There is NOT a built-in defender policy that prevents users from creating public DNS zones.

Question

There is NOT a built-in defender policy that prevents users from creating public DNS zones.

Claudia Ferguson 81 Microsoft Employee

Hello all,
There is currently NOT a DEFENDER built-in policy that prevents users from creating public DNS zones. I’m wondering if you are aware of a policy or alternative method to prevent creation of new zones?

DNS Resource Locks are not an option for us. It causes issues downstream with Terraform.

Please advise

Answer 1

Stanislav Zhelyazkov 15,681 MVP

Hi,
You can use the built-in Not allowed resource types policy. When assigning it you can choose which resource type to not be allowed. In your case dnszones.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

There is NOT a built-in defender policy that prevents users from creating public DNS zones.

0 additional answers

Activity