Azure DDoS Protection

Protect your Azure resources from Distributed Denial of Service (DDoS) attacks

Product features

  • Always-on monitoring and automatic network attack mitigation
  • Adaptive tuning based on platform insights in Azure
  • Application layer protection with Azure Application Gateway Web Application Firewall
  • Integration with Azure Monitor for analytics and insights
  • Protection against the unforeseen costs of a DDoS attack

DDoS attack protection with the scale and elasticity of Azure

Backed by the Microsoft global network, DDoS Protection brings massive DDoS mitigation capacity to every Azure region. Scrub traffic at the Azure network edge before it can affect the availability of your service.

Turnkey defence

Cover all resources on a virtual network when you enable Azure DDoS Protection via simplified configuration. Always-on traffic monitoring provides near real-time detection of a DDoS attack, with no intervention required. DDoS Protection automatically mitigates the attack as soon as it’s detected.

Adaptive tuning

DDoS Protection provides advanced intelligence that automatically configures and tunes your DDoS Protection settings. The DDoS service understands your resources and resource configuration, and uses intelligent traffic-profiling to learn application traffic patterns over time.

Multi-layered protection

Deployed with Azure Application Gateway Web Application Firewall, DDoS Protection defends against a comprehensive set of network layer (layer 3/4) attacks, and protects web apps from common application layer (layer 7) attacks, such as SQL injection, cross-site scripting attacks and session hijacks. Web Application Firewall comes preconfigured to handle threats identified by the Open Web Application Security Project top 10 common vulnerabilities.

Near real-time metrics and alerts

Native integration with Azure Monitor exposes attack metrics and telemetry alongside other resource telemetry. Flexible alerting mechanisms notify you when an application is under attack.

Attack analytics

Get detailed reports in five-minute increments during an attack, and a complete summary after the attack ends. Stream DDoS mitigation flow logs to an offline security information and event management (SIEM) system for near real-time monitoring during an attack.

Rapid response

Engage the Azure DDoS Protection rapid response team for help with attack investigation, custom mitigation and analysis.

Protection against unplanned resource costs

Receive service credit for resource costs incurred as a result of a documented DDoS attack.

Related products and services

Application Gateway

Build secure, scalable and highly available web front ends in Azure

Virtual Network

Provision private networks, optionally connect to on-premises data centres

Load Balancer

Deliver high availability and network performance to your applications

Get started with DDoS Protection