Azure DocumentDB Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Databases

Category

Databases

1. Introduction

Important naming note (read first): Azure DocumentDB was the original name of Microsoft’s managed JSON document database service. It was renamed and expanded into Azure Cosmos DB. Today, in the Azure portal and current Azure documentation, you typically create an Azure Cosmos DB account (most commonly Azure Cosmos DB for NoSQL, formerly called the DocumentDB / SQL API).
In this tutorial, “Azure DocumentDB” refers to that current, supported Azure Cosmos DB for NoSQL experience, because the standalone “DocumentDB” product name is legacy.

What this service is

Azure DocumentDB (now delivered through Azure Cosmos DB for NoSQL) is a fully managed, globally distributable, JSON document database. It’s designed for applications that need flexible schemas, fast reads/writes at scale, and operational simplicity without managing servers.

Simple explanation (one paragraph)

If you need to store and query JSON documents for a web/mobile/API application—and you want low-latency access, elastic scaling, and built-in reliability—Azure DocumentDB provides a managed database that handles indexing, patching, backups, and scaling while you focus on your app.

Technical explanation (one paragraph)

Azure DocumentDB is implemented as an API model in Azure Cosmos DB that stores JSON documents in containers with partitioning and indexing, and serves queries using a SQL-like JSON query language. It offers configurable consistency levels, optional global distribution, multiple throughput models (provisioned throughput and serverless in many regions), and strong integration with Azure identity, networking, and monitoring.

What problem it solves

Azure DocumentDB solves the problem of running a high-performance, highly available, scalable document database without the operational burden of capacity planning, sharding, patching, replication, and backup management—while still enabling predictable performance via throughput controls and flexible JSON modeling.

---

2. What is Azure DocumentDB?

Official purpose

Azure DocumentDB’s purpose (as evolved into Azure Cosmos DB for NoSQL) is to provide a managed document database for JSON data with fast query, automatic indexing, elastic throughput, and global distribution options.

Official docs now live under Azure Cosmos DB (formerly DocumentDB):
https://learn.microsoft.com/azure/cosmos-db/

Core capabilities

• Store JSON documents with flexible schema.
• Query JSON using a SQL-like syntax (Cosmos DB for NoSQL query language).
• Automatic indexing (configurable), enabling queries without manual index management in many cases.
• Partitioning for horizontal scale and performance.
• Throughput management (RU/s for provisioned throughput; serverless consumption in supported options).
• Change feed to process inserts/updates in near-real time.
• Consistency choices (e.g., strong, bounded staleness, session, consistent prefix, eventual).
• Multi-region and high availability options (depending on configuration).

Major components (Azure Cosmos DB for NoSQL terminology)

• Account: The top-level Azure resource you create (in a subscription/resource group). It holds one or more databases.
• Database: A logical namespace that contains containers.
• Container (collection in legacy DocumentDB terms): Holds JSON items (documents). Container is the unit of partitioning and often the unit of throughput allocation (depending on configuration).
• Item: A JSON document stored in a container.
• Partition key: A JSON path (for example /customerId) that determines how data is distributed.
• Throughput (RU/s): Request Units per second, the currency used for provisioned performance.
• Indexing policy: Controls how items are indexed.
• Change feed: Ordered feed of changes within a container.

Service type

• PaaS (Platform-as-a-Service) managed database.
• You do not manage VMs, OS patching, replication setup, or shard routing.

Scope and geography

• Account-scoped resource created in a specific Azure region but can be configured for multi-region replication.
• Operates within an Azure subscription and a resource group.
• Can be deployed with public endpoint (restricted by firewall rules) or privately via Private Endpoint (recommended for production).

How it fits into the Azure ecosystem

Azure DocumentDB fits into Azure’s Databases portfolio as the document-oriented option for low-latency, scalable applications. Common Azure integrations include: – Azure App Service / Azure Functions / AKS as compute layers. – Microsoft Entra ID (Azure AD) for identity and (supported) data-plane authorization via RBAC. – Azure Private Link for private connectivity. – Azure Monitor and Diagnostic settings for metrics/logs. – Azure Key Vault for secrets (keys/connection strings) and customer-managed keys scenarios.

---

3. Why use Azure DocumentDB?

Business reasons

• Faster time to market: Managed operations reduce the effort needed to deploy and run a production database.
• Elastic growth: Scale without re-architecting for sharding later (partitioning is still crucial, but managed).
• Global reach: Multi-region replication options help support worldwide users with low latency (when configured).

Technical reasons

• Flexible JSON schema: Great for rapidly evolving application data models.
• Rich querying: SQL-like queries over JSON documents.
• Change feed: Build event-driven pipelines (e.g., projections, cache updates, downstream processing).
• Consistency tuning: Pick consistency tradeoffs to match business needs.

Operational reasons

• Managed backups (policy options vary by account configuration).
• Built-in monitoring via Azure Monitor metrics and logs.
• SLA-backed availability when configured appropriately (verify current SLA terms in official docs).

Security/compliance reasons

• Encryption at rest by default and TLS in transit.
• Network controls: IP firewall, private endpoints, disabling public network access.
• Identity integration: Use Microsoft Entra ID where supported, reduce key sprawl.
• Audit and diagnostics: Export logs to Log Analytics/Event Hubs/Storage via diagnostic settings.

Scalability/performance reasons

• Predictable performance using RU/s (provisioned throughput) and partitioning.
• Horizontal scaling with partition keys.
• Multi-region reads (and optional multi-region writes depending on configuration) for latency and availability.

When teams should choose it

Choose Azure DocumentDB when you need: – A document database for JSON. – High throughput with low latency at scale. – Global distribution features (optional). – A managed service integrated with Azure security/networking/monitoring.

When they should not choose it

Avoid Azure DocumentDB (Cosmos DB for NoSQL) when: – You require complex relational joins, strong relational constraints, and transactional semantics across many entities—consider Azure SQL Database or Azure Database for PostgreSQL. – Your dataset fits well into a key/value pattern and you want simpler/cheaper storage—consider Azure Table Storage (depending on needs). – Your workload is heavy on analytics rather than operational queries—consider Azure Synapse, Azure Data Explorer, or a lakehouse approach. – You cannot model a stable and effective partition key (this can lead to hotspots, throttling, and high cost).

---

4. Where is Azure DocumentDB used?

Industries

• Retail and e-commerce (catalogs, carts, personalization)
• SaaS platforms (tenant metadata, preferences, app state)
• Gaming (player profiles, inventory, session state)
• Media and content (content metadata, user interactions)
• Finance and insurance (event tracking, customer profiles—subject to compliance)
• IoT and telemetry (device state and metadata; consider time-series alternatives too)

Team types

• Product engineering teams building APIs and user-facing apps
• Platform teams offering shared persistence services
• DevOps/SRE teams needing reliable, observable managed databases
• Data engineering teams building change-feed-driven pipelines

Workloads

• Operational data stores for microservices
• User profile stores and session state
• Event-sourced projections (using change feed)
• Content metadata and flexible schema datasets

Architectures

• Microservices with per-service containers/databases (careful with account limits and cost)
• Multi-tenant SaaS designs (shared container with tenantId partition key, or per-tenant containers)
• Event-driven architectures where change feed triggers downstream actions
• Global active/active patterns (verify write configuration and conflict behavior in official docs)

Production vs dev/test usage

• Production: private endpoints, RBAC, well-designed partitioning, alerting, backup policy chosen intentionally, multi-region if needed.
• Dev/test: free tier or minimal RU/s; fewer regions; relaxed networking (still avoid public exposure), and aggressive TTL for data cleanup.

---

5. Top Use Cases and Scenarios

Below are realistic scenarios where Azure DocumentDB is a strong fit.

1) User profile store for web/mobile apps

• Problem: Store user preferences and profile attributes that evolve over time.
• Why this fits: Flexible JSON schema and fast key-based reads/writes.
• Example: A mobile app stores { userId, locale, preferences, devices[] } and adds new preference fields without schema migrations.

2) Product catalog with heterogeneous items

• Problem: Products have different attributes (size charts, bundles, digital goods metadata).
• Why this fits: Store different document shapes; query by attributes; automatic indexing helps.
• Example: An e-commerce catalog stores shoes, electronics, and subscriptions in one container partitioned by categoryId.

3) Shopping cart and checkout state

• Problem: Low-latency cart reads/writes with bursty traffic.
• Why this fits: Partition by userId or cartId, support fast point reads and updates; TTL can expire abandoned carts.
• Example: Store cart documents with TTL of 30 days, updated frequently during browsing.

4) Multi-tenant SaaS metadata store

• Problem: Manage tenant configuration, feature flags, and tenant-level policies.
• Why this fits: Partition by tenantId, easy to isolate queries per tenant, fast lookups.
• Example: A SaaS control plane stores { tenantId, plan, flags, allowedRegions }.

5) IoT device registry and device state

• Problem: Track device metadata and last-known state for operational dashboards.
• Why this fits: Flexible schema, quick reads, change feed for event processing.
• Example: A fleet system stores { deviceId, firmware, lastSeen, status, reportedState } and streams updates using change feed.

6) Event sourcing projection store (read models)

• Problem: Keep query-optimized views updated from an event stream.
• Why this fits: Change feed consumers can update materialized views efficiently.
• Example: Events land in one container; a processor updates per-customer aggregate docs in another.

7) Content metadata and personalization signals

• Problem: Store content metadata plus user engagement signals that change frequently.
• Why this fits: JSON modeling and scalable reads for recommendations.
• Example: Store { contentId, tags, regionAvailability, metrics: { likes, views } }.

8) API backend for microservices (operational store)

• Problem: Microservices need an operational store with predictable performance.
• Why this fits: Container-level throughput, partitioning, and SDK support across languages.
• Example: An order service stores orders partitioned by customerId; an inventory service stores items partitioned by sku.

9) Session store with TTL

• Problem: Manage short-lived sessions and tokens with auto-expiration.
• Why this fits: TTL reduces operational cleanup; point reads/writes are efficient.
• Example: Store session docs with TTL = 2 hours, partitioned by userId.

10) Audit/event log for application events (operational querying)

• Problem: Record high-volume events and query recent ones for support and operations.
• Why this fits: Partition by tenantId or service, use time-based patterns carefully; change feed can export to analytics.
• Example: Store events partitioned by tenantId, include eventTime; periodically export to Data Lake for long-term analytics.

11) Inventory and pricing with optimistic concurrency

• Problem: Prevent lost updates when multiple services update the same document.
• Why this fits: ETags support conditional updates for optimistic concurrency patterns.
• Example: Update price doc only if ETag matches; retry on conflict.

12) Geo-distributed read-heavy applications

• Problem: Users worldwide need low-latency reads.
• Why this fits: Add read regions and route reads to nearest region (architecture-dependent).
• Example: A global news app replicates content metadata to multiple regions for fast reads.

---

6. Core Features

This section describes key features of Azure DocumentDB as delivered via Azure Cosmos DB for NoSQL. Always confirm the latest capabilities for your account type and region in official docs.

1) JSON document storage (items) in containers

• What it does: Stores JSON documents (“items”) in logical containers.
• Why it matters: Matches modern application objects and flexible data models.
• Practical benefit: Reduce friction when adding new fields; fewer schema migrations.
• Caveats: Flexible schema still needs governance—without conventions you can end up with inconsistent documents and complicated queries.

2) Partitioning with a partition key

• What it does: Distributes data across partitions based on a partition key path (e.g., /customerId).
• Why it matters: Enables horizontal scale and throughput distribution.
• Practical benefit: High throughput and lower latency when most operations are scoped to one partition key value.
• Caveats: Poor partition key choices create hotspots, throttling (HTTP 429), and high RU consumption.

3) Throughput models (RU/s provisioning; serverless where supported)

• What it does: Controls how much request capacity your database/container has.
• Why it matters: Predictable performance and cost control.
• Practical benefit: Provision RU/s for steady workloads; use autoscale (if chosen) for variable workloads; serverless for spiky/low-usage patterns (where available).
• Caveats: Under-provisioning causes throttling; over-provisioning wastes money. Serverless has different limits and cost characteristics—verify before choosing.

4) Automatic indexing and configurable indexing policy

• What it does: Automatically indexes data so many queries work without manual index creation.
• Why it matters: Reduces operational overhead and improves developer productivity.
• Practical benefit: Queries “just work” in many cases.
• Caveats: Indexing increases write cost (RU). You should tune indexing policies for write-heavy workloads or large documents.

5) SQL-like query over JSON

• What it does: Query items using a SQL-like language tailored to JSON structures.
• Why it matters: More expressive than basic key-value operations.
• Practical benefit: Filter, project, and join within a document (and within limited query semantics).
• Caveats: Not a relational database—joins are limited and typically within a single item’s nested arrays. Cross-partition queries cost more RU.

6) Change feed (event stream of changes)

• What it does: Provides an ordered feed of inserts and updates within a container.
• Why it matters: Enables event-driven patterns without adding external CDC tooling.
• Practical benefit: Build projections, sync caches/search indexes, or trigger workflows.
• Caveats: Requires careful checkpointing and scaling of processors; design for idempotency.

7) Consistency levels

• What it does: Lets you choose the read consistency behavior (strong through eventual, with session commonly used).
• Why it matters: You can tune tradeoffs between latency, throughput, and correctness.
• Practical benefit: Many apps work well with session consistency (read-your-writes per session).
• Caveats: Stronger consistency can increase latency/cost and may limit certain geo configurations—verify constraints.

8) Multi-region replication (optional)

• What it does: Replicates data across regions for availability and/or latency.
• Why it matters: Helps meet global SLA and disaster recovery objectives.
• Practical benefit: Users read from nearest region; improved resiliency.
• Caveats: More regions increase cost (throughput and storage replication) and complexity (failover planning, consistency considerations).

9) Backup and restore options (policy-based)

• What it does: Provides managed backups based on selected policy (periodic or continuous, depending on account configuration and current product offerings).
• Why it matters: Protects against accidental deletion or corruption.
• Practical benefit: Reduced operational risk compared to DIY backups.
• Caveats: Restore behavior, retention, RPO/RTO vary—verify current backup policy options in official docs.

10) SDKs and developer tooling

• What it does: Provides SDKs for .NET, Java, Python, Node.js, and more; plus portal Data Explorer.
• Why it matters: Faster development and consistent operational patterns.
• Practical benefit: Built-in retries, connection management, and query tooling.
• Caveats: Use the recommended SDK version for your language; older SDKs may have different behavior.

11) Security features (network, identity, encryption)

• What it does: Supports firewall rules, private endpoints, encryption at rest, and identity-based access (where supported).
• Why it matters: Database security is often the highest-risk part of an application.
• Practical benefit: Reduce exposure to public internet, centralize identity.
• Caveats: Misconfigured networking (public access + permissive firewall) is a common mistake.

---

7. Architecture and How It Works

High-level service architecture

Azure DocumentDB (Cosmos DB for NoSQL) is designed around: – Logical resources (account → database → container → item) – Partitioned storage (partition key determines distribution) – Indexing layer (automatic and configurable) – Throughput governance (RU/s budgeting and throttling)

Request/data/control flow

Typical runtime flow: 1. Application uses SDK to send a request (read/write/query). 2. SDK resolves the appropriate endpoint and routes to the correct partition (based on partition key). 3. Service enforces authentication (key-based or identity-based where configured). 4. Service consumes RU/s budget for the operation. 5. Data is written/queried; indexing is applied based on policy. 6. Response returns with headers indicating RU consumption and continuation tokens for paged queries.

Integrations with related Azure services

Common integrations include: – Azure Functions: Triggered processing using change feed patterns or scheduled maintenance. – Azure App Service / AKS: Primary compute for APIs. – Azure Private Link: Private endpoints for database connectivity. – Azure Monitor + Log Analytics: Metrics, logs, alerts. – Azure Key Vault: Store primary/secondary keys or connection strings (or integrate with Entra-based auth patterns when possible). – Azure Event Hubs / Azure Data Lake Storage: Export change feed output for analytics pipelines (implementation depends on your design).

Dependency services

Azure DocumentDB is a managed service; you mainly depend on: – Azure subscription/resource group – Networking primitives (VNet/subnets, private endpoints) if using private connectivity – Identity provider (Microsoft Entra ID) if using identity-based access

Security/authentication model

Common approaches: – Primary/secondary keys (shared key authorization). Easy to start; harder to govern at scale. – Resource tokens (fine-grained, app-managed token issuance). – Microsoft Entra ID + Azure RBAC for data-plane access (supported for Azure Cosmos DB for NoSQL; verify current requirements and SDK support in official docs).

Networking model

• Public endpoint: Controlled with IP firewall rules; can restrict to selected IPs.
• Private endpoint (recommended): Access over a private IP in your VNet; can disable public network access.
• Service endpoints: Historically available for some Azure services; for Cosmos DB, Private Link is generally preferred—verify what’s supported for your scenario.

Monitoring/logging/governance

• Metrics: RU consumption, throttles (429s), latency, storage, availability, replication.
• Logs: Diagnostic settings can send logs to Log Analytics/Event Hubs/Storage (verify available categories).
• Governance: Use Azure Policy, tags, naming conventions, and resource locks for critical resources.

Simple architecture diagram (Mermaid)

flowchart LR
  U[User / Client App] --> API[API Service<br/>(App Service / AKS)]
  API -->|SDK calls (NoSQL)| DB[Azure DocumentDB<br/>(Azure Cosmos DB for NoSQL)]
  API --> KV[Azure Key Vault<br/>(keys/secrets)]
  DB --> MON[Azure Monitor<br/>Metrics & Logs]

Production-style architecture diagram (Mermaid)

flowchart TB
  subgraph VNET[Azure Virtual Network]
    subgraph SUBNET_APP[App Subnet]
      AKS[AKS / App Service Env / VMs<br/>API + Workers]
    end
    subgraph SUBNET_PE[Private Endpoint Subnet]
      PE[Private Endpoint<br/>to Azure DocumentDB]
    end
  end

  ENTRA[Microsoft Entra ID<br/>Identity & RBAC] --> AKS
  KV[Azure Key Vault<br/>Secrets/Keys/CMK refs] --> AKS

  AKS -->|Private IP| PE --> DB[(Azure DocumentDB<br/>Cosmos DB for NoSQL)]
  DB --> MON[Azure Monitor + Log Analytics<br/>Alerts/Dashboards]
  DB --> EH[Event Hubs (optional)<br/>Downstream streaming]
  AKS --> APM[Application Insights<br/>Tracing]

  ADM[Ops/Admin] --> PORTAL[Azure Portal / CLI]
  PORTAL --> DB

---

8. Prerequisites

Account/subscription requirements

• An active Azure subscription.
• Ability to create resources in a resource group (or an existing resource group to use).

Permissions / IAM roles

Minimum typical permissions (depending on your org policy): – Contributor on the resource group (to create the account). – For production governance, you may also need: – Permissions to create Private Endpoints and manage VNets. – Permissions to configure Diagnostic settings. – Data-plane roles (if using Entra ID + RBAC) to read/write data.
Verify the latest roles and assignments in official docs: https://learn.microsoft.com/azure/cosmos-db/

Billing requirements

• Cosmos DB resources incur charges unless covered by free tier or minimal usage. Ensure your subscription has an active billing method.

CLI/SDK/tools needed

Pick one path: – Azure Portal (browser) for creation and Data Explorer. – Azure CLI for scripting: https://learn.microsoft.com/cli/azure/install-azure-cli – Python 3.10+ (recommended) and pip (for the hands-on lab). – Optional: VS Code + Azure extensions.

Region availability

• Azure Cosmos DB is available in many regions, but not every feature is in every region (serverless, backup modes, multi-region specifics).
  Verify current region support: https://learn.microsoft.com/azure/cosmos-db/

Quotas/limits (high level)

• Throughput minimums, partition limits, item size limits, RU/s constraints, and account limits exist and can change.
  Verify current limits: https://learn.microsoft.com/azure/cosmos-db/concepts-limits

Prerequisite services (optional but common)

• Azure Key Vault for secure key storage.
• Log Analytics workspace for centralized logging.
• VNet + Private Endpoint for private connectivity in production.

---

9. Pricing / Cost

Azure DocumentDB pricing is the Azure Cosmos DB pricing model for the selected API (here: Cosmos DB for NoSQL). Prices vary by region, billing model, and sometimes feature configuration.

Official pricing page: https://azure.microsoft.com/pricing/details/cosmos-db/
Pricing calculator: https://azure.microsoft.com/pricing/calculator/

Pricing dimensions (what you pay for)

Common cost components include:

1. Throughput – Provisioned throughput (RU/s): You provision RU/s at container or database level (or autoscale RU/s). You pay for provisioned capacity. – Serverless (where available): You pay for consumed request units rather than provisioned RU/s (serverless has constraints—verify official docs).

2. Storage – Data stored (GB) is billed. Index storage may also contribute to total storage.

3. Additional regions – Adding regions increases cost: replicated storage and potentially throughput in each region depending on configuration.

4. Networking – Data egress charges may apply (especially cross-region and outbound to internet). – Private endpoints can have associated costs (Private Link usage).

5. Backup/restore and advanced features – Backup policy options may affect cost. – Some features (like dedicated gateway or specific capabilities) may have additional pricing—verify official pricing documentation for your configuration.

Free tier (if applicable)

Azure Cosmos DB provides a free tier option for eligible accounts (commonly one account per subscription) that includes a limited amount of throughput and storage.
Because free tier details can change, verify current free tier terms on the official pricing page.

Main cost drivers

• Provisioned RU/s (biggest driver for steady workloads).
• Poor partition key design causing higher RU consumption and throttling.
• Large documents and heavy indexing raising write RU.
• Cross-partition queries and frequent scans.
• Multiple regions (replication multiplies costs).
• High request rates with expensive queries.

Hidden/indirect costs to plan for

• Data egress to clients or other clouds.
• Log ingestion costs in Log Analytics (diagnostic logs can be chatty).
• Key Vault costs (minor, but present) if heavily used.
• Engineering time: re-modeling partition key later is expensive.

Network/data transfer implications

• Same-region app + database reduces latency and egress.
• Multi-region designs can increase inter-region traffic and complexity.
• Private endpoints route traffic privately but you still pay for Private Link usage and standard data transfer where applicable.

How to optimize cost (practical checklist)

• Start with minimum viable RU/s and measure RU usage headers.
• Choose a good partition key to avoid hotspots and cross-partition queries.
• Tune indexing policy for write-heavy workloads.
• Use TTL for ephemeral data to reduce storage.
• Prefer point reads (id + partition key) where possible.
• Consider autoscale for variable workloads, or serverless for spiky/low-volume patterns (verify fit).
• Avoid unnecessary multi-region replication until you have a clear latency/DR requirement.

Example low-cost starter estimate (no fabricated numbers)

A typical low-cost dev/test setup often looks like: – Single region – One database, one container – Minimum RU/s (or free tier if eligible) – Small storage footprint

Your actual monthly total depends on: – Whether free tier applies – RU/s provisioning model (manual vs autoscale vs serverless) – Region – Data size and request volume

Use the Azure Pricing Calculator with: – Cosmos DB API = NoSQL – Throughput = minimum or autoscale minimum – Storage = small (e.g., a few GB) – Regions = 1

Example production cost considerations

For production, plan and model: – Required RU/s for peak traffic + headroom – Autoscale vs manual provisioning tradeoffs – Multi-region replication for latency/DR (cost multiplier) – Private endpoints and network egress – Observability costs (Log Analytics ingestion) – Backup policy requirements (RPO/RTO) and associated pricing

---

10. Step-by-Step Hands-On Tutorial

This lab uses the current Azure Cosmos DB for NoSQL workflow while referring to it as Azure DocumentDB (legacy name). The steps are designed to be safe, beginner-friendly, and low-cost (especially if you can enable free tier).

Objective

Create an Azure DocumentDB account (Cosmos DB for NoSQL), create a database and container with a partition key, insert and query JSON documents using the Python SDK, validate results in the Azure portal, and then clean up.

Lab Overview

You will: 1. Create a resource group. 2. Create an Azure DocumentDB (Cosmos DB for NoSQL) account. 3. Create a database and container (with partition key). 4. Insert and query documents using Python. 5. Validate with Data Explorer. 6. Troubleshoot common errors. 7. Clean up to avoid charges.

---

Step 1: Create a resource group

Option A: Azure Portal 1. Go to https://portal.azure.com 2. Search Resource groups → Create 3. Choose: – Subscription: your subscription – Resource group: rg-documentdb-lab – Region: pick a region near you (e.g., East US)

Expected outcome: Resource group created successfully.

Option B: Azure CLI

az login
az account set --subscription "<YOUR_SUBSCRIPTION_ID>"

az group create \
  --name rg-documentdb-lab \
  --location eastus

Verify

az group show --name rg-documentdb-lab --query "{name:name, location:location}" -o table

---

Step 2: Create an Azure DocumentDB account (Cosmos DB for NoSQL)

You will create an Azure Cosmos DB account configured for the NoSQL API (the modern equivalent of DocumentDB).

Option A: Azure Portal 1. Search Azure Cosmos DB → Create 2. Select Azure Cosmos DB for NoSQL 3. Configure: – Resource group: rg-documentdb-lab – Account name: must be globally unique, e.g. docdbloc<random> – Location: same region as your resource group 4. Free tier: If you see an option to enable free tier, enable it (only eligible for one account per subscription). If you’re unsure, verify on the official pricing page. 5. Networking: – For the lab, you can keep public access enabled. – For production, you would typically use Private Endpoint and disable public network access. 6. Create the account.

Expected outcome: Cosmos DB account (Azure DocumentDB) deployment completes.

Option B: Azure CLI (verify flags in official CLI docs) Azure CLI syntax can vary slightly by version. If any command fails, verify the latest CLI parameters in official docs: https://learn.microsoft.com/cli/azure/cosmosdb

Example (NoSQL API):

export COSMOS_ACCOUNT="docdbloc$RANDOM"

az cosmosdb create \
  --name "$COSMOS_ACCOUNT" \
  --resource-group rg-documentdb-lab \
  --locations regionName=eastus failoverPriority=0 \
  --default-consistency-level Session

If you want to attempt free tier via CLI, verify the correct flag name in current docs (it has existed historically, but confirm for your version).

Verify

az cosmosdb show \
  --name "$COSMOS_ACCOUNT" \
  --resource-group rg-documentdb-lab \
  --query "{name:name, documentEndpoint:documentEndpoint, provisioningState:provisioningState}" -o table

---

Step 3: Create a database and container (with partition key)

We’ll create: – Database: appdb – Container: customers – Partition key: /customerId

Option A: Azure Portal (Data Explorer) 1. Open your Cosmos DB account 2. Go to Data Explorer 3. New Database – Database id: appdb – Throughput: Choose shared database throughput only if you understand the tradeoffs. For simplicity, you can let throughput be set at container level. 4. New Container – Database: appdb – Container id: customers – Partition key: /customerId – Throughput: choose the minimum allowed (commonly 400 RU/s for provisioned throughput, but this can vary). If serverless is enabled for your account, the experience differs.

Expected outcome: Database and container exist.

Option B: Azure CLI (verify in official docs)

az cosmosdb sql database create \
  --account-name "$COSMOS_ACCOUNT" \
  --resource-group rg-documentdb-lab \
  --name appdb

Create container:

az cosmosdb sql container create \
  --account-name "$COSMOS_ACCOUNT" \
  --resource-group rg-documentdb-lab \
  --database-name appdb \
  --name customers \
  --partition-key-path "/customerId" \
  --throughput 400

If --throughput 400 fails due to account type/limits, check whether your account uses autoscale/serverless or has different minimums.

Verify

az cosmosdb sql container show \
  --account-name "$COSMOS_ACCOUNT" \
  --resource-group rg-documentdb-lab \
  --database-name appdb \
  --name customers \
  --query "{id:name, partitionKey:resource.partitionKey, indexingPolicy:resource.indexingPolicy}" -o json

---

Step 4: Get connection details (endpoint + key)

Portal 1. Open the Cosmos DB account 2. Go to Keys 3. Copy: – URI – PRIMARY KEY

Expected outcome: You have credentials to connect from the SDK.

Security note: For production, prefer Microsoft Entra ID where supported and avoid embedding keys in code. Use Key Vault or managed identity patterns.

---

Step 5: Insert and query documents using Python

5.1 Install the SDK

python -m venv .venv
# Linux/macOS:
source .venv/bin/activate
# Windows (PowerShell):
# .venv\Scripts\Activate.ps1

pip install azure-cosmos

5.2 Set environment variables

Set these in your shell (do not commit to git):

export COSMOS_ENDPOINT="https://<your-account>.documents.azure.com:443/"
export COSMOS_KEY="<your-primary-key>"

Windows PowerShell:

$env:COSMOS_ENDPOINT="https://<your-account>.documents.azure.com:443/"
$env:COSMOS_KEY="<your-primary-key>"

5.3 Create a script

Create documentdb_lab.py:

import os
import uuid
from azure.cosmos import CosmosClient, PartitionKey, exceptions

endpoint = os.environ["COSMOS_ENDPOINT"]
key = os.environ["COSMOS_KEY"]

DATABASE_ID = "appdb"
CONTAINER_ID = "customers"

client = CosmosClient(endpoint, credential=key)

db = client.create_database_if_not_exists(id=DATABASE_ID)

container = db.create_container_if_not_exists(
    id=CONTAINER_ID,
    partition_key=PartitionKey(path="/customerId"),
)

# Insert a few customer documents
docs = [
    {
        "id": str(uuid.uuid4()),
        "customerId": "CUST-001",
        "name": "Asha",
        "tier": "gold",
        "email": "asha@example.com",
        "addresses": [{"type": "home", "city": "Pune", "country": "IN"}],
    },
    {
        "id": str(uuid.uuid4()),
        "customerId": "CUST-002",
        "name": "Luis",
        "tier": "silver",
        "email": "luis@example.com",
        "addresses": [{"type": "home", "city": "Madrid", "country": "ES"}],
    },
]

for d in docs:
    try:
        container.create_item(body=d)
        print(f"Inserted id={d['id']} pk={d['customerId']}")
    except exceptions.CosmosHttpResponseError as e:
        print("Insert failed:", e)

# Point read requires id + partition key value
one = docs[0]
read_back = container.read_item(item=one["id"], partition_key=one["customerId"])
print("Point read:", read_back["name"], read_back["tier"])

# Query example (parameterized)
query = "SELECT c.id, c.customerId, c.name, c.tier FROM c WHERE c.tier = @tier"
params = [{"name": "@tier", "value": "gold"}]

items = list(container.query_items(
    query=query,
    parameters=params,
    enable_cross_partition_query=True
))
print("Gold customers:", items)

Run it:

python documentdb_lab.py

Expected outcome: – Script prints inserted IDs. – A successful point read returns the first customer. – Query returns customers with tier = "gold".

Verification tip: The SDK typically returns RU consumption in response headers internally; for deeper inspection, use logging or SDK diagnostics features (vary by SDK version).

---

Step 6: Validate in Azure Portal Data Explorer

1. In your Cosmos DB account → Data Explorer
2. Browse appdb → customers → Items
3. Confirm the inserted documents exist
4. Run a query:

SELECT * FROM c WHERE c.tier = "gold"

Expected outcome: Query returns matching documents.

---

Validation

Use this checklist: – [ ] Cosmos DB account exists and is “Succeeded” – [ ] Database appdb exists – [ ] Container customers exists with partition key /customerId – [ ] Python script inserts and reads documents successfully – [ ] Data Explorer shows the documents and query results

---

Troubleshooting

Issue: 401 Unauthorized

Symptoms: Python script fails with authorization error.
Fix: – Ensure COSMOS_ENDPOINT matches the account URI. – Ensure COSMOS_KEY is correct and not truncated. – If using Key Vault, confirm you retrieved the current value.

Issue: 404 Not Found (database/container)

Symptoms: Reads fail because resources aren’t found.
Fix: Confirm you created the database/container in the same account your endpoint points to. Verify names match exactly (appdb, customers).

Issue: 429 Too Many Requests (throttling)

Symptoms: Requests are rate-limited.
Fix: – Increase RU/s temporarily (portal → container → Scale). – Reduce query scope; prefer point reads with partition key. – Check for cross-partition queries and expensive filters.

Issue: Partition key mismatch

Symptoms: Point reads fail or writes behave unexpectedly.
Fix: Partition key value must match the item’s partition key property. For our design, every item must have customerId.

---

Cleanup

To avoid ongoing charges, delete the resource group.

Azure Portal – Resource groups → rg-documentdb-lab → Delete resource group

Azure CLI

az group delete --name rg-documentdb-lab --yes --no-wait

Expected outcome: All lab resources are removed.

---

11. Best Practices

Architecture best practices

• Design partition keys first. This is the single most important design decision.
• Prefer access patterns that are partition-local (same partition key value).
• For multi-tenant SaaS, use a stable tenantId partition key and consider strategies for large tenants (e.g., synthetic partition keys) if needed.
• Keep an eye on document size and avoid extremely large nested arrays that cause expensive reads/writes.

IAM/security best practices

• Prefer Microsoft Entra ID + RBAC (where supported) for data access to reduce shared key usage.
• If you must use keys:
• Store them in Azure Key Vault
• Rotate keys periodically
• Avoid sharing primary key broadly; use secondary during rotation
• Apply least privilege for management-plane access (RBAC on the account).

Cost best practices

• Right-size throughput: measure RU per operation and set RU/s accordingly.
• Consider autoscale for variable workloads.
• Tune indexing policy:
• Exclude paths you never query.
• Consider turning off indexing for write-only containers (only if you truly never query by fields).
• Use TTL for ephemeral data.
• Avoid unnecessary multi-region replication.

Performance best practices

• Prefer point reads (id + partition key) for frequent lookups.
• Avoid unbounded cross-partition queries.
• Use parameterized queries to avoid repeated query compilation overhead and for safety.
• Use SDK best practices: connection reuse, retries, and concurrency controls.

Reliability best practices

• Decide on RPO/RTO and pick the appropriate backup policy.
• Consider multi-region for DR if your requirements justify it.
• Build retry logic for transient failures and throttling (the SDK helps, but configure wisely).

Operations best practices

• Set up alerts for:
• RU throttling (429)
• Availability and latency
• Storage growth
• Use diagnostic settings to centralize logs; control volume to manage Log Analytics costs.
• Tag resources (owner, env, costCenter, dataClassification).

Governance/tagging/naming best practices

• Naming example:
• cosmos-docdb-<app>-<env>-<region>
• Tags:
• env=dev|test|prod
• owner=<team>
• dataClassification=public|internal|confidential
• costCenter=<id>

---

12. Security Considerations

Identity and access model

• Management plane (Azure RBAC): Controls who can create/modify the Cosmos DB account and settings.
• Data plane: Options include shared keys, resource tokens, and Entra ID RBAC (feature availability depends on API and current Cosmos DB capabilities—verify in official docs).

Recommendation: For enterprises, prefer Entra ID with RBAC where feasible, plus private networking.

Encryption

• In transit: TLS is used for client connections.
• At rest: Encryption at rest is provided by Azure. Customer-managed keys (CMK) are supported in many Azure services; verify current Cosmos DB CMK support and prerequisites in official docs.

Network exposure

• Avoid “open to internet” configurations in production.
• Use:
• Private Endpoint (Private Link)
• Disable public network access where possible
• IP firewall restrictions if public endpoint must remain enabled
• Ensure DNS for private endpoints is configured correctly (private DNS zones).

Secrets handling

• Do not store keys in source control.
• Use Key Vault and managed identity for retrieval.
• Rotate keys and audit access to secrets.

Audit/logging

• Enable diagnostic settings and send to Log Analytics or a SIEM pipeline.
• Monitor for unusual access patterns, spikes, and repeated 401s.

Compliance considerations

• Data residency: pick regions that satisfy residency requirements.
• Retention and deletion: implement TTL and deletion workflows; consider backup retention implications.
• For regulated workloads, verify certifications and compliance documentation in Azure Compliance offerings and Cosmos DB-specific guidance.

Common security mistakes

• Leaving public access enabled with permissive firewall rules.
• Sharing primary keys across many apps/teams.
• No alerting on throttling or suspicious activity.
• Treating flexible schema as “no governance needed” and losing track of sensitive fields in documents.

Secure deployment recommendations

• Private endpoints + disable public network access (production default).
• Entra ID RBAC for data-plane access (where supported).
• Key Vault for any required secrets.
• Centralized logging and alerting.
• Least privilege roles and periodic access reviews.

---

13. Limitations and Gotchas

Always confirm current limits in official docs: https://learn.microsoft.com/azure/cosmos-db/concepts-limits

Data modeling gotchas

• Partition key cannot be changed for an existing container. Changing it typically requires migrating data to a new container.
• Hot partitions can occur if many writes go to the same partition key value.

Query and RU consumption surprises

• Cross-partition queries can be expensive.
• Large documents and heavy indexing can increase write RU.
• Some queries require composite indexes or specific indexing policies—verify query performance and indexing needs.

Operational gotchas

• Throttling (429) is normal behavior under RU pressure; plan retries and monitor RU usage.
• Multi-region changes require careful planning for consistency, failover, and cost.

Networking gotchas

• Private endpoint deployments require correct DNS setup; misconfiguration can cause timeouts.
• Locking down firewall rules may break CI/CD or developer access if not planned.

Migration challenges

• Migrating from older DocumentDB-era SDKs to current Cosmos SDK versions may require code changes.
• Migrating from other document databases requires careful attention to:
• Partitioning strategy
• Query language differences
• Consistency and transaction semantics

Vendor-specific nuances

• RU-based capacity planning is different from CPU/IOPS-based planning in other databases. Teams must learn to read RU usage and optimize queries and indexing.

---

14. Comparison with Alternatives

Azure DocumentDB (Cosmos DB for NoSQL) is one option in Azure Databases and beyond. Here’s how it compares at a practical level.

Option	Best For	Strengths	Weaknesses	When to Choose
Azure DocumentDB (Azure Cosmos DB for NoSQL)	Operational JSON documents at scale	Global distribution options, RU-based predictable performance, change feed, flexible schema	Requires partition key design, RU learning curve, can be costly if mis-modeled	You need scalable document DB with Azure-native ops and optional global footprint
Azure SQL Database	Relational workloads	Strong SQL, joins, constraints, mature tooling	Schema rigidity vs JSON docs, scaling model differs	Data is relational and you need transactional integrity and complex queries
Azure Database for PostgreSQL	Relational + extensibility	Open ecosystem, SQL, extensions, strong community	More ops considerations than Cosmos-like serverless patterns	You want relational + open-source portability
Azure Table Storage	Simple key/value at low cost	Very cost-effective, simple	Limited querying, fewer DB features	You need cheap key/value storage with limited query needs
Azure Data Explorer	Telemetry/log analytics	Fast analytics queries, time-series patterns	Not an OLTP doc store	You need interactive analytics over large event datasets
AWS DynamoDB	Managed key/value & document	Strong scale, managed, mature	Different API model; AWS ecosystem	You are on AWS and need similar managed NoSQL patterns
AWS DocumentDB (MongoDB-compatible)	MongoDB API compatibility on AWS	MongoDB-like interface	Not the same as Azure DocumentDB; different feature set and costs	You need MongoDB compatibility specifically in AWS
Google Firestore	Mobile/web app data	Realtime sync patterns, dev-friendly	Different querying/transaction model	You are on GCP and building mobile/web realtime apps
Self-managed MongoDB/CouchDB/Cassandra	Full control, custom needs	Control over deployment	Operational burden, patching, scaling complexity	You need on-prem/self-managed control or specific OSS behavior

---

15. Real-World Example

Enterprise example: Global customer profile and preferences platform

• Problem: A global enterprise needs a customer profile store powering multiple applications across regions, with low latency and strong operational controls.
• Proposed architecture:
• Azure DocumentDB account (Cosmos DB for NoSQL) with multi-region reads
• API layer on AKS or App Service
• Private endpoints for database connectivity
• Entra ID RBAC for service identities (where supported)
• Change feed processors to push profile updates to downstream systems (cache/search/analytics)
• Centralized monitoring (Azure Monitor + Log Analytics) and alerting
• Why this service was chosen:
• Flexible schema for evolving customer attributes
• Partitioning for scale (e.g., /customerId)
• Optional global distribution for latency
• Managed ops and integrated security/networking
• Expected outcomes:
• Reduced operational overhead vs self-managed clusters
• Consistent low-latency reads for applications in multiple regions
• Near-real-time propagation of changes via change feed

Startup/small-team example: SaaS configuration + feature flags

• Problem: A small team needs a reliable, simple store for tenant configurations and feature flags with minimal DBA effort.
• Proposed architecture:
• Single-region Azure DocumentDB account with one container partitioned by /tenantId
• App Service API
• Key Vault for secrets
• Basic alerts on RU throttling and availability
• Why this service was chosen:
• Rapid iteration with flexible JSON
• Easy operational model for a small team
• Predictable performance with modest RU/s
• Expected outcomes:
• Faster feature delivery without schema migrations
• Easy scaling as tenants grow
• Clear cost levers (RU/s, storage)

---

16. FAQ

1) Is Azure DocumentDB still a standalone Azure service?

Azure DocumentDB is a legacy name. The service evolved into Azure Cosmos DB, and the modern equivalent is typically Azure Cosmos DB for NoSQL (formerly the DocumentDB/SQL API). Verify the current naming in official docs: https://learn.microsoft.com/azure/cosmos-db/

2) Is Azure DocumentDB the same as AWS DocumentDB?

No. AWS DocumentDB is an AWS service (MongoDB-compatible). Azure DocumentDB refers to Microsoft’s document database lineage, now under Azure Cosmos DB.

3) What data model does Azure DocumentDB use?

JSON document model (items in containers). You choose a partition key to scale.

4) What is an RU (Request Unit)?

An RU is a normalized unit of cost for database operations. Reads, writes, and queries consume RU based on complexity, item size, indexing, and query patterns.

5) How do I choose a partition key?

Choose a key that: – Has high cardinality (many values) – Spreads workload evenly – Matches your most common access patterns (reads/writes by that key)

Test with real workloads; partition key mistakes are expensive to fix later.

6) Can I change a container’s partition key later?

Generally, no. Changing partition key typically requires creating a new container and migrating data.

7) Is indexing automatic?

For Cosmos DB for NoSQL, indexing is automatic by default, but you can customize the indexing policy to reduce RU costs or support specific query patterns.

8) What consistency level should I use?

Many applications start with Session consistency because it provides read-your-writes within a session while keeping good performance. Strong consistency may be needed for certain correctness requirements but can increase latency/cost and may constrain geo options. Verify current behavior in docs.

9) How does multi-region replication affect cost?

Additional regions typically multiply costs (replicated storage and potentially throughput). Only enable multi-region when you need it for latency or DR.

10) Is serverless available for Azure DocumentDB?

Azure Cosmos DB has a serverless option for some scenarios/regions. Availability and limits change over time—verify in official docs and pricing.

11) How do I secure Azure DocumentDB in production?

Common baseline: – Private Endpoint + disable public access – Entra ID RBAC (where supported) or Key Vault for keys – Firewall restrictions – Logging and alerts

12) What does “throttling” mean?

When requests exceed available RU/s, the service returns HTTP 429 (Too Many Requests). The SDK can retry, but you should also optimize queries and/or increase RU/s.

13) Can I run analytics directly on Azure DocumentDB?

You can query operationally, but for heavy analytics you usually export data to an analytics system (Data Lake, Synapse, Data Explorer). For Cosmos DB-specific analytics features, verify current offerings in official docs.

14) What’s the difference between database throughput and container throughput?

• Database throughput shares RU/s across containers in the database.
• Container throughput dedicates RU/s to a specific container. Choose based on workload predictability and isolation needs.

15) What are common reasons projects fail with Azure DocumentDB?

• Poor partition key design
• Unbounded cross-partition queries
• Over-indexing and large documents
• No cost monitoring/alerts
• Insecure public exposure

---

17. Top Online Resources to Learn Azure DocumentDB

Resource Type	Name	Why It Is Useful
Official documentation	Azure Cosmos DB documentation (formerly DocumentDB) — https://learn.microsoft.com/azure/cosmos-db/	Canonical docs for APIs, concepts, limits, and operational guidance
Official limits reference	Azure Cosmos DB service quotas and limits — https://learn.microsoft.com/azure/cosmos-db/concepts-limits	Prevents design surprises; essential for partitioning and sizing
Official pricing	Azure Cosmos DB pricing — https://azure.microsoft.com/pricing/details/cosmos-db/	Explains throughput/storage/network pricing dimensions
Pricing calculator	Azure Pricing Calculator — https://azure.microsoft.com/pricing/calculator/	Build region-specific, scenario-specific estimates
Quickstarts	Cosmos DB for NoSQL quickstarts — https://learn.microsoft.com/azure/cosmos-db/nosql/quickstart	Step-by-step labs for popular languages
Conceptual guide	Partitioning overview — https://learn.microsoft.com/azure/cosmos-db/partitioning-overview	Critical for scale, cost, and performance
Conceptual guide	Change feed overview — https://learn.microsoft.com/azure/cosmos-db/nosql/change-feed	Build event-driven solutions and projections
SDK reference	Azure Cosmos DB Python SDK (azure-cosmos) — https://learn.microsoft.com/azure/cosmos-db/nosql/sdk-python	Practical SDK usage, auth patterns, examples
Architecture center	Azure Architecture Center — https://learn.microsoft.com/azure/architecture/	Reference architectures and best practices (search for Cosmos DB patterns)
Official samples (GitHub)	Azure Cosmos DB samples — https://github.com/Azure-Samples	Code samples across languages (verify repo relevance to NoSQL)
Official .NET SDK repo	Azure Cosmos DB .NET SDK — https://github.com/Azure/azure-cosmos-dotnet-v3	Deep SDK diagnostics, performance tips, best practices
Official Java SDK repo	Azure Cosmos DB Java SDK — https://github.com/Azure/azure-sdk-for-java	Implementation details and examples for Java
Videos	Azure Cosmos DB videos (Microsoft channel) — https://www.youtube.com/@MicrosoftAzure	Product walkthroughs, architecture talks (search within channel)

---

18. Training and Certification Providers

The following are third-party training providers/platforms. Verify course outlines, trainers, and schedules on each website.

