Configure public IP addresses

Configure and manage virtual networks in Azure

📘Microsoft Certified: Azure Administrator Associate (AZ-104)

Public IP addresses in Azure allow resources (like virtual machines, load balancers, firewalls, and web apps) to communicate with the internet. As an Azure Administrator, you must understand how to create, manage, assign, and secure public IPs.

This section is important in the exam because public IPs are used across many Azure services.

1. What Is a Public IP Address in Azure?

A Public IP Address is an IP that is reachable over the internet. Azure assigns this public IP to resources that need inbound or outbound internet connectivity.

When public IPs are used in an IT environment

IT teams use public IP addresses for:

  • Providing remote access to Virtual Machines (VMs) (e.g., SSH/RDP).
  • Publishing web applications to the internet.
  • Allowing Azure Load Balancers to serve internet clients.
  • Letting Azure Firewall, VPN Gateway, Application Gateway connect externally.
  • Giving outbound internet access to internal servers.

2. Public IP Address Types

Azure supports two main types:

(A) IPv4 vs IPv6

  • IPv4 is most commonly used.
  • IPv6 is used when an application or security requirement demands it.
  • IPv6 works only with Standard SKU public IPs.

(B) Dynamic vs Static Public IPs

Static Public IP

  • IP address does not change.
  • Used when DNS names or access rules need a permanent IP.
  • Required for:
    • VPN Gateways
    • Azure Firewall
    • Front Door
    • Application Gateway
    • Production websites
    • Network appliances

Dynamic Public IP

  • IP address may change when the resource is stopped/deallocated.
  • Suitable for test servers or temporary workloads.

3. Public IP SKUs: Basic vs Standard (Exam Important)

Azure provides two SKUs:

Basic Public IP

  • Older SKU.
  • Open to internet by default (less secure).
  • No zone redundancy.
  • No routing preference.
  • Supports inbound and outbound traffic.

Standard Public IP

  • Recommended for production.
  • Secure by default
    • No inbound allowed unless configured via NSG or firewall.
  • Zone-redundant and zone-aware.
  • Supports advanced features like:
    • Routing preference (Microsoft network vs ISP network)
    • IPv6
    • Availability zones
  • Used by:
    • Standard Load Balancer
    • Application Gateway v2
    • NAT Gateway
    • Firewall

Important for exam:
Standard SKU = Secure by default, must allow traffic using NSG rules.

4. Allocation Method & Domain Labels

Allocation Methods

SettingStaticDynamic
IP changes?NoYes
Required for critical workloads?YesNo
Supports DNS Name label?YesYes

DNS Name Labels

  • Each public IP can have a FQDN like:
    myapp.eastus.cloudapp.azure.com
  • Useful when you don’t want to remember IPs.

5. Public IP Address Prefix

A Public IP Prefix is a reserved range of public IP addresses (e.g., /28 with 16 IPs).

Used for:

  • Hosting multiple servers behind consistent IP ranges.
  • Migration scenarios.
  • Enterprises managing firewall rules using IP blocks.

6. Creating a Public IP Address in Azure

You can create public IPs using:

  • Azure Portal
  • Azure CLI
  • Azure PowerShell
  • ARM/Bicep templates
  • Terraform

Key configuration settings

When creating a public IP, you must configure:

  1. SKU (Basic or Standard)
  2. IP Version (IPv4/IPv6)
  3. Assignment Method (Static or Dynamic)
  4. Tier (Regional or Global)
  5. Routing Preference (Microsoft Network or Internet)
  6. Availability Zone options
  7. DNS name label (optional)

7. Assigning Public IP Addresses

Public IPs can be attached to:

A. Virtual Machines

Attached using:

  • NIC (Network Interface)
  • Public Load Balancer (frontend IP configuration)

VMs can only have 1 public IP per NIC.

B. Load Balancers

  • Used for web applications, APIs, server farms.
  • Public IP is assigned to the frontend of the load balancer.

C. Application Gateway

  • Only Standard SKU public IPs allowed.
  • Provides internet-facing web traffic routing.

D. Azure Firewall

  • Requires Static Standard SKU public IP.

E. VPN Gateway & ExpressRoute Gateway

  • Uses public IP for secure tunneling.

F. NAT Gateway

  • Public IP enables outbound traffic for VMs without exposing them directly.

8. Outbound Internet Access (Exam Hot Topic)

VMs without a public IP can still reach the internet using:

1. Load Balancer outbound rules

2. NAT Gateway

3. Azure Firewall

4. Temporary IP (Basic Load Balancer only)

Standard Load Balancer does NOT support temporary outbound IPs.

9. Security Considerations

Public IP exposure must be controlled

  • Use NSGs to restrict inbound traffic.
  • Restrict SSH/RDP from the internet.
  • Use Azure Bastion or VPN for secure access.

Standard SKU = secure by default

No inbound allowed unless explicitly configured.

10. Monitoring Public IPs

Azure provides monitoring for:

  • IP address usage
  • Traffic metrics (inbound/outbound)
  • Logs through:
    • Network Watcher
    • Azure Monitor
    • NSG Flow Logs

11. Exam Tips (Very Important)

✔ Static IP = needed for stable DNS, gateways, firewalls
✔ Standard SKU = secure, zone-aware, recommended for production
✔ Basic SKU = less secure, older SKU
✔ IPv6 requires Standard SKU
✔ Public IP prefix = multiple address block
✔ Public IP can be assigned to VMs, load balancers, gateways, firewalls
✔ DNS label = optional FQDN using cloudapp.azure.com
✔ NAT Gateway provides outbound-only connectivity

12. Simple IT-Relevant Example Scenarios

Scenario 1: VM needs RDP access

  • Assign a public IP to NIC
  • Use NSG to allow RDP from specific IPs
  • Prefer Standard SKU for better security

Scenario 2: Host a web application

  • Use Standard Public IP on Load Balancer or Application Gateway
  • Configure DNS name for easier access

Scenario 3: Company wants multiple public IPs

  • Use Public IP Prefix (e.g., /29 = 8 addresses)
  • Assign to load balancers, VMs, or firewalls

Scenario 4: Secure outbound internet for VMs

  • Attach NAT Gateway to the subnet
  • Assign public IP to NAT Gateway
  • No direct IP assigned to VMs

Conclusion

Configuring Public IP Addresses in Azure is a core skill for AZ-104. You must know:

  • Types of public IPs
  • SKUs (Basic vs Standard)
  • Assignment methods
  • When to use static vs dynamic
  • How to attach and secure public IPs
  • How public IPs affect inbound/outbound connectivity

Mastering these concepts ensures you understand how Azure resources communicate with the internet in a secure and controlled way.

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by