You have an Azure subscription named Subscription1.
You have two virtual networks on Subscription1:
vnet1: Address Space 10.0.0.0/16 in the East US region
vnet2: Address Space 10.1.0.0/16 in the Central US region
You create a new Azure Cosmos DB account named sqlaccount1 configured as shown in the exhibit.
You need to determine the network connectivity to sqlaccount1.
Which virtual networks can access sqlaccount1 in the current configuration?
You can access sqlaccount1 from only vnet1 by using the private endpoint. You have deployed sqlaccount1 using a private endpoint as the connectivity method. With this method, your Cosmos DB account can only be accessed through a private endpoint, which is configured with vnet1 as shown in the exhibit. You can create a private endpoint with virtual networks in the same region as your Cosmos DB account.
You cannot access sqlaccount1 from the public endpoint. When you create a Cosmos DB account with a private endpoint, the public endpoint is disabled by default and your account receives traffic only from the private endpoint.
You cannot access sqlaccount1 from vnet2. You can only connect through a private endpoint with virtual networks that have previously been configured. You cannot configure a private endpoint with virtual networks in other regions. Instead, you can configure a virtual network peering between vnet1 and vnet2, and access sqlaccount1 from vnet2 through the vnet1 endpoint.