Forum Discussion

AshleyMartin's avatar
AshleyMartin
Icon for Microsoft rankMicrosoft
Dec 06, 2022

New Blog Post | Exclude Public IP addresses in Azure DDOS network protection

Full Article: Exclude Public IP addresses in Azure DDOS network protection - Microsoft Community Hub

 

Azure DDOS network protection provides security for services deployed in virtual networks against volumetric attacks by way of always-on traffic monitoring and adaptive real time tuning. This may be achieved by applying DDOS protection plans to the different virtual networks in the different architectural tiers such as the Hub and Spoke network, Windows N-tier and Paas Web App architectures.

Management of Azure services involves careful planning around available resources. One capability that is often requested by Azure DDoS protection customers is the ability to exclude certain public IP addresses from the protection plan to accommodate their prioritized workloads. For instance, public IPs attached to services in hybrid networking may be protected by DDoS plans in the hub or in the spoke virtual network depending on the type of architecture in use and the Public IP tier. A security administrator might also opt to use a DDoS IP protection SKU for certain workloads over DDoS Network protection.

 

Original Post: New Blog Post | Exclude Public IP addresses in Azure DDOS network protection - Microsoft Community Hub

  • Is it the right understanding that now I can exclude some public IP address from DDos Protection plan ? Wondering wont that be a backdoor entry for attackers. Will you please help the use cases that I need to consider

Resources