Institute	Suitable Audience	Likely Learning Focus	Mode	Website URL
DevOpsSchool.com	DevOps engineers, cloud engineers, platform teams	Azure fundamentals, DevOps practices, cloud operations; check for Cosmos DB/NoSQL modules	Check website	https://www.devopsschool.com/
ScmGalaxy.com	Developers, DevOps learners	SCM/DevOps training and tools; check for Azure database content	Check website	https://www.scmgalaxy.com/
CLoudOpsNow.in	Cloud ops practitioners	Cloud operations, monitoring, automation; check for Azure database operations	Check website	https://www.cloudopsnow.in/
SreSchool.com	SREs, reliability engineers	Reliability, observability, incident response; applying SRE to Azure services	Check website	https://www.sreschool.com/
AiOpsSchool.com	Ops teams, engineers adopting AIOps	AIOps concepts, monitoring automation; may complement Cosmos DB ops	Check website	https://www.aiopsschool.com/

---

19. Top Trainers

These sites are listed as training resources/platforms. Verify specialization and offerings directly.

Platform/Site	Likely Specialization	Suitable Audience	Website URL
RajeshKumar.xyz	Cloud/DevOps training content (verify specific Azure DocumentDB coverage)	Beginners to intermediate engineers	https://rajeshkumar.xyz/
devopstrainer.in	DevOps and cloud training (verify Azure database modules)	DevOps engineers and developers	https://www.devopstrainer.in/
devopsfreelancer.com	DevOps consulting/training resources (verify Cosmos DB focus)	Teams seeking hands-on help	https://www.devopsfreelancer.com/
devopssupport.in	DevOps support and training resources (verify Azure coverage)	Ops/SRE and support teams	https://www.devopssupport.in/

---

20. Top Consulting Companies

These organizations may offer consulting services. Validate capabilities, references, and scope directly with each company.

Company Name	Likely Service Area	Where They May Help	Consulting Use Case Examples	Website URL
cotocus.com	Cloud/DevOps consulting (verify Cosmos DB specialization)	Architecture reviews, migrations, ops enablement	Partition key review, cost optimization, private networking setup	https://cotocus.com/
DevOpsSchool.com	DevOps/cloud consulting and training	Cloud adoption, DevOps pipelines, reliability practices	CI/CD for Cosmos-based apps, monitoring/alerting setup, governance	https://www.devopsschool.com/
DEVOPSCONSULTING.IN	DevOps consulting (verify Azure database expertise)	Operational readiness, automation, security hardening	Secure Cosmos deployments, logging/observability pipelines, DR planning	https://devopsconsulting.in/

---

21. Career and Learning Roadmap

What to learn before Azure DocumentDB

• Azure fundamentals: subscriptions, resource groups, RBAC, VNets, private endpoints
• Basic database concepts: indexing, latency, throughput, replication
• JSON modeling and API development fundamentals
• Authentication basics: keys vs identity-based auth, Key Vault

What to learn after Azure DocumentDB

• Advanced data modeling for NoSQL (denormalization, write vs read optimization)
• Event-driven architecture using change feed + Azure Functions
• Observability: Azure Monitor, Log Analytics, alert tuning
• Security hardening: private networking, Entra ID RBAC, key rotation
• Migration strategies and performance testing

Job roles that use it

• Cloud engineer / platform engineer
• Backend engineer / API engineer
• DevOps engineer / SRE
• Solutions architect
• Security engineer (for secure-by-default deployments)
• Cost analyst / FinOps (RU sizing and cost governance)

Certification path (Azure)

Microsoft certifications change frequently. Commonly relevant tracks include: – Azure Fundamentals (AZ-900) – Azure Developer (AZ-204) – Azure Administrator (AZ-104) – Azure Solutions Architect (AZ-305)

Verify current certification details: https://learn.microsoft.com/credentials/

Project ideas for practice

1. Build a multi-tenant settings service (partition by tenantId) with RBAC and private endpoint.
2. Implement a change-feed-driven cache invalidation system for product catalog updates.
3. Cost lab: compare RU impact of different indexing policies on a write-heavy container.
4. Global read lab: deploy in two regions, test latency and failover behavior (carefully manage cost).
5. Implement optimistic concurrency with ETags for inventory updates.

---

22. Glossary

• Account (Cosmos DB account): The top-level Azure resource that hosts databases and containers for Azure DocumentDB (Cosmos DB for NoSQL).
• Database: Namespace containing containers.
• Container: Stores items; unit of partitioning and (often) throughput allocation.
• Item (Document): JSON record stored in a container.
• Partition key: JSON path used to distribute items across partitions (e.g., /customerId).
• Logical partition: All items sharing the same partition key value.
• Physical partition: Internal partition that stores one or more logical partitions.
• RU (Request Unit): Capacity currency for operations (reads/writes/queries).
• Provisioned throughput: RU/s allocated in advance (manual or autoscale).
• Serverless: Pay-per-request model (availability/limits vary—verify).
• Indexing policy: Configuration controlling what is indexed and how.
• TTL (Time to Live): Automatic expiration and deletion of items after a set time.
• Change feed: Ordered stream of changes within a container, used for event-driven processing.
• Consistency level: Defines how up-to-date reads are relative to writes (strong → eventual spectrum).
• ETag: Version identifier used for optimistic concurrency control.
• Private Endpoint: Private IP address in a VNet that connects to the service via Private Link.
• 429 throttling: “Too Many Requests” response when RU/s is exceeded.

---

23. Summary

Azure DocumentDB—now delivered as Azure Cosmos DB for NoSQL—is Azure’s managed JSON document database for scalable, low-latency operational workloads. It matters because it combines flexible schema with enterprise-grade operations: throughput controls (RU/s), automatic indexing, optional global distribution, and change feed for event-driven designs.

From a cost perspective, success depends on partition key design, query/index tuning, and choosing the right throughput model. From a security perspective, aim for private networking, least privilege, and modern identity approaches (Microsoft Entra ID where supported) rather than broad shared-key usage.

Use Azure DocumentDB when you need a document database that scales reliably with strong Azure integration; avoid it for deeply relational workloads better suited to SQL engines. Next, deepen your skills by mastering partitioning, RU-based performance tuning, and change feed patterns using the official Azure Cosmos DB documentation: https://learn.microsoft.com/azure/cosmos-db/