Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
How can I restrict a Managed Service Identity (or any other) so that it can update named private DNS zones only? The role Private DNS Zone Contributor seems allowing access to all private DNS zones.
@Stephan Austermühle You can define Azure RBAC for a MSI at Private Zone Level or even at Record Set level. Please go through this link https://learn.microsoft.com/en-us/azure/dns/dns-protect-private-zones-recordsets#azure-role-based-access-control