Private Endpoints - Disable Public Access

Occasional Contributor


We are developing our new software in Azure and we are using some CosmosDB, Key Vaults...

By default, all of them are published to internet. We use the default URI ( and in Networking the Public Network Access is opened to "All networks".


For security reasons we want to change it. We don't want that our services are published to internet (now you can telnet to using 443 and 10255 ports.


So we disabled Public Access for one CosmosDB account:



And then we enabled the Private Access adding a Private Endpoint:





But... after these changes, we don't know why but we still connect to using 443 and 10255 from internet.


How can we block this connections from internet?


2 Replies
best response confirmed by mgfeal (Occasional Contributor)
Have you employed the network security group and blocked inbound traffic?
Also, have you reviewed this article by chance?


How about NSG? Please verify the rules under NSG