Azure DDoS Protection
Protect your Azure resources from distributed denial-of-service (DDoS) attacks.
Always-on monitoring and automatic DDoS network attack mitigation
Help protect your apps and resources with a profile automatically tuned to your expected traffic volume. Defend against even the most sophisticated attacks with an Azure global network that gives you dedicated monitoring, logging, telemetry, and alerts.
Adaptive threat intelligence automatically detects and mitigates even the most complex DDoS attacks
Massive DDoS mitigation capacity scrubs traffic at the network edge before it impacts applications
Full visibility into DDoS attacks with actionable insights for quick response
Easy-to-deploy, multilayered DDoS protection immediately helps safeguard all resources on virtual networks upon enablement
Minimize application downtime and latency during attacks
Set up multilayer protection within minutes
Interoperate seamlessly with other Azure services
Protect your apps with the security Microsoft uses
Eliminate critical business impact with rapid response
Engage the DDoS Protection rapid response team for help during an active attack. Get help with investigation, custom mitigation, analysis, and, if necessary, fast-track your incident to Microsoft support.
Avoid unforeseen costs of DDoS attacks
Help protect against the costs of DDoS-related usage spikes, such as app-scaling charges and bandwidth surges, with DDoS Protection. You won't be charged for attack traffic, and you'll receive service credit for resource costs incurred from a documented DDoS attack.
Comprehensive security and compliance, built in
Microsoft invests more than USD$1 billion annually on cybersecurity research and development.
We employ more than 3,500 security experts who are dedicated to data security and privacy.
Azure DDoS Protection pricing
Help protect your Azure resources from DDoS attacks with always-on monitoring and automatic network attack mitigation. There are no upfront commitments, no termination fees, and your total cost scales with your cloud deployment.
Get started with an Azure free account
Start free. Get USD$200 credit to use within 30 days. While you have your credit, get free amounts of many of our most popular services, plus free amounts of 55+ other services that are always free.
After your credit, move to pay as you go to keep building with the same free services. Pay only if you use more than your free monthly amounts.
After 12 months, you'll keep getting 55+ always-free services—and still pay only for what you use beyond your free monthly amounts.
Trusted by companies of all sizes
Creating a seamless, secure client experience
"We know the security features are effective. In the case of DDoS protection, we've seen it mitigate attacks from outside threats."
Isidro Rodriguez, Head of Digital Transformation, SaaS Operations, NCR Corporation
An end-to-end digital transformation
Cybersecurity services for counterattack protection
Gaining cloud security benefits
"Moving over to Azure is definitely one of the most important parts of our technology roadmap. Azure enables the enterprise to deliver faster and more flexibly, while maintaining our levels of security and compliance."
Werner Huss, Ticketshop Head of Engineering, ÖBB
Azure DDoS Protection resources and documentation
Frequently asked questions about Azure DDoS Protection
Distributed denial of service (DDoS) is a type of attack where an attacker sends more requests to an application than the application is capable of handling. This depletes resources, affecting the application's availability and its ability to service customers. Over the past few years, the industry has seen a sharp increase in attacks, which are becoming more sophisticated and larger in magnitude. DDoS attacks can target any endpoint that's publicly reachable through the internet.
DDoS Protection Standard, combined with application design best practices, provides enhanced DDoS mitigation features to defend against DDoS attacks. It's automatically tuned to help protect your specific Azure resources in a virtual network. Protection is easy to enable on any new or existing virtual network, and requires no application or resource changes. It has several advantages over the default infrastructure-level DDoS protection, including logging, alerting, and telemetry. See DDoS Protection Standard overview for more details.
DDoS Protection is zone-resilient by default, and managed by the service itself. No customer configuration is necessary to enable zone resiliency.
Use DDoS Protection service in combination with a web application firewall (WAF) for protection both at the network layer (layer 3 and 4, offered by DDoS Protection Standard) and at the application layer (layer 7, offered by a WAF). Offerings include Application