Azure PaaS endpoint ACLs were recently announced to make securing Cloud Services containing Web and Worker Roles easier; prior to this you had to use firewall rules on the Windows VMs themselves, which needed to be created using a startup task and a bit of scripting to invoke netsh or