Azure DDoS Protection
- Allows you to protect your Azure resources from denial of service (DoS) attacks.
- DDoS protection (layers 3 and 4) offers two service tiers: Basic and Standard.
- Enabled by default (free).
- It mitigates common network attacks.
- Both basic and standard protects IPv4 and IPv6 public IP addresses.
- It has advanced capabilities to protect you against network attacks such as logging, alerting, and telemetry.
- Mitigates the following attacks:
- Volumetric attacks – flood the network layer with attacks.
- Protocol attacks – exploit a weakness in layers 3 and 4.
- Resource layer attacks – a layer 7 attack that disrupts the transmission of data between hosts.
- Enables you to configure alerts at the start and stop of an attack.
- The metric data is retained for 30 days.
- Provides autotuned mitigation policies (TCP/TCP SYN/UDP) for each public IP.
Active traffic monitoring & always-on detection
Automatic attack mitigations
Tuned for Azure traffic region volume
Tuned for application traffic volume
Metrics & alerts
Real-time attack metrics and resource logs via Azure Monitor
Post attack mitigation reports
Mitigation flow logs
NRT log stream for SIEM integration
Mitigation policy customization
Engage DDoS Experts
- Basic DDoS Protection provides protection at no additional charge.
- Standard DDoS Protection is a paid service. You are charged for the processed data every month (per GB).
How to Defend Against Denial of Service Attacks with Azure DDoS Protection
Want to learn more about Azure? Watch the official Microsoft Azure YouTube channel’s video series called Azure Tips and Tricks.