Back to Details

documentdb-security

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Security — Azure DocumentDB

安全——Azure DocumentDB

Core controls: TLS on the wire, network isolation with Private Endpoint, Microsoft Entra ID for identity, and CMK for data-at-rest encryption on regulated workloads.
核心控制措施:传输中启用TLS、通过Private Endpoint实现网络隔离、使用Microsoft Entra ID进行身份管理,以及针对受监管工作负载采用CMK实现静态数据加密。

Rules

规则

  • security-tls-required — Always connect with TLS; never disable certificate validation in production.
  • security-private-endpoint — Use Private Endpoint / firewall rules; disable public network access where possible.
  • security-entra-rbac — Prefer Microsoft Entra ID + RBAC over long-lived passwords; create per-app secondary users with least privilege.
  • security-cmk-encryption — Use customer-managed keys (CMK) for data-at-rest encryption on regulated workloads.
  • security-tls-required — 始终使用TLS连接;生产环境中绝不能禁用证书验证。
  • security-private-endpoint — 使用Private Endpoint/防火墙规则;尽可能禁用公共网络访问。
  • security-entra-rbac — 优先使用Microsoft Entra ID + RBAC而非长期密码;为每个应用创建权限最小的二级用户。
  • security-cmk-encryption — 针对受监管工作负载,使用客户管理密钥(CMK)实现静态数据加密。