Disabling public network access improves security by ensuring that your CosmosDB account isn't exposed on the public internet. Creating private endpoints can limit exposure of your CosmosDB account. Learn more at: https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints#blocking-public-network-access-during-account-creation.
Secure cloud services by establishing a private access point for the resources. You should also disable or restrict access from public network when possible.
Deploy private endpoints for all Azure resources that support the Private Link feature, to establish a private access point for the resources. You should also disable or restrict public network access to services where feasible.
For certain services, you also have the option to deploy VNet integration for the service where you can restrict the VNET to establish a private access point for the service.
**Implementation and additional context:**
Understand Azure Private Link: