Cannot remove ddos protection from vnets

Question

I have a DDos protection plan attached to a firewall, this ddos protection plan is protecting 2 vnets and a hub. I want to delete this ddos protection plan but need to remove all the protected resources. When I try to remove the protected resource either through the ddos protection plan or by going to the vnet and disabling ddos protection, it goes through and says it was successful but nothing changes. I'm having a similar issue where I am trying to delete a tag on my resources, it says the tag is deleted successfully but the tag remains. Anyone have any suggestions?

Answer

@Nick Fagan

Thank you for reaching out to us on the Microsoft Q&A forum.

If I understand it correctly you are facing issues disassociating the resources from an Azure DDOS plan and you are also unable to remove tags from your resources via Azure Portal.

Yes, DDoS protection plans cannot be deleted if they are associated with a virtual network. So, the first step is to disassociate both objects.

I think this can be a portal issue. Can you try running the PowerShell commands below and see if that helps in disassociating the Virtual Network and DDOS Plan and removing the DDOS plan.

$vnet = Get-AzVirtualNetwork -Name  -ResourceGroupName  

$vnet.DdosProtectionPlan = $null 

$vnet.EnableDdosProtection = $false 

$vnet | Set-AzVirtualNetwork

Remove-AzDdosProtectionPlan -ResourceGroupName  -Name

These commands are currently documented here. If you do not have PowerShell installed locally, you can run them via Azure Cloud Shell.

Regarding removing tags from your resource, you can run this powershell command Update-AzTag with the Delete parameter to remove any specific tag from your resource. If it helps you can get the resourceid of the resource by running the Get-AzResource command.

Please let us know if you are facing any additional errors, we will gladly continue with our discussion. Thank you!

Share via

Cannot remove ddos protection from vnets

1 answer