Logo of Trend Micro
Use the Knowledge Base AI to help improve your Cloud Posture

Check for MongoDB Version

Trend Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1100 automated best practice checks.

Risk Level: Low (generally tolerable level of risk)

Ensure that your Microsoft Azure Cosmos DB for MongoDB accounts are using the major version of MongoDB database in order to receive new or enhanced features and the most recent security fixes.

Security
Reliability
Performance
efficiency

The MongoDB project regularly issues new releases that can be available to Microsoft Azure cloud customers. Using the latest version of MongoDB for your Azure Cosmos DB accounts helps improve security, performance, and feature availability. It mitigates vulnerabilities, enhances efficiency, and provides access to the latest database capabilities and compliance with best practices.

Audit

To determine if your Azure Cosmos DB for MongoDB accounts are using the latest version of MongoDB database, perform the following operations:

Using Azure Portal

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equalls all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Azure Cosmos DB for MongoDB for Value, then choose Apply to list the Azure Cosmos DB accounts available in the selected subscription.

05 Click on the name (link) of the Azure Cosmos DB for MongoDB account that you want to examine.

06 In the resource navigation panel, choose Overview to access the general configuration information available for the selected Cosmos DB account.

07 In the Essentials section, check the MongoDB version attribute value to determine the MongoDB database version configured for your Cosmos DB account. If the configured version is older than the latest one supported by the Azure Cosmos DB for MongoDB service, the selected Azure Cosmos DB account is not using the latest version of the MongoDB database.

08 Repeat steps no. 5 – 7 for each Azure Cosmos DB account available in the selected subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created within your Microsoft Azure cloud account.

Using Azure CLI

01 Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account: 

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs): 

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

03 Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to examine as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output): 

az account set
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 Run cosmosdb mongocluster list command (Windows/macOS/Linux) with custom query filters to list the name and the associated resource group for each Azure Cosmos DB for MongoDB account available in the selected subscription: 

az cosmosdb mongocluster list
	--output table
	--query '[*].{name:name, resourceGroup:resourceGroup}'

05 The command output should return the requested Cosmos DB account identifiers: 

Name                          ResourceGroup
---------------------------   ------------------------------
cc-project5-cosmos-database   cloud-shell-storage-westeurope
cc-cosmos-mongodb-account     cloud-shell-storage-westeurope

06 Run az cosmosdb mongocluster show command (Windows/macOS/Linux) with the name of the Azure Cosmos DB for MongoDB account that you want to examine as the identifier parameter and custom output filters to describe the MongoDB database version configured for the selected Cosmos DB account: 

az cosmosdb mongocluster show
	--cluster-name cc-project5-cosmos-database
	--resource-group cloud-shell-storage-westeurope
	--query 'properties.serverVersion'

07 The command output should return the MongoDB database version configured for the selected resource: 

"5.0"

If the MongoDB version returned by the cosmosdb mongocluster show command output is older than the latest one supported by the Azure Cosmos DB for MongoDB service, the selected Azure Cosmos DB account is not using the latest version of the MongoDB database.

08 Repeat steps no. 6 and 7 for each Azure Cosmos DB account available within the selected Azure subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created in your Microsoft Azure cloud account.

Remediation / Resolution

To ensure that your Microsoft Azure Cosmos DB for MongoDB accounts are using the latest MongoDB database version, perform the following operations:

Upgrading MongoDB database version for Azure Cosmos DB for MongoDB accounts using Azure Management Console (Azure Portal) is not currently supported.

Using Azure CLI

01 Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account: 

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs): 

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

03 Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to examine as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output): 

az account set
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 Run az cosmosdb mongocluster update command (Windows/macOS/Linux) with the name of the Azure Cosmos DB for MongoDB account that you want to configure as the identifier parameter, to upgrade the selected Cosmos DB account to the latest MongoDB version supported by Azure Cosmos DB for MongoDB: 

az cosmosdb mongocluster update
	--cluster-name cc-project5-cosmos-database
	--resource-group cloud-shell-storage-westeurope
	--server-version 8.0

05 The command output should return the configuration information available for the modified resource: 

{
	"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.DocumentDB/mongoClusters/cc-project5-cosmos-database",
	"location": "westeurope",
	"name": "cc-project5-cosmos-database",
	"properties": {
		"clusterStatus": "Ready",
		"createMode": null,
		"earliestRestoreTime": "2025-05-14T09:26:41Z",
		"infrastructureVersion": "2.0",
		"nodeGroupSpecs": [
			{
				"diskSizeGb": 32,
				"enableHa": false,
				"kind": "Shard",
				"name": "",
				"nodeCount": 1,
				"sku": "M10"
			}
		],
		"privateEndpointConnections": [],
		"provisioningState": "Succeeded",
		"publicNetworkAccess": "Enabled",
		"replica": {
			"replicationState": "Active",
			"role": "Primary"
		},
		"restoreParameters": null,
		"serverVersion": "8.0"
	},
	"resourceGroup": "cloud-shell-storage-westeurope",
	"tags": {},
	"type": "Microsoft.DocumentDB/mongoClusters"
}

06 Repeat steps no. 4 and 5 for each Azure Cosmos DB account that you want to upgrade, available within the selected subscription.

07 Repeat steps no. 3 – 6 for each Azure subscription created within your Microsoft Azure cloud account.

References

Publication date May 28, 2025

Related CosmosDB rules