Network Security Perimeter Configurations - List
Gets list of effective Network Security Perimeter Configuration for cosmos db account
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DocumentDB/databaseAccounts/{accountName}/networkSecurityPerimeterConfigurations?api-version=2025-05-01-previewURI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
account
|
path | True |
string minLength: 3maxLength: 50 pattern: ^[a-z0-9]+(-[a-z0-9]+)* |
Cosmos DB database account name. |
|
resource
|
path | True |
string minLength: 1maxLength: 90 |
The name of the resource group. The name is case insensitive. |
|
subscription
|
path | True |
string (uuid) |
The ID of the target subscription. The value must be an UUID. |
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
Network Security Perimeter Configuration List |
|
| Other Status Codes |
Error response describing why the operation failed. |
Examples
NamspaceNetworkSecurityPerimeterConfigurationList
Sample request
GET https://management.azure.com/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/res4410/providers/Microsoft.DocumentDB/databaseAccounts/cosmosTest/networkSecurityPerimeterConfigurations?api-version=2025-05-01-preview
Sample response
{
"value": [
{
"id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/res4410/providers/Microsoft.DocumentDB/databaseAccounts/cosmosTest/networkSecurityPerimeterConfigurations/dbedb4e0-40e6-4145-81f3-f1314c150774.resourceAssociation1",
"name": "dbedb4e0-40e6-4145-81f3-f1314c150774.resourceAssociation1",
"type": "Microsoft.DocumentDB/databaseAccounts/networkSecurityPerimeterConfigurations",
"properties": {
"provisioningState": "Succeeded",
"networkSecurityPerimeter": {
"id": "/subscriptions/dbedb4e0-40e6-4145-81f3-f1314c150774/resourceGroups/res4794/providers/Microsoft.Network/networkSecurityPerimeters/nsp1",
"perimeterGuid": "ce2d5953-5c15-40ca-9d51-cc3f4a63b0f5",
"location": "East US"
},
"resourceAssociation": {
"name": "association1",
"accessMode": "Enforced"
},
"profile": {
"name": "profile1",
"accessRulesVersion": 10,
"accessRules": [
{
"name": "inVpnRule",
"properties": {
"direction": "Inbound",
"addressPrefixes": [
"148.0.0.0/8",
"152.4.6.0/24"
]
}
}
],
"diagnosticSettingsVersion": 5,
"enabledLogCategories": [
"NspPublicInboundPerimeterRulesAllowed",
"NspPublicInboundPerimeterRulesDenied"
]
}
}
}
]
}Definitions
| Name | Description |
|---|---|
|
Access |
Access rule in a network security perimeter configuration profile |
|
Access |
Direction of Access Rule |
|
Access |
Properties of Access Rule |
|
created |
The type of identity that created the resource. |
|
Error |
The resource management error additional info. |
|
Error |
The error detail. |
|
Error |
Error response |
|
Issue |
Type of issue |
|
Network |
Information about a network security perimeter (NSP) |
|
Network |
Network security perimeter (NSP) configuration resource |
|
Network |
Result of a list NSP (network security perimeter) configurations request. |
|
Network |
Network security configuration properties. |
|
Network |
Provisioning state of a network security perimeter configuration that is being created or updated. |
|
Network |
Network security perimeter configuration profile |
|
Provisioning |
Describes a provisioning issue for a network security perimeter configuration |
|
Provisioning |
Details of a provisioning issue for a network security perimeter (NSP) configuration. Resource providers should generate separate provisioning issue elements for each separate issue detected, and include a meaningful and distinctive description, as well as any appropriate suggestedResourceIds and suggestedAccessRules |
|
Resource |
Information about resource association |
|
Resource |
Access mode of the resource association |
| Severity |
Severity of the issue. |
| Subscriptions |
Subscriptions for inbound rules |
|
system |
Metadata pertaining to creation and last modification of the resource. |
AccessRule
Access rule in a network security perimeter configuration profile
| Name | Type | Description |
|---|---|---|
| name |
string |
Name of the access rule |
| properties |
Properties of Access Rule |
AccessRuleDirection
Direction of Access Rule
| Value | Description |
|---|---|
| Inbound |
Applies to inbound network traffic to the secured resources. |
| Outbound |
Applies to outbound network traffic from the secured resources |
AccessRuleProperties
Properties of Access Rule
| Name | Type | Description |
|---|---|---|
| addressPrefixes |
string[] |
Address prefixes in the CIDR format for inbound rules |
| direction |
Direction of Access Rule |
|
| emailAddresses |
string[] |
Email addresses for outbound rules |
| fullyQualifiedDomainNames |
string[] |
Fully qualified domain names (FQDN) for outbound rules |
| networkSecurityPerimeters |
Network security perimeters for inbound rules |
|
| phoneNumbers |
string[] |
Phone numbers for outbound rules |
| subscriptions |
Subscriptions for inbound rules |
createdByType
The type of identity that created the resource.
| Value | Description |
|---|---|
| User | |
| Application | |
| ManagedIdentity | |
| Key |
ErrorAdditionalInfo
The resource management error additional info.
| Name | Type | Description |
|---|---|---|
| info |
object |
The additional info. |
| type |
string |
The additional info type. |
ErrorDetail
The error detail.
