Azure and endpoint - allow only one IP to connect
Old question, I know but still in the search results - and things have changed since the only other answer here.
You can edit the Access Control List via the Azure Management Dashboard:Virtual Machines -> select vm -> Endpoints -> select endpoint -> Manage ACL
or the Preview Portal:Select vm -> All settings -> Endpoints -> select endpoint
Enter the name for the ACL entry, "Permit" for action and then enter the CIDR notation for the IP Address sub range you want to allow. In this case a single IP address of 1.2.3.4 will require an entry of 1.2.3.4/32 and another entry to cover your second (and subsequent IP addresses unless they are contiguous and you can define a range).
Having this permit entry will create an implied Deny to 0.0.0.0/0 (which is deny access for everyone - but only after allowing access for your IP address)
At the time being (4 SEP 2013) the only way to set ACL (Access Control List) on an Endpoint is via Management API (REST) or Azure PowerShell commandlets: