-text="Screenshot of the firewall rule settings management on an Azure Cosmos DB for MongoDB vCore cluster." lightbox="media/how-to-public-access/firewall-rule-settings-management-extended.png":::
+
+1. To quickly add your current public IP address (the address of the machine or device from which you’re accessing the Azure portal), select **Add current client IP address**.
+
+    > [!TIP]
+    > Verify your IP address before saving the configuration. In some cases, the IP address detected by the Azure portal may differ from the IP address used when accessing the Internet. To check your actual IP address, use a search engine to find tools like *what is my IP*.
+    
+1. To allow cluster access from any IP address on the Internet, select **Add 0.0.0.0 - 255.255.255.255**. Even with this rule in place, users must authenticate with the correct username and password to access the cluster. However, it’s recommended to allow global access only temporarily and for non-production databases.
+1. Select **Save** on the toolbar to save the changes in cluster-level firewall rules. Wait for the confirmation that the update was successful.
+
+To **remove** a firewall rule on your cluster, follow these steps:
+1. On the Azure Cosmos DB for MongoDB vCore cluster page, under **Settings**, select **Networking**.
+1. In the **Public access**, in the **Firewall rules** section, locate the firewall rule to delete. 
+1. Select delete icon next to the firewall rule.
+1. Select **Save** on the toolbar to save the changes in cluster-level firewall rules. Wait for the confirmation that the update was successful.
+
+## Connect from Azure
+There's an easy way to grant cluster access to applications hosted on Azure, such as an Azure Web Apps application or those applications running in an Azure VM. 
+
+1. On the portal page for your cluster, under **Networking**, in the **Public access**, select the **Allow Azure services and resources to access this cluster** checkbox.
+1. Select **Save** on the toolbar to save the changes. Wait for the confirmation that the update was successful.
+
+> [!IMPORTANT] 
+> Enabling this option allows connections from any Azure service, including from services and hosts in other customer subscriptions. Ensure your login credentials and user permissions restrict access to authorized users only.
+
+## Disable public access
+To disable public access on a cluster:
+1. On the portal page for your cluster, under **Networking**, in the **Public access**, remove all firewall rules.
+1. Clear the **Allow Azure services and resources to access this cluster** checkbox.
+1. Select **Save** on the toolbar to save the changes. Wait for the confirmation that the update was successful.
+
+## Related content
+- [Learn more about database security in Azure Cosmos DB for MongoDB vCore](./security.md)
+- [See guidance on how to enable private access](./how-to-private-link.md)
+- [Migrate to Azure Cosmos DB for MongoDB vCore](./migration-options.md)

articles/cosmos-db/mongodb/vcore/security.md

@@ -9,7 +9,7 @@ ms.subservice: mongodb-vcore
 ms.custom:
   - ignite-2024
 ms.topic: conceptual
-ms.date: 11/25/2023
+ms.date: 01/06/2025
 ---
 
 # Overview of database security in Azure Cosmos DB for MongoDB vCore
@@ -93,13 +93,14 @@ In the public access option, a public IP address is assigned to the cluster, and
 
 ## Firewall overview
 
-Azure Cosmos DB for MongoDB vCore uses a server-level firewall to prevent all access to your cluster until you specify which computers have permission. The firewall grants access to the cluster based on the originating IP address of each request. To configure your firewall, you create firewall rules that specify ranges of acceptable IP addresses.
+Azure Cosmos DB for MongoDB vCore uses a cluster-level firewall to prevent all access to your cluster until you specify which computers (IP addresses) have permission. The firewall grants access to the cluster based on the originating IP address of each request. To configure your firewall, you [create firewall rules](./how-to-public-access.md) that specify ranges of acceptable IP addresses.
 
-Firewall rules enable clients to access your cluster and all the databases within it. Server-level firewall rules can be configured using the Azure portal or programmatically using Azure tools such as the Azure CLI.
+Firewall rules enable clients to access your cluster and all the databases within it. Cluster-level firewall rules can be configured using the Azure portal or programmatically using Azure tools such as the Azure CLI.
 
