Azure DDoS Protection Cheat Sheet

• Allows you to protect your Azure resources from denial of service (DoS) attacks.
• Azure DDoS Protection offers three service plans to meet different needs: Basic, IP Protection, and Network Protection (formerly Standard tier).

Features

• Basic
  • Enabled by default (free).
  • It mitigates common network attacks.
  • All DDoS Protection plans (Basic, IP, and Network) protect IPv4 and IPv6 public IP addresses.
• Network Protection (formerly Standard)
  • It has advanced capabilities to protect you against network attacks such as logging, alerting, and telemetry.
  • Mitigates the following attacks:
    • Volumetric attacks – flood the network layer with attacks.
    • Protocol attacks – exploit a weakness in layers 3 and 4.
    • Resource layer attacks – a layer 7 attack that disrupts the transmission of data between hosts.
  • Enables you to configure alerts at the start and stop of an attack.
  • The metric data is retained for 30 days.
  • Provides autotuned mitigation policies (TCP/TCP SYN/UDP) for each public IP.

• DDoS Rapid Response (DRR): The Network Protection plan includes access to the DDoS Rapid Response team. This expert support provides attack investigation and mitigation assistance within a 15-minute SLA during an active attack.

Azure DDoS Protection Pricing

• Basic DDoS Protection provides protection at no additional charge.
• IP Protection and Network Protection are paid services. You are charged a monthly plan fee plus for the processed data (per GB) during an attack.

How to Defend Against Denial of Service Attacks with Azure DDoS Protection

Want to learn more about Azure? Watch the official Microsoft Azure YouTube channel’s video series called Azure Tips and Tricks.

Azure DDoS Protection Cheat Sheet References:

https://azure.microsoft.com/en-us/services/ddos-protection/
https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview
https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices