diff --git a/content/operate/rc/changelog/june-2025.md b/content/operate/rc/changelog/june-2025.md
new file mode 100644
index 000000000..bc06ad8b4
--- /dev/null
+++ b/content/operate/rc/changelog/june-2025.md
@@ -0,0 +1,19 @@
+---
+Title: Redis Cloud changelog (June 2025)
+alwaysopen: false
+categories:
+- docs
+- operate
+- rc
+description: New features, enhancements, and other changes added to Redis Cloud during
+ June 2025.
+highlights: Block public endpoints
+linktitle: June 2025
+weight: 28
+---
+
+## New features
+
+### Block public endpoints
+
+Users with Redis Cloud Pro databases can now choose to block public endpoints for all databases in their subscription. See [Block public endpoints]({{< relref "/operate/rc/security/database-security/block-public-endpoints" >}}) for more information.
diff --git a/content/operate/rc/databases/create-database/create-pro-database-new.md b/content/operate/rc/databases/create-database/create-pro-database-new.md
index a9937c9fd..ed864e076 100644
--- a/content/operate/rc/databases/create-database/create-pro-database-new.md
+++ b/content/operate/rc/databases/create-database/create-pro-database-new.md
@@ -123,6 +123,7 @@ The following settings are defined in the **Advanced options** of the **Setup**
| **Multi-AZ** | Determines if replication spans multiple Availability Zones, which provides automatic failover when problems occur. See [High Availability]({{< relref "/operate/rc/databases/configuration/high-availability" >}}). |
| **Allowed Availability Zones** | The availability zones for your selected region.
If you choose **Manual selection**, you must select at least one zone ID from the **Zone IDs** list. For more information, see [Availability zones]({{< relref "/operate/rc/databases/configuration/high-availability#availability-zones" >}}). |
| **Cloud account** | To deploy these databases to an existing cloud account, select it here. Use the **Add** button to add a new cloud account.
(Available only if [Redis Cloud Bring your own Cloud]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud" >}}) is enabled) |
+| **Public endpoint access** | Select whether or not to [block public endpoints]({{< relref "/operate/rc/security/database-security/block-public-endpoints" >}}) for all databases in the subscription. |
| **VPC configuration** | Select **In a new VPC** to deploy to a new [virtual private cloud](https://en.wikipedia.org/wiki/Virtual_private_cloud) (VPC).
To deploy these databases to an existing virtual private cloud, select **In existing VPC** and then set VPC ID to the appropriate ID value.
(Available only if [Redis Cloud Bring your own Cloud]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud" >}}) is enabled) |
| **Deployment CIDR** | The [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) range of IP addresses for your deployment. Redis creates a new [subnet](https://en.wikipedia.org/wiki/Subnetwork) for the **Deployment CIDR** in your [virtual private cloud](https://en.wikipedia.org/wiki/Virtual_private_cloud) (VPC). It cannot overlap with the CIDR ranges of other subnets used by your account.
For deployments in an existing VPC, the **Deployment CIDR** must be within your VPC's **primary** CIDR range (secondary CIDRs are not supported). |
| **Auto Tiering**| Determines if your databases are stored only in memory (RAM) or are split between memory and Flash storage (RAM+Flash). See [Auto Tiering]({{< relref "/operate/rs/databases/auto-tiering/" >}})|
diff --git a/content/operate/rc/security/database-security/block-public-endpoints.md b/content/operate/rc/security/database-security/block-public-endpoints.md
new file mode 100644
index 000000000..6cb1fcf03
--- /dev/null
+++ b/content/operate/rc/security/database-security/block-public-endpoints.md
@@ -0,0 +1,53 @@
+---
+Title: Block public endpoints
+alwaysopen: false
+categories:
+- docs
+- operate
+- rc
+description: Learn how to block the public endpoints of your databases.
+weight: 40
+---
+
+By default, you can connect to Redis Cloud databases through the database's public endpoint, or through the database's private endpoint with a private connectivity method.