-By default, the firewall blocks all access to your cluster. To begin using your cluster from another computer, you need to specify one or more server-level firewall rules to enable access to your cluster. Use the firewall rules to specify which IP address ranges from the Internet to allow. Firewall rules don't affect access to the Azure portal website itself. Connection attempts from the internet and Azure must first pass through the firewall before they can reach your databases. In addition to firewall rules, private link access that can be used for a private IP just for the Azure Cosmos DB for MongoDB vCore cluster.
+By default, the firewall blocks all access to your cluster. To begin using your cluster from another computer, you need to specify one or more cluster-level firewall rules to enable access to your cluster. Use the firewall rules to specify which IP address ranges from the Internet to allow. Firewall rules don't affect access to the Azure portal website itself. Connection attempts from the Internet and Azure must first pass through the firewall before they can reach your databases.
 
-## Next steps
-
-> [!div class="nextstepaction"]
-> [Migrate MongoDB data to Azure Cosmos DB for MongoDB vCore](migration-options.md)
+## Related content
+- [Learn more about database security in Azure Cosmos DB for MongoDB vCore](./security.md)
+- [See guidance on how to enable private access](./how-to-private-link.md)
+- [See guidance on how to enable public access](./how-to-public-access.md)
+- [Migrate to Azure Cosmos DB for MongoDB vCore](./migration-options.md)

articles/postgresql/extensions/concepts-extensions-by-engine.md

@@ -539,8 +539,6 @@ The following extensions are available for the Azure Database for the PostgreSQL
 
 ::: zone-end
 
-[Share your suggestions and bugs with the Azure Database for PostgreSQL product team](https://aka.ms/pgfeedback).
-
 ## Related content
 
 - [How to use extensions](how-to-allow-extensions.md).

articles/postgresql/extensions/concepts-extensions-considerations.md

@@ -268,8 +268,6 @@ Azure Database for PostgreSQL flexible server offers an [in-place major version
 
 The extensions `anon`, `Apache AGE`, `dblink`, `orafce`, `pgaudit`, `postgres_fdw`, and `timescaledb` are unsupported for all Azure Database for PostgreSQL flexible server versions when using in-place major version update feature.
 
-[Share your suggestions and bugs with the Azure Database for PostgreSQL product team](https://aka.ms/pgfeedback).
-
 ## Related content
 
 - [How to use extensions](how-to-allow-extensions.md).

articles/postgresql/extensions/concepts-extensions-versions.md

@@ -16,8 +16,6 @@ The following extensions are available for the Azure Database for the PostgreSQL
 
 [!INCLUDE [extensions-table](includes/extensions-table.md)]
 
-[Share your suggestions and bugs with the Azure Database for PostgreSQL product team](https://aka.ms/pgfeedback).
-
 ## Related content
 
 - [How to use extensions](how-to-allow-extensions.md).

articles/postgresql/extensions/how-to-allow-extensions.md

@@ -171,8 +171,6 @@ This error occurs when the user that runs a `CREATE EXTENSION` command isn't a m
 
 This error occurs when the user that runs a `DROP EXTENSION` command isn't a member of `azure_pg_admin` role.
 
-[Share your suggestions and bugs with the Azure Database for PostgreSQL product team](https://aka.ms/pgfeedback).
-
 ## Related content
 
 - [How to use extensions](how-to-allow-extensions.md).

articles/postgresql/flexible-server/azure-local-ai.md

@@ -42,8 +42,6 @@ This preview feature is also only available for newly deployed Azure Database fo
 > [!IMPORTANT]
 > The `azure_local_ai` extension is currently in preview. Microsoft's Open-source AI models for installation through the Azure Local AI extension are deemed Non-Microsoft Products under the Microsoft Product Terms. Customer's use of open-source AI models is governed by the separate license terms provided in product documentation associated with such models made available through the azure_local_ai extension. [Supplemental Terms of Use: Limited Access AI Services (Previews)](https://azure.microsoft.com/support/legal/preview-supplemental-terms/)
 
-[Share your suggestions and bugs with the Azure Database for PostgreSQL product team](https://aka.ms/pgfeedback).
-
 ## Related content
 
 - [Enable and use azure_local_ai extension](generative-ai-azure-local-ai.md).

articles/postgresql/flexible-server/azure-pipelines-deploy-database-task.md

@@ -93,8 +93,6 @@ You can see the full list of all the task inputs when using Azure CLI task with
 
 Having issues with CLI Task, see [how to troubleshoot Build and Release](/azure/devops/pipelines/troubleshooting/troubleshooting).
 
