We’re excited to announce the general availability of private network support for Azure Cosmos DB mirroring in Microsoft Fabric, enabling customers to replicate operational data into Fabric from Azure Cosmos DB accounts secured with private endpoints or virtual networks while continuing to operate within their existing network security models. As more organizations connect operational data with analytics and AI to power new insights and intelligent applications, the ability to do so securely has become increasingly important—making private network support a key capability for bringing operational data into Fabric without compromising established security boundaries.

Bringing secured operational data into Fabric

Azure Cosmos DB mirroring makes it easy to continuously replicate operational data into Microsoft Fabric, where it can be used across analytics and AI experiences without building and maintaining custom ingestion pipelines.

With private network support now generally available, customers can use mirroring with Cosmos DB accounts that operate within restricted network environments, bringing secured operational data into Fabric while preserving their existing security posture.

Get Started by Configuring Mirroring with Private Networks

Configuring mirroring for Cosmos DB accounts that use private endpoints or virtual networks involves a small number of setup steps.

To see these steps in detail, refer to How to: Configure private networks for Azure Cosmos DB Fabric Mirroring. The documentation includes a PowerShell script that can automate the required networking and authorization configuration, allowing you to focus on creating the mirrored database in Fabric.

Here are the steps at a high level.

1. Assign the required RBAC policies for Mirroring.
2. Temporarily secure your Cosmos account with required Azure Service Endpoint IPs (or use Network Security Perimeter).
3. Configure a Network ACL from your Fabric Workspace to your Cosmos account.
4. Create the new Mirrored database in Fabric.
5. Restore the original network configuration once setup is complete.

For Cosmos DB accounts using Private Endpoints, step 2 involves temporarily enabling Selected networks to allow required Azure service access during the initial mirroring configuration. This access is scoped to specific Azure service endpoints and is only required during setup. After the mirroring connection is established, customers can restore their original network settings and continue operating with restricted network access.

For detailed guidance and step‑by‑step instructions, see How to: Configure private networks for Azure Cosmos DB Fabric Mirroring.

About Azure Cosmos DB

Azure Cosmos DB is a fully managed and serverless NoSQL and vector database for modern app development, including AI applications. With its SLA-backed speed and availability as well as instant dynamic scalability, it is ideal for real-time NoSQL and MongoDB applications that require high performance and distributed computing over massive volumes of NoSQL and vector data.

To stay in the loop on Azure Cosmos DB updates, follow us on X, YouTube, and LinkedIn.  Join the discussion with other developers on the #nosql channel on the Microsoft Open Source Discord.