General availability: Azure Cosmos DB Virtual Network Service Endpoints
Published date: May 09, 2018
Virtual Network Service Endpoints for Azure Cosmos DB is now available in all regions of the Azure public cloud. This feature enables Azure customers to directly communicate with Azure Cosmos DB from their virtual networks.
You can create network rules that allow only traffic from selected virtual networks and subnets. You can combine existing authorization mechanisms like a firewall access control list (ACL) with the new network boundaries to provide enhanced security for your data.
Azure Cosmos DB is the first service to allow cross-region access control support. That is, customers can restrict access to a globally distributed Azure Cosmos DB account from subnets located in multiple regions. Read more about it in the documentation.