AzInitiativeAdvertizer

last sync: 2024-Nov-25 18:54:43 UTC

Configure Azure PaaS services to use private DNS zones

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deploy-Private-DNS-Zones
Display nameConfigure Azure PaaS services to use private DNS zones
IdDeploy-Private-DNS-Zones
Version2.3.0
Details on versioning
CategoryNetwork
DescriptionThis policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 48
Builtin Policies: 48
Static Policies: 0
ALZ Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type
[Preview]: Configure Azure Recovery Services vaults to use private DNS zones 942bd215-1a66-44be-af65-6a1c0318dbe2 Site Recovery Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor Preview BuiltIn
[Preview]: Configure Recovery Services vaults to use private DNS zones for backup af783da1-4ad1-42be-800d-d19c70038820 Backup Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor Preview BuiltIn
Configure a private DNS Zone ID for blob groupID 75973700-529f-4de2-b794-fb9b6781b6b0 Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure a private DNS Zone ID for blob_secondary groupID d847d34b-9337-4e2d-99a5-767e5ac9c582 Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure a private DNS Zone ID for dfs groupID 83c6fe0f-2316-444a-99a1-1ecd8a7872ca Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure a private DNS Zone ID for dfs_secondary groupID 90bd4cb3-9f59-45f7-a6ca-f69db2726671 Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure a private DNS Zone ID for file groupID 6df98d03-368a-4438-8730-a93c4d7693d6 Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure a private DNS Zone ID for queue groupID bcff79fb-2b0d-47c9-97e5-3023479b00d1 Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure a private DNS Zone ID for queue_secondary groupID da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6 Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure a private DNS Zone ID for table groupID 028bbd88-e9b5-461f-9424-a1b63a7bee1a Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure a private DNS Zone ID for table_secondary groupID c1d634a5-f73d-4cdd-889f-2cc7006eb47f Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure a private DNS Zone ID for web groupID 9adab2a5-05ba-4fbd-831a-5bf958d04218 Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure a private DNS Zone ID for web_secondary groupID d19ae5f1-b303-4b82-9ca8-7682749faf0c Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure App Service apps to use private DNS zones b318f84a-b872-429b-ac6d-a01b96814452 App Service Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Arc Private Link Scopes to use private DNS zones 55c4db33-97b0-437b-8469-c4f4498f5df9 Azure Arc Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Automation accounts with private DNS zones 6dd01e4f-1be1-4e80-9d0b-d109e04cb064 Automation Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Cache for Redis to use private DNS zones e016b22b-e0eb-436d-8fd7-160c4eaed6e2 Cache Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Cognitive Search services to use private DNS zones fbc14a67-53e4-4932-abcc-2049c6706009 Search Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Databricks workspace to use private DNS zones 0eddd7f3-3d9b-4927-a07a-806e8ac9486c Azure Databricks Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Device Update for IoT Hub accounts to use private DNS zones a222b93a-e6c2-4c01-817f-21e092455b2a Internet of Things Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Contributor, Network Contributor GA BuiltIn
Configure Azure File Sync to use private DNS zones 06695360-db88-47f6-b976-7500d4297475 Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Network Contributor, Private DNS Zone Contributor GA BuiltIn
Configure Azure HDInsight clusters to use private DNS zones 43d6e3bd-fc6a-4b44-8b4d-2151d8736a11 HDInsight Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Key Vaults to use private DNS zones ac673a9a-f77d-4846-b2d8-a57f8e1c01d4 Key Vault Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Machine Learning workspace to use private DNS zones ee40564d-486e-4f68-a5ca-7a621edae0fb Machine Learning Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Managed Grafana workspaces to use private DNS zones 4c8537f8-cd1b-49ec-b704-18e82a42fd58 Managed Grafana Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Media Services to use private DNS zones b4a7f6c1-585e-4177-ad5b-c2c93f4bb991 Media Services Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Migrate resources to use private DNS zones 7590a335-57cf-4c95-babd-ecbc8fafeb1f Migrate Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Monitor Private Link Scope to use private DNS zones 437914ee-c176-4fff-8986-7e05eb971365 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Synapse workspaces to use private DNS zones 1e5ed725-f16c-478b-bd4b-7bfa2f7940b9 Synapse Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Virtual Desktop hostpool resources to use private DNS zones 9427df23-0f42-4e1e-bf99-a6133d841c4a Desktop Virtualization Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Virtual Desktop workspace resources to use private DNS zones 34804460-d88b-4922-a7ca-537165e060ed Desktop Virtualization Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Azure Web PubSub Service to use private DNS zones 0b026355-49cb-467b-8ac4-f777874e175a Web PubSub Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure BotService resources to use private DNS zones 6a4e6f44-f2af-4082-9702-033c9e88b9f8 Bot Service Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Cognitive Services accounts to use private DNS zones c4bc6f10-cb41-49eb-b000-d5ab82e2a091 Cognitive Services Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Container registries to use private DNS zones e9585a95-5b8c-4d03-b193-dc7eb5ac4c32 Container Registry Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure CosmosDB accounts to use private DNS zones a63cc0bd-cda4-4178-b705-37dc439d3e0f Cosmos DB Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure disk access resources to use private DNS zones bc05b96c-0b36-4ca9-82f0-5c53f96ce05a Compute Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Event Hub namespaces to use private DNS zones ed66d4f5-8220-45dc-ab4a-20d1749c74e6 Event Hub Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure IoT Hub device provisioning instances to use private DNS zones aaa64d2d-2fa3-45e5-b332-0b031b9b30e8 Internet of Things Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Contributor GA BuiltIn
Configure private DNS zones for private endpoints connected to App Configuration 7a860e27-9ca2-4fc6-822d-c2d248c300df App Configuration Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure private DNS zones for private endpoints that connect to Azure Data Factory 86cd96e1-1745-420d-94d4-d3f2fe415aa4 Data Factory Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Configure Service Bus namespaces to use private DNS zones f0fcf93c-c063-4071-9668-c47474bd3564 Service Bus Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Deploy - Configure Azure Event Grid domains to use private DNS zones d389df0a-e0d7-4607-833c-75a6fdac2c2d Event Grid Default
DeployIfNotExists
Allowed
deployIfNotExists, DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Deploy - Configure Azure Event Grid topics to use private DNS zones baf19753-7502-405f-8745-370519b20483 Event Grid Default
DeployIfNotExists
Allowed
deployIfNotExists, DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Deploy - Configure Azure IoT Hubs to use private DNS zones c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02 Internet of Things Default
DeployIfNotExists
Allowed
deployIfNotExists, DeployIfNotExists, disabled, Disabled		 2 Contributor, Network Contributor GA BuiltIn
Deploy - Configure IoT Central to use private DNS zones d627d7c6-ded5-481a-8f2e-7e16b1e6faf6 Internet of Things Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Contributor, Network Contributor GA BuiltIn
Deploy - Configure private DNS zones for private endpoints connect to Azure SignalR Service b0e86710-7fb7-4a6c-a064-32e9b829509e SignalR Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Deploy - Configure private DNS zones for private endpoints that connect to Batch accounts 4ec38ebc-381f-45ee-81a4-acbc4be878f8 Batch Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Network Contributor GA BuiltIn
Roles used
Total Roles usage: 52
Total Roles unique usage: 3
Role Role Id Policies count Policies
Private DNS Zone Contributor b12aa53e-6015-4669-85d0-8515ebb3ae7f 1 Configure Azure File Sync to use private DNS zones
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c 4 Configure Azure Device Update for IoT Hub accounts to use private DNS zones, Configure IoT Hub device provisioning instances to use private DNS zones, Deploy - Configure Azure IoT Hubs to use private DNS zones, Deploy - Configure IoT Central to use private DNS zones
Network Contributor 4d97b98b-1d4f-4787-a291-c67834d212e7 47 [Preview]: Configure Azure Recovery Services vaults to use private DNS zones, [Preview]: Configure Recovery Services vaults to use private DNS zones for backup, Configure a private DNS Zone ID for blob groupID, Configure a private DNS Zone ID for blob_secondary groupID, Configure a private DNS Zone ID for dfs groupID, Configure a private DNS Zone ID for dfs_secondary groupID, Configure a private DNS Zone ID for file groupID, Configure a private DNS Zone ID for queue groupID, Configure a private DNS Zone ID for queue_secondary groupID, Configure a private DNS Zone ID for table groupID, Configure a private DNS Zone ID for table_secondary groupID, Configure a private DNS Zone ID for web groupID, Configure a private DNS Zone ID for web_secondary groupID, Configure App Service apps to use private DNS zones, Configure Azure Arc Private Link Scopes to use private DNS zones, Configure Azure Automation accounts with private DNS zones, Configure Azure Cache for Redis to use private DNS zones, Configure Azure Cognitive Search services to use private DNS zones, Configure Azure Databricks workspace to use private DNS zones, Configure Azure Device Update for IoT Hub accounts to use private DNS zones, Configure Azure File Sync to use private DNS zones, Configure Azure HDInsight clusters to use private DNS zones, Configure Azure Key Vaults to use private DNS zones, Configure Azure Machine Learning workspace to use private DNS zones, Configure Azure Managed Grafana workspaces to use private DNS zones, Configure Azure Media Services to use private DNS zones, Configure Azure Migrate resources to use private DNS zones, Configure Azure Monitor Private Link Scope to use private DNS zones, Configure Azure Synapse workspaces to use private DNS zones, Configure Azure Virtual Desktop hostpool resources to use private DNS zones, Configure Azure Virtual Desktop workspace resources to use private DNS zones, Configure Azure Web PubSub Service to use private DNS zones, Configure BotService resources to use private DNS zones, Configure Cognitive Services accounts to use private DNS zones, Configure Container registries to use private DNS zones, Configure CosmosDB accounts to use private DNS zones, Configure disk access resources to use private DNS zones, Configure Event Hub namespaces to use private DNS zones, Configure private DNS zones for private endpoints connected to App Configuration, Configure private DNS zones for private endpoints that connect to Azure Data Factory, Configure Service Bus namespaces to use private DNS zones, Deploy - Configure Azure Event Grid domains to use private DNS zones, Deploy - Configure Azure Event Grid topics to use private DNS zones, Deploy - Configure Azure IoT Hubs to use private DNS zones, Deploy - Configure IoT Central to use private DNS zones, Deploy - Configure private DNS zones for private endpoints connect to Azure SignalR Service, Deploy - Configure private DNS zones for private endpoints that connect to Batch accounts
History none
JSON compare
compare mode: version left: version right:
JSON
EPAC