Permissions required in Azure DNS

You must configure certain permissions in Azure before synchronization with Universal DDI. Synchronizing Azure DNS without configuring these permissions may cause errors.

The following permissions are required in Azure for synchronization:

DNS Zone Contributor: Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. For more information, see DNS Zone Contributor.
Private DNS Zone Contributor: Lets you manage private DNS zone resources, but not the virtual networks they are linked to. For more information, see Private DNS Zone Contributor.
Manage Resource Groups:
- Enable write access for the following:
  - Microsoft.Resources/subscriptions/resourceGroups/write
  - Microsoft.Resources/subscriptions/resourceGroups/delete
- Information about Creating a resource group is available at Create Resource Groups.
- RestAPI information about creating resource groups is available at Resource Groups - Create or Update.
Minimum required permissions to create App Registration is available at Cloud Application Administrator.
Prerequisites for App Registration is available at Prerequisites.

The following permissions are required for cloud forwarding:

{
    "Name": "Custom DNS Resolver Full Management",
    "IsCustom": true,
    "Description": "Allows full management of DNS Resolver resources, including rules and virtual network links.",
    "permissions": [
           {
               "actions": [
                   "Microsoft.Network/dnsResolvers/read",
                   "Microsoft.Network/dnsResolvers/write",
                   "Microsoft.Network/dnsResolvers/delete",
                   "Microsoft.Network/dnsResolvers/outboundEndpoints/read",
                   "Microsoft.Network/dnsResolvers/outboundEndpoints/write",
                   "Microsoft.Network/dnsResolvers/outboundEndpoints/delete",
                   "Microsoft.Network/dnsResolvers/outboundEndpoints/join/action",
                   "Microsoft.Network/dnsForwardingRulesets/read",
                   "Microsoft.Network/dnsForwardingRulesets/write",
                   "Microsoft.Network/dnsForwardingRulesets/delete",
                   "Microsoft.Network/dnsForwardingRulesets/join/action",
                   "Microsoft.Network/dnsForwardingRulesets/forwardingRules/read",
                   "Microsoft.Network/dnsForwardingRulesets/forwardingRules/write",
                   "Microsoft.Network/dnsForwardingRulesets/forwardingRules/delete",
                   "Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks/read",
                   "Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks/write",
                   "Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks/delete",
                   "Microsoft.Network/virtualNetworks/read"
                   "Microsoft.Network/virtualNetworks/listDnsResolvers/action",
                   "Microsoft.Network/virtualNetworks/subnets/read",
                   "Microsoft.Network/virtualNetworks/subnets/join/action",                                                                                                                                                                ],
               "notActions": [],
               "dataActions": [],
               "notDataActions": []
           }
       ]
   }