Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.
To limit public access to a Cognitive Services account, a virtual network and firewall rules will need to be configured. The network can then be used by the Cognitive Services account. See the Azure Documentation for steps on creating and using virtual networks for Cognitive Services.
In Terraform -
References:
https://learn.microsoft.com/en-us/azure/cognitive-services/cognitive-services-virtual-networks?tabs=portal
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cognitive_account