+
+Public endpoints are accessible from the public internet and don't require a private connectivity method. While this makes Redis Cloud databases convenient to use, it also exposes the databases to potential unauthorized access or brute force attacks, even with a database password in place. Some organizations may want to block public access to their databases to comply with security policies or to better meet stringent compliance standards.
+
+Users with Redis Cloud Pro databases can choose to block public endpoints for all databases in their subscription.
+
+## Block public endpoints
+
+You can block public endpoints for a [new subscription](#new-subscription) or an [existing subscription](#existing-subscription).
+
+### New subscription
+
+To block the public endpoints when you [create a new Pro subscription]({{< relref "/operate/rc/databases/create-database/create-pro-database-new" >}}):
+
+1. Follow the instructions to [create a Pro database with custom settings]({{< relref "/operate/rc/databases/create-database/create-pro-database-new#custom-settings" >}}).
+1. On the **Setup** tab, go to **Advanced options > Security** to select persistent storage encryption options.
+1. Select **Block public endpoint** to block the public endpoint for all databases on the subscription.
+1. Select **Continue** to go to the [Sizing tab]({{< relref "/operate/rc/databases/create-database/create-pro-database-new#sizing-tab" >}}). Follow the instructions to provision your database(s).
+
+After you block the public endpoints for a new subscription, you will need to set up a [private connectivity method](#private-connectivity-methods) to connect to your databases.
+
+### Existing subscription
+
+For existing subscriptions, we recommend setting up a [private connectivity method](#private-connectivity-methods) to connect to your databases before blocking the private endpoint and migrating all connections to the private endpoint.
+
+To block the public endpoints of an existing Pro subscription:
+
+1. From the [Redis Cloud console](https://cloud.redis.io/), select the **Subscriptions** menu and then select your subscription from the list.
+1. Open the **Security** tab to view security settings.
+1. In the **Endpoint** section, select **Edit**.
+1. Select **Block public endpoint**.
+1. Select **Save** to save your changes.
+1. A window will appear asking you to confirm that blocking the public endpoint will reject clients connecting to the public endpoint. Select **I understand** and then **Block** to confirm.
+
+After your changes are saved, any incoming connections to the public endpoint of your database will be rejected.
+
+## Private connectivity methods
+
+Redis Cloud supports the following private connectivity options:
+- [VPC peering]({{< relref "/operate/rc/security/vpc-peering" >}})
+- [Google Cloud Private Service Connect]({{< relref "/operate/rc/security/private-service-connect" >}}) _(Google Cloud only)_
+- [AWS Transit Gateway]({{< relref "/operate/rc/security/aws-transit-gateway" >}}) _(AWS only)_
\ No newline at end of file
diff --git a/content/operate/rc/subscriptions/view-pro-subscription.md b/content/operate/rc/subscriptions/view-pro-subscription.md
index a343946ec..f8854a45b 100644
--- a/content/operate/rc/subscriptions/view-pro-subscription.md
+++ b/content/operate/rc/subscriptions/view-pro-subscription.md
@@ -41,6 +41,8 @@ In addition, three tabs are available:
3. The **Connectivity** tab lets you limit access to the subscription by defining a VPC peering or other connectivity options.
+4. The **Security** tab lets you set security settings for the databases in your subscription.
+
The following sections provide more info.
## **Databases** tab
@@ -122,3 +124,9 @@ Here, you can:
- Set up [Private Service Connect]({{< relref "/operate/rc/security/private-service-connect" >}}) (*Google Cloud only*) or [Transit Gateway]({{< relref "/operate/rc/security/aws-transit-gateway" >}}) (*AWS only*).
See the individual links to learn more.
+
+## **Security** tab
+
+The **Security** tab lets you set security settings for the databases in your subscription.
+
+Here, you can [block public endpoints]({{< relref "/operate/rc/security/database-security/block-public-endpoints" >}}) for all databases in the subscription.