Skip to content
Ticket Portal
  • There are no suggestions because the search field is empty.

Microsoft Azure DNS Integartion

Link your Azure DNS account to effortlessly manage your DMARC, SPF, and other email authentication records right from the EasyDMARC dashboard. This integration streamlines the entire process, removing the need for manual updates in the Azure portal and ensuring your records are always accurately configured for maximum security and deliverability.

To enable EasyDMARC to automatically manage the DNS records required for your email security configurations (DMARC, SPF, etc.), you need to grant our application permission to access your Azure DNS zones. This is a secure, two-step process that you control completely.

1. Grant Consent: An administrator must first grant consent, which allows the EasyDMARC application identity to exist within your Azure environment.

2. Assign Permissions: You then assign specific, limited permissions to that application identity, granting it the ability to manage records only in the DNS zones you specify.

Step 1: The Consent and Authorization Process

This initial step creates a secure link between your EasyDMARC account and your Azure tenant.

1. Log in to your EasyDMARC dashboard and navigate to the Azure DNS integration page.

2. Click the "Connect to Microsoft Azure" button. You will be redirected to a Microsoft sign-in page.

3. Sign in using an account with administrative privileges in your Microsoft Entra ID. The required roles are Global Administrator, Application Administrator, or Cloud Application Administrator.

4. After signing in, you will see a permissions request prompt. This prompt will detail the application name ("EasyDMARC DNS Integration") and the publisher. Look for the blue "Verified" badge, which confirms the application's authenticity. 

5. Review the requested permissions and click "Accept".

6. You will be redirected back to the EasyDMARC dashboard. The connection status should now indicate that consent has been granted and is "Awaiting Permissions".

Step 2: Assigning DNS Permissions via Azure RBAC

Consenting to the application creates its identity but grants it no rights to manage resources. You must now explicitly assign those rights using Azure Role-Based Access Control (RBAC). The principle of least privilege dictates that permissions should be granted only at the scope necessary. We recommend assigning permissions at the individual DNS Zone level.

Using the Azure Portal

This is the most straightforward method for assigning permissions.

1. Sign in to the Azure Portal.

2. Navigate to the specific DNS zone you wish to manage through EasyDMARC (e.g., yourdomain.com). If you want to manage multiple zones within the same resource group, you can perform these steps at the Resource Group level.

3. In the left-hand menu of the DNS zone or resource group, select Access control (IAM).

4. Click the + Add button at the top of the page, then select Add role assignment

5. In the Role tab, search for and select the "DNS Zone Contributor" role. This role provides the necessary permissions to manage DNS records. (For advanced users looking for more granular control, please see our guide on creating a custom role).

6. Click Next to proceed to the Members tab.

7. Ensure Assign access to is set to User, group, or service principal.

8. Click on + Select members. A side panel will open.

9. In the search box, type "EasyDMARC DNS Integration". The application you consented to in Step 1 should appear.

10. Select the application and click the Select button at the bottom of the panel.

11. Click Review + assign, and then click Review + assign again to confirm.

The role assignment is now complete. It may take a few minutes for the permissions to propagate.

Step 3: Verifying the Integration

1. Return to the EasyDMARC dashboard. The connection status should now show as "Connected".

2. To confirm in Azure, navigate back to the Access control (IAM) page for your DNS Zone and click on the Role assignments tab. You should see the "EasyDMARC DNS Integration" application listed with the "DNS Zone Contributor" role.

Your integration is now complete. EasyDMARC can securely manage the necessary DNS records to protect your domain.

In case of any questions feel free to reach out to EasyDMARC's Support team!