Exclude Public IP addresses in Azure DDOS network protection

Exclude Public IP addresses in Azure DDOS network protection

Azure DDOS network protection provides security for services deployed in virtual networks against volumetric attacks by way of always-on traffic monitoring and adaptive real time tuning. This may be achieved by applying DDOS protection plans to the different virtual networks in the different architectural tiers such as the Hub and Spoke network, Windows N-tier and Paas Web App architectures.

Management of Azure services involves careful planning around available resources. One capability that is often requested by Azure DDoS protection customers is the ability to exclude certain public IP addresses from the protection plan to accommodate their prioritized workloads. For instance, public IPs attached to services in hybrid networking may be protected by DDoS plans in the hub or in the spoke virtual network depending on the type of architecture in use and the Public IP tier. A security administrator might also opt to use a DDoS IP protection SKU for certain workloads over DDoS Network protection.


The ability to exclude certain public addresses from the DDOS network protection plan is now available to customers. A security administrator can take advantage of this feature to enable or disable DDOS protection on specified public IP addresses in their virtual network. To use this feature,

  1. Log on to Azure Portal through https://preview.portal.azure.com (This is only available in the Preview portal at this time.)
  2. Go to the Public IP resource
  3. Confirm Public IP SKU is Standard. (Available for Standard Public IP SKU)
  4. On the Overview page, Click Protect (Protect IP address)




Configure the public IP DDOS protection status using the options as shown below. When disabled, a notification on the current safety status of your network resources with be displayed. Note that “Disable” option will only work in regions where IP Protection SKU is available.





For more updates and announcement on Azure DDoS protection or Azure Network Security products, subscribe to the announcement channel via Azure blog



What’s new in Azure Network Security at Microsoft Ignite 2022 - Microsoft Community Hub 

Public preview: IP Protection SKU for Azure DDoS Protection | Azure updates | Microsoft Azure 

Azure DDoS Protection Overview | Microsoft Learn 


Published on:

Learn more
Azure Network Security Blog articles
Azure Network Security Blog articles

Azure Network Security Blog articles

Share post:

Related posts

Announcing the stable release of Azure Event Grid Namespaces HTTP client libraries

This post announces stable release of the HTTP Azure Event Grid Namespaces client libraries in .NET, Java, JavaScript, Python, and Go. The pos...

4 hours ago

Portal extension for Azure Firewall with DDoS protection

Introduction In the ever-evolving landscape of network security, Azure Firewall has emerged as a key player. As a managed, cloud-based network...

9 hours ago

Generative AI with Azure Cosmos DB

Leverage Azure Cosmos DB for generative AI workloads for automatic scalability, low latency, and global distribution to handle massive data vo...

17 hours ago

Enhancing Document Extraction with Azure AI Document Intelligence and LangChain for RAG Workflows.

Overview. The broadening of conventional data engineering pipelines and applications to include document extraction and preprocessing for ...

18 hours ago

Azure Capacity Reservations with Automatic Consumption

Solving the ask – Automatic Capacity Reservations Historically, the setting to use a Capacity Reservations Groups must be defined while the vi...

1 day ago

Announcing Preview of New Azure Dlsv6, Dsv6, Esv6 VMs with new CPU, Azure Boost, and NVMe Support

Co-authored by Andy Jia, Principal Product Manager, and Misha Bansal, Technical Program Manager, Azure Compute   We are thrilled to annou...

2 days ago

Comparing feature sets for AKS enabled by Azure Arc deployment options

This article shows a comparison of features available for the different deployment options under AKS enabled by Azure Arc.    ...

2 days ago

Azure Fluid Relay: Leveraging Azure Blob Storage to scale Git

Learn how to leverage Git as a storage mechanism behind the globally available Azure Fluid Relay (AFR) service. The post Azure Fluid Relay: Le...

3 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy