Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.
For MySQL Single Server instances, follow the steps below:
In Azure Console -
In Terraform -
References:
https://learn.microsoft.com/en-us/azure/mysql/flexible-server/concepts-networking-public
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server#public_network_access_enabled