AzPolicyAdvertizer

last sync: 2025-Jun-13 17:23:19 UTC

Configure App Service apps to use private DNS zones with corresponding domain suffix

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy ceb2837a-37cc-4210-b801-e7ab055dc14f (1.0.0) to Azure
Display name Configure App Service apps to use private DNS zones with corresponding domain suffix
Id ceb2837a-37cc-4210-b801-e7ab055dc14f
Version 1.0.0
Details on versioning
Category App Service
Microsoft Learn
Description Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone links a virtual network to an App Service. This policy deploys the DNS zone configuration to the private DNS zone that corresponds with the domainsuffix of the app (either azurewebsites.net or appserviceenvironment.net).
Mode All
Type Custom Community
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Network Contributor 4d97b98b-1d4f-4787-a291-c67834d212e7
Rule aliases IF (3)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*] Microsoft.Network privateEndpoints properties.privateLinkServiceConnections[*] True False
Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*] Microsoft.Network privateEndpoints properties.privateLinkServiceConnections[*].properties.groupIds[*] True False
Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId Microsoft.Network privateEndpoints properties.privateLinkServiceConnections[*].properties.privateLinkServiceId True False
Rule resource types IF (2)
Microsoft.Network/privateEndpoints
Microsoft.Web/sites
THEN-Deployment (1)
Microsoft.Network/privateEndpoints/privateDnsZoneGroups
JSON
EPAC
Deploy policy ceb2837a-37cc-4210-b801-e7ab055dc14f (1.0.0) to Azure