Lock down access to Azure VM to specific IP
We're planning to sign up for the Azure VM trial as soon as it comes out of preview. In the meantime however, can someone please clarify the following?
Currently users can access an Azure VM instance using a Remote Desktop Connection (RDC). Is it possible however to 'lock down' the Azure VM instance so that only a specified IP address can connect via RDC?
This would provide us with some extra security knowing only our fixed office IP could connect to our live data server. Or is there a different approach?
Answer
The Windows Azure load balancer (through which all traffic is routed) doesn't have any type of IP-whitelist feature. You'd need to implement that in your VM's firewall. If this is a Cloud Service (PaaS), then the firewall rules would be applied to any new instance that's spun up. With IaaS, you'd either apply the rules to each VM or set the rules up initially in a VM that you subsequently use as an image for additional VMs.
EDIT 7/29/2013 This answer is a bit dated. Virtual Machines now have IP-based endpoint ACL allow/deny lists, currently accessible via PowerShell. You can set up separate IP filtering for each endpoint so, in your case, you could lock down the RDP port specifically. See this blog post for more information.