Michele Blum

Azure DNS vs. DNS in Microsoft 365: A Comprehensive Guide

Introduction

Public DNS services are crucial for efficient web traffic management and domain hosting. Many organizations host their public DNS records via Cloudflare or their domain registrar. But there are two powerful offerings from Microsoft: Azure DNS and DNS services in Microsoft 365. This post will delve into their features, differences, pricing, setup processes, and access management to help you make the right choice for your organization.

What is Azure DNS?

Azure DNS is a hosting service on the Microsoft Azure infrastructure for DNS domains and name resolutions. With Azure DNS, you manage your DNS zones and records using Azure’s global infrastructure, ensuring high availability and low latency.

Key Features:

  • Globally distributed: Ensures fast DNS resolution due to its vast network of DNS servers.
  • Full Integration with Azure: Seamlessly works with Azure services.
  • DNS Management through Azure Portal: Allows you to manage DNS zones and records via the Azure portal.
  • Security: Supports DNSSEC (Domain Name System Security Extensions) for data integrity.

What is DNS in Microsoft 365?

DNS in Microsoft 365 refers to the DNS services provided for organizations using Microsoft 365 Admin Center. This includes managing custom domains associated with Microsoft 365 services like Exchange Online, SharePoint, Teams. There, you have the opportunity to manage your DNS zone completely via the Microsoft 365 Admin Center.

Key Features:

  • Domain Management: Simplifies domain setup for Microsoft 365 services.
  • Automatic Record Configuration: Provides easy setup of MX, CNAME, and TXT records needed for Microsoft 365.
  • Guidance for DNS Configuration: Step-by-step guides to configure your domain.

Key Differences between Azure DNS and DNS in Microsoft 365

Feature Azure DNS DNS in Microsoft 365
Primary Use Case General DNS hosting for any domain (private and public DNS zones) Simplified public DNS hosting
Management Interface Azure portal, PowerShell, REST APIs Microsoft 365 Admin Center
DNS Management Features Advanced features (for example DNSSEC) Basic DNS records
Global Reach Region of hosting can be chosen upon creation Globally distributed; No specific location
Pricing Structure Pay-as-you-go (zone and queries) Included with Microsoft 365 plans

Service Level Agreements (SLA)

Azure DNS:

Azure DNS offers an SLA of 100% availability for Azure DNS zones, ensuring that your DNS records are consistently available and reliable.

DNS in Microsoft 365:

Microsoft 365 does not specify a separate SLA for its DNS services as it is part of the overall service availability for Microsoft 365, which has its SLAs depending on the specific service (e.g., Exchange Online has a 99.9% uptime SLA).

Pricing

Azure DNS Pricing:

  • DNS Zones: Charged per zone per month (approximately $0.50 per zone).
  • DNS Queries: Charged per million queries ($0.40 per one million queries per month).

Microsoft 365 DNS Pricing:

There is no additional cost for DNS management for custom domains as it is included in the Microsoft 365 plans ( e.g. Business or Enterprise plans).

How to Set Up

Setting Up Azure DNS:

  1. Create an Azure account if you don’t have one.
  2. Create a Subscription if you don’t have one.
  3. Create a Resource Group if you don’t have one.
  4. Search the Azure Portal for “Azure DNS”. The “Private DNS zone” is for the private DNS resolution inside a virtual network.
  5. Create a DNS Zone: Click on Create, choose the right Subscription and Resource Group and specify the name of the domain. Further, you can select where (Azure location) to host the DNS zone (e.g. Switzerland North). Moreover, you have the opportunity to create a child domain of an already existing domain (e.g. test.duo-infernale.ch).
  6. Add DNS Records: Use the portal to add necessary records (A, CNAME, MX, etc.).
  7. Update Registrar: Update your domain registrar to point to Azure DNS name servers.

Setting Up DNS in Microsoft 365:

  1. Add a Custom Domain: Go to “Setup” and choose “Domains,” then select “Add domain.”
  2. Setup Your Domain: Enter your Domain name.
  3. Follow the prompt to verify domain ownership: This involves adding a TXT record to the DNS zone where it’s currently hosted if it hasn’t been added yet. Make sure your hosting provider is set to “Other.” Microsoft’s instructions will provide the specific value you need to enter for the TXT record.
  4. Configure DNS Records: After you have verified your ownership of the domain, choose to “Set up my online services for me.” This setting allows Microsoft 365 DNS to manage your DNS hosting.
  5. Choose Your Services: After choosing the DNS record configuration, you can check or uncheck the Microsoft Services you want to use. By checking the service, Microsoft will automatically set up the DNS records for those services.
  6. Add Your DNS Records: In the next step, you can add your specific DNS records or import a whole zone file. Check that all records match what is required for the services you’ve selected.
  7. Update Your Nameserver: After configuring your domain’s records, you may need to update your nameserver records at your domain registrar to point to Microsoft’s nameservers. Get the nameserver information from Microsoft provided during the setup. Log into your domain registrar’s account and find the option to manage nameservers, replacing the existing nameservers with Microsoft’s.
  8. Finish the Setup: Confirm that the setup sounds correct and complete. You will usually get a confirmation message from Microsoft indicating that your domain setup was successful

Role-Based Access Control (RBAC) and Identity and Access Management (IAM)

Azure DNS

Key Roles for Azure DNS

  1. DNS Zone Contributor: Grants permission to manage DNS zones and records but does not allow management of the DNS zone itself. This role is suitable for users who need to create and manage records without changing broader zone settings.

  2. DNS Zone Reader: The least privileged role for Azure DNS. This role allows users to read the DNS zones and records without permissions to modify them.

  3. Owner Role: Provides full access to all resources, including the ability to assign roles to others. Use this role sparingly due to its extensive privileges.

Least Privileged Role Recommendation

  • The DNS Zone Reader role should be the default for users who do not require modification access, ensuring compliance with the principle of least privilege.

Microsoft 365 DNS

Key Roles for Microsoft 365 DNS

  1. Global Administrator: This role has full access to all features and settings across Microsoft 365, including DNS management. It is the most powerful role and should be granted sparingly.

  2. Domain Name Administrator: This role can manage (read, add, verify, update, and delete) domain names. 

Least Privileged Role Recommendation

  • While there isn’t a direct equivalent to the DNS Zone Reader role in Microsoft 365, consider assigning the Domain Name Administrator role for users who need to set up and manage domains without broader administrative rights.

Conclusion

Deciding between Azure DNS and DNS services in Microsoft 365 depends largely on your organization’s needs. Azure DNS is ideal for general-purpose DNS management with advanced features, while DNS in Microsoft 365 is more integrated and streamlined for email and collaboration services specific to Microsoft 365 users. If you ask me, I would go with Azure DNS because of the SLA and the more advanced features.

Sources:

You might also like
Tags: Microsoft, Microsoft 365, Microsoft Azure, Microsoft Entra, RBAC

More Similar Posts

This website uses cookies to improve your experience. If you continue to use this site, you agree with it.