There is NOT a built-in defender policy that prevents users from creating public DNS zones.

Claudia Ferguson 91 Reputation points Microsoft Employee
2022-04-29T03:36:07.107+00:00

Hello all,
There is currently NOT a DEFENDER built-in policy that prevents users from creating public DNS zones. I’m wondering if you are aware of a policy or alternative method to prevent creation of new zones?

DNS Resource Locks are not an option for us. It causes issues downstream with Terraform.

Please advise

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
932 questions
0 comments No comments
{count} votes

Accepted answer
  1. Stanislav Zhelyazkov 25,311 Reputation points MVP
    2022-04-29T07:17:08.873+00:00

    Hi,
    You can use the built-in Not allowed resource types policy. When assigning it you can choose which resource type to not be allowed. In your case dnszones.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.