Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
Solution: You modify a DDoS protection plan.
Does this meet the goal?
You open a port, or create an endpoint, to a virtual machine (VM) in Azure by creating a network filter on a subnet or a VM network interface. You place these filters, which control both inbound and outbound traffic, on a network security group attached to the resource that receives the traffic.
The example in this article demonstrates how to create a network filter that uses the standard TCP port 80 (it's assumed you've already started the appropriate services and opened any OS firewall rules on the VM).
After you've created a VM that's configured to serve web requests on the standard TCP port 80, you can:
1. Create a network security group.
2. Create an inbound security rule allowing traffic and assign values to the following settings:
a. Destination port ranges: 80.
b. Source port ranges: * (allows any source port).
c. Priority value: Enter a value that is less than 65,500 and higher in priority than the default catch-all deny inbound rule.
Associate the network security group with the VM network interface or subnet.