-[Share your suggestions and bugs with the Azure Database for PostgreSQL product team](https://aka.ms/pgfeedback).
-
 ## Related content
 
 - [Azure Resource Group Deployment](/azure/devops/pipelines/tasks/deploy/azure-resource-group-deployment).

articles/postgresql/flexible-server/concepts-audit.md

@@ -97,8 +97,6 @@ AzureDiagnostics
 | where Message contains "AUDIT:"
 ```
 
-[Share your suggestions and bugs with the Azure Database for PostgreSQL product team](https://aka.ms/pgfeedback).
-
 ## Related content
 
 - [Logging in Azure Database for PostgreSQL - Flexible Server](concepts-logging.md).

articles/postgresql/flexible-server/concepts-azure-ad-authentication.md

@@ -139,8 +139,6 @@ To configure Microsoft Entra ID with Azure Database for PostgreSQL flexible serv
 
   User tokens are valid for up to 1 hour. Tokens for system-assigned managed identities are valid for up to 24 hours.
 
-[Share your suggestions and bugs with the Azure Database for PostgreSQL product team](https://aka.ms/pgfeedback).
-
 ## Related content
 
 - [Use Microsoft Entra ID in Azure Database for PostgreSQL - Flexible Server](how-to-configure-sign-in-azure-ad-authentication.md).

articles/postgresql/flexible-server/concepts-azure-advisor-recommendations.md

@@ -31,8 +31,6 @@ Azure Database for PostgreSQL flexible server prioritizes the following type of
 * **Daily schedule**: For Azure Database for PostgreSQL flexible server databases, we review server telemetry and issue recommendations daily. If you make changes to your server configuration, the existing recommendations will remain visible until we re-evaluate the recommendation the following day, approximately 24 hours later.
 * **Performance history**: Some of our recommendations are based on performance history. These recommendations will only appear after a server has been operating with the same configuration for 7 days. This allows us to detect patterns of heavy usage (e.g., high CPU activity or high connection volume) over a sustained period. If you provisioned a new server or change to a new vCore configuration, these recommendations are paused temporarily. This prevents legacy telemetry from triggering recommendations on a newly reconfigured server. However, this also means that performance history-based recommendations may not be identified immediately.
 
-[Share your suggestions and bugs with the Azure Database for PostgreSQL product team](https://aka.ms/pgfeedback).
-
 ## Related content
 
 - [Azure Advisor Overview](/azure/advisor/advisor-overview).

articles/postgresql/flexible-server/concepts-backup-restore.md

@@ -343,8 +343,6 @@ For more information about performing a long term backup, visit the [how-to guid
 
     Currently, there's no way to track the restore operation. You can monitor the activity log to see if the operation is in progress or complete.
 
-[Share your suggestions and bugs with the Azure Database for PostgreSQL product team](https://aka.ms/pgfeedback).
-
 ## Related content
 
 - [Overview of business continuity with Azure Database for PostgreSQL - Flexible Server](concepts-business-continuity.md).

articles/postgresql/flexible-server/concepts-business-continuity.md

@@ -110,8 +110,6 @@ Below are some unplanned failure scenarios and the recovery process.
 > [!IMPORTANT]
 > Deleted servers can be restored. If you delete the server, you can follow our guidance [Restore a dropped Azure database - Azure Database for PostgreSQL - Flexible Server](how-to-restore-dropped-server.md) to recover. Use Azure resource lock to help prevent accidental deletion of your server.
 
-[Share your suggestions and bugs with the Azure Database for PostgreSQL product team](https://aka.ms/pgfeedback).
-
 ## Related content
 
 - [High availability in Azure Database for PostgreSQL - Flexible Server](/azure/reliability/reliability-postgresql-flexible-server).

articles/postgresql/flexible-server/concepts-compare-single-server-flexible-server.md

@@ -126,8 +126,6 @@ The following table provides a list of high-level features and capabilities comp
 | Major version upgrades support | No | Yes |
 | Minor version upgrades | Yes. Automatic during maintenance window | Yes. Automatic during maintenance window |
 
-[Share your suggestions and bugs with the Azure Database for PostgreSQL product team](https://aka.ms/pgfeedback).
-
 ## Related content
 
 - [Compute options in Azure Database for PostgreSQL - Flexible Server](concepts-compute.md).