Management of Azure services involves careful planning around available resources. One capability that is often requested by Azure DDoS protection customers is the ability to exclude certain public IP addresses from the protection plan to accommodate their prioritized workloads. For instance, public IPs attached to services in hybrid networking may be protected by DDoS plans in the hub or in the spoke virtual network depending on the type of architecture in use and the Public IP tier. A security administrator might also opt to use a DDoS IP protection SKU for certain workloads over DDoS Network protection.
The ability to exclude certain public addresses from the DDOS network protection plan is now available to customers. A security administrator can take advantage of this feature to enable or disable DDOS protection on specified public IP addresses in their virtual network. To use this feature,
Confirm Public IP SKU is Standard. (Available for Standard Public IP SKU)
On the Overview page, Click Protect (Protect IP address)
Configure the public IP DDOS protection status using the options as shown below. When disabled, a notification on the current safety status of your network resources with be displayed. Note that “Disable” option will only work in regions where IP Protection SKU is available.
For more updates and announcement on Azure DDoS protection or Azure Network Security products, subscribe to the announcement channel via Azure blog