We are very excited to announce the public preview for private endpoint support for Azure Cosmos DB Mirroring with Microsoft Fabric mirroring. This feature allows you to preserve the enhanced network security on your data in Cosmos DB from virtual networks or private endpoints, allowing you to seamlessly replicate your operational data in Cosmos DB using Mirroring into your Fabric Workspaces.

Configuring Mirroring with Private Endpoints

The process for configuring Mirroring on your Cosmos DB accounts with private endpoints during our preview requires multiple steps.

To see these steps in detail, see, How to: Configure private networks for Azure Cosmos DB Fabric Mirroring. In there, you’ll also find a PowerShell script that can safely automate all of the networking configuration steps, so you only need to create the Mirror itself.

Here are the steps at a high level.

1. Assign the required RBAC policies for Mirroring.
2. Temporarily enable public access on your Cosmos account.
3. Add required Azure Service Endpoint IPs to IP Firewall (or use NSP)
4. Add a Network Bypass ACL from your Fabric Workspace to your Cosmos account.
5. Create the new Mirrored database in Fabric.
6. Disable public access.

When enabling public access, your account is never fully open to the public internet because this step includes adding regional Service Endpoint IP addresses for DataFactory and PowerQueryOnline to your Cosmos account’s IP Firewall before saving the configuration. It is also only temporary while the Mirroring is initially configured. Once the Mirroring connection has been established, your Cosmos account can be set to disable public access again.

During the preview, this process requires multiple, discreet configurations to be made by the user. We are looking at streamlining this process for users when we GA with an all-portal experience. We are also looking towards more widespread Network Security Perimeter support which will eliminate the need to add Azure Service Endpoint IP addresses to your Cosmos account’s IP Firewall.

To learn more and to get started configuring Mirroring for your Cosmos DB accounts using virtual networks or private endpoints, see, How to: Configure private networks for Azure Cosmos DB Fabric Mirroring.

About Azure Cosmos DB

Azure Cosmos DB is a fully managed and serverless NoSQL and vector database for modern app development, including AI applications. With its SLA-backed speed and availability as well as instant dynamic scalability, it is ideal for real-time NoSQL and MongoDB applications that require high performance and distributed computing over massive volumes of NoSQL and vector data.

To stay in the loop on Azure Cosmos DB updates, follow us on X, YouTube, and LinkedIn.