Enterprise-Scale icon indicating copy to clipboard operation
Enterprise-Scale copied to clipboard
verified publisher icon Azure

[Policy]: Configure databases to use private DNS zones

Open Nadia-hansen opened this issue 4 months ago • 2 comments

Policy Definition or Initiative

Definition

Built-in/Custom

Built-in

Built-in policy definition or initiative ID

Custom policy definition or initiative description

A policy that Configure Azure PaaS services to use private DNS zones for databases. There is missing a policy for privatelink.database.windows.net

Scope

Intermediate Root

Default Assignment

  • [x] Yes

Comments/thoughts

No response

Nadia-hansen avatar Dec 02 '25 09:12 Nadia-hansen

@Nadia-hansen thanks for reporting. Unfortunately, there are no built-in policies available to configure database Private DNS Zones at this time. We have taken the strategic decision to use built-in policies only - we no longer create custom policies as the overhead is high on our small team. Thank you for your understanding.

Springstone avatar Dec 08 '25 10:12 Springstone

What Enterprise-Scale do provide is a Generic policy definition that you should be able to use for SQL

https://github.com/Azure/Enterprise-Scale/blob/main/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Generic.json

MikaelJcSoderberg avatar Dec 10 '25 08:12 MikaelJcSoderberg