How to restrict Private DNS updates to named zones?

Stephan Austermühle 21 Reputation points
2022-01-29T17:15:52.727+00:00

How can I restrict a Managed Service Identity (or any other) so that it can update named private DNS zones only? The role Private DNS Zone Contributor seems allowing access to all private DNS zones.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,682 questions
Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
417 questions
Accepted answer
  1. Vidya Narasimhan 2,186 Reputation points Microsoft Employee
    2022-01-30T16:47:40.907+00:00

    @Stephan Austermühle You can define Azure RBAC for a MSI at Private Zone Level or even at Record Set level. Please go through this link https://learn.microsoft.com/en-us/azure/dns/dns-protect-private-zones-recordsets#azure-role-based-access-control

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest