Exclude Public IP addresses in Azure DDOS network protection
Azure DDOS network protection provides security for services deployed in virtual networks against volumetric attacks by way of always-on traffic monitoring and adaptive real time tuning. This may be achieved by applying DDOS protection plans to the different virtual networks in the different architectural tiers such as the Hub and Spoke network, Windows N-tier and Paas Web App architectures.
Management of Azure services involves careful planning around available resources. One capability that is often requested by Azure DDoS protection customers is the ability to exclude certain public IP addresses from the protection plan to accommodate their prioritized workloads. For instance, public IPs attached to services in hybrid networking may be protected by DDoS plans in the hub or in the spoke virtual network depending on the type of architecture in use and the Public IP tier. A security administrator might also opt to use a DDoS IP protection SKU for certain workloads over DDoS Network protection.
The ability to exclude certain public addresses from the DDOS network protection plan is now available to customers. A security administrator can take advantage of this feature to enable or disable DDOS protection on specified public IP addresses in their virtual network. To use this feature,
- Log on to Azure Portal through https://preview.portal.azure.com (This is only available in the Preview portal at this time.)
- Go to the Public IP resource
- Confirm Public IP SKU is Standard. (Available for Standard Public IP SKU)
- On the Overview page, Click Protect (Protect IP address)
Configure the public IP DDOS protection status using the options as shown below. When disabled, a notification on the current safety status of your network resources with be displayed. Note that “Disable” option will only work in regions where IP Protection SKU is available.
For more updates and announcement on Azure DDoS protection or Azure Network Security products, subscribe to the announcement channel via Azure blog
Resources:
What’s new in Azure Network Security at Microsoft Ignite 2022 - Microsoft Community Hub
Public preview: IP Protection SKU for Azure DDoS Protection | Azure updates | Microsoft Azure
Azure DDoS Protection Overview | Microsoft Learn
Published on:
Learn moreRelated posts
IntelePeer supercharges its agentic AI platform with Azure Cosmos DB
Reducing latency by 50% and scaling intelligent CX for SMBs This article was co-authored by Sergey Galchenko, Chief Technology Officer, Intele...
From Real-Time Analytics to AI: Your Azure Cosmos DB & DocumentDB Agenda for Microsoft Ignite 2025
Microsoft Ignite 2025 is your opportunity to explore how Azure Cosmos DB, Cosmos DB in Microsoft Fabric, and DocumentDB power the next generat...
Episode 414 – When the Cloud Falls: Understanding the AWS and Azure Outages of October 2025
Welcome to Episode 414 of the Microsoft Cloud IT Pro Podcast.This episode covers the major cloud service disruptions that impacted both AWS an...
Now Available: Sort Geospatial Query Results by ST_Distance in Azure Cosmos DB
Azure Cosmos DB’s geospatial capabilities just got even better! We’re excited to announce that you can now sort query results by distanc...
Query Advisor for Azure Cosmos DB: Actionable insights to improve performance and cost
Azure Cosmos DB for NoSQL now features Query Advisor, designed to help you write faster and more efficient queries. Whether you’re optimizing ...
Azure Developer CLI: Azure Container Apps Dev-to-Prod Deployment with Layered Infrastructure
This post walks through how to implement “build once, deploy everywhere” patterns using Azure Container Apps with the new azd publ...