| Name | Type | Description |
|---|---|---|
| additionalInfo |
The error additional info. |
|
| code |
string |
The error code. |
| details |
The error details. |
|
| message |
string |
The error message. |
| target |
string |
The error target. |
ErrorResponse
Error response
| Name | Type | Description |
|---|---|---|
| error |
The error object. |
IssueType
Type of issue
| Value | Description |
|---|---|
| Unknown |
Unknown issue type |
| ConfigurationPropagationFailure |
An error occurred while applying the network security perimeter (NSP) configuration. |
| MissingPerimeterConfiguration |
A network connectivity issue is happening on the resource which could be addressed either by adding new resources to the network security perimeter (NSP) or by modifying access rules. |
| MissingIdentityConfiguration |
An managed identity hasn't been associated with the resource. The resource will still be able to validate inbound traffic from the network security perimeter (NSP) or matching inbound access rules, but it won't be able to perform outbound access as a member of the NSP. |
NetworkSecurityPerimeter
Information about a network security perimeter (NSP)
| Name | Type | Description |
|---|---|---|
| id |
string (arm-id) |
Fully qualified Azure resource ID of the NSP resource |
| location |
string |
Location of the network security perimeter |
| perimeterGuid |
string (uuid) |
Universal unique ID (UUID) of the network security perimeter |
NetworkSecurityPerimeterConfiguration
Network security perimeter (NSP) configuration resource
| Name | Type | Description |
|---|---|---|
| id |
string (arm-id) |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| name |
string |
The name of the resource |
| properties |
Network security configuration properties. |
|
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
NetworkSecurityPerimeterConfigurationListResult
Result of a list NSP (network security perimeter) configurations request.
| Name | Type | Description |
|---|---|---|
| nextLink |
string (uri) |
The link used to get the next page of results. |
| value |
Array of network security perimeter results. |
NetworkSecurityPerimeterConfigurationProperties
Network security configuration properties.
| Name | Type | Description |
|---|---|---|
| networkSecurityPerimeter |
Information about a network security perimeter (NSP) |
|
| profile |
Network security perimeter configuration profile |
|
| provisioningIssues |
List of provisioning issues, if any |
|
| provisioningState |
Provisioning state of a network security perimeter configuration that is being created or updated. |
|
| resourceAssociation |
Information about resource association |
NetworkSecurityPerimeterConfigurationProvisioningState
Provisioning state of a network security perimeter configuration that is being created or updated.
| Value | Description |
|---|---|
| Succeeded | |
| Creating | |
| Updating | |
| Deleting | |
| Accepted | |
| Failed | |
| Canceled |
NetworkSecurityProfile
Network security perimeter configuration profile
| Name | Type | Description |
|---|---|---|
| accessRules |
List of Access Rules |
|
| accessRulesVersion |
integer (int32) |
Current access rules version |
| diagnosticSettingsVersion |
integer (int32) |
Current diagnostic settings version |
| enabledLogCategories |
string[] |
List of log categories that are enabled |
| name |
string |
Name of the profile |
ProvisioningIssue
Describes a provisioning issue for a network security perimeter configuration
| Name | Type | Description |
|---|---|---|
| name |
string |
Name of the issue |
| properties |
Details of a provisioning issue for a network security perimeter (NSP) configuration. Resource providers should generate separate provisioning issue elements for each separate issue detected, and include a meaningful and distinctive description, as well as any appropriate suggestedResourceIds and suggestedAccessRules |
ProvisioningIssueProperties
Details of a provisioning issue for a network security perimeter (NSP) configuration. Resource providers should generate separate provisioning issue elements for each separate issue detected, and include a meaningful and distinctive description, as well as any appropriate suggestedResourceIds and suggestedAccessRules
| Name | Type | Description |
|---|---|---|
| description |
string |
Description of the issue |
| issueType |
Type of issue |
|
| severity |
Severity of the issue. |
|
| suggestedAccessRules |
Access rules that can be added to the network security profile (NSP) to remediate the issue. |
|
| suggestedResourceIds |
string[] (arm-id) |
Fully qualified resource IDs of suggested resources that can be associated to the network security perimeter (NSP) to remediate the issue. |
ResourceAssociation
Information about resource association
| Name | Type | Description |
|---|---|---|
| accessMode |
Access mode of the resource association |
|
| name |
string |
Name of the resource association |
ResourceAssociationAccessMode
Access mode of the resource association
| Value | Description |
|---|---|
| Enforced |
Enforced access mode - traffic to the resource that failed access checks is blocked |
| Learning |
Learning access mode - traffic to the resource is enabled for analysis but not blocked |
| Audit |
Audit access mode - traffic to the resource that fails access checks is logged but not blocked |
Severity
Severity of the issue.
| Value | Description |
|---|---|
| Warning | |
| Error |
Subscriptions
Subscriptions for inbound rules
| Name | Type | Description |
|---|---|---|
| id |
string (arm-id) |
The fully qualified Azure resource ID of the subscription e.g. ('/subscriptions/00000000-0000-0000-0000-000000000000') |
systemData
Metadata pertaining to creation and last modification of the resource.
| Name | Type | Description |
|---|---|---|
| createdAt |
string (date-time) |
The timestamp of resource creation (UTC). |
| createdBy |
string |
The identity that created the resource. |
| createdByType |
The type of identity that created the resource. |
|
| lastModifiedAt |
string (date-time) |
The timestamp of resource last modification (UTC) |
| lastModifiedBy |
string |
The identity that last modified the resource. |
| lastModifiedByType |
The type of identity that last modified the resource. |