How to restrict Private DNS updates to named zones?

Stephan Austermühle 21 Reputation points
2022-01-29T17:15:52.727+00:00

How can I restrict a Managed Service Identity (or any other) so that it can update named private DNS zones only? The role Private DNS Zone Contributor seems allowing access to all private DNS zones.

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
592 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,368 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vidya Narasimhan 2,201 Reputation points Microsoft Employee
    2022-01-30T16:47:40.907+00:00

    @Stephan Austermühle You can define Azure RBAC for a MSI at Private Zone Level or even at Record Set level. Please go through this link https://learn.microsoft.com/en-us/azure/dns/dns-protect-private-zones-recordsets#azure-role-based-access-control


0 additional answers

Sort by: Most helpful