You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/dns/dns-security-policy.md
+7-8Lines changed: 7 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,29 +17,28 @@ This article provides an overview of DNS security policy. Also see the following
17
17
18
18
> [!NOTE]
19
19
> DNS security policy is currently in PREVIEW.<br>
20
-
> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
20
+
> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.<br>
21
+
> Some [Requirements and restrictions](#requirements-and-restrictions) apply to DNS security policy during preview.
21
22
22
23
## What DNS security policy?
23
24
24
-
DNS security policy offers the ability to filter and log DNS queries at the virtual network (VNet) level. With DNS security policy you can:
25
+
DNS security policy offers the ability to filter and log DNS queries at the virtual network (VNet) level. Policy applies to both public and private DNS traffic within a VNet. DNS logs can be sent to a storage account, log analytics workspace, or event hubs. You can choose to allow, alert, or block DNS queries.
26
+
27
+
With DNS security policy you can:
25
28
- Create rules to protect against DNS-based attacks by blocking name resolution of known or malicious domains.
26
29
- Save and view detailed DNS logs to gain inside into your DNS traffic.
27
30
28
-
DNS security policy applies to both public and private DNS traffic within a VNet.
29
-
30
-
DNS logs can be sent to a storage account, log analytics workspace, or event hubs. You can choose to allow, alert, or block DNS queries.
31
-
32
31
A DNS security policy has the following associated elements and properties:
33
32
-**[Location](#location)**: The Azure region where the security policy is created and deployed.
34
33
-**[DNS traffic rules](#dns-traffic-rules)**: Rules that allow, block, or alert based on priority and domain lists.
35
34
-**[Virtual network links](#virtual-network-links)**: A link that associates the security policy to a VNet.
36
35
-**[DNS domain lists](#dns-domain-lists)**: Location-based lists of DNS domains.
37
36
38
-
DNS Security Policy can be configured using Azure PowerShell or the Azure portal.
37
+
DNS security policy can be configured using Azure PowerShell or the Azure portal.
39
38
40
39
## Location
41
40
42
-
A security policy can only apply to VNets in the same region. You can create any number of security policies in the same region. In the following example, two policies are created in each of two different regions (East US and Central US).
41
+
A security policy can only apply to VNets in the same region. You can create up to 10 security policies per region during preview. In the following example, two policies are created in each of two different regions (East US and Central US).
43
42
44
43
0 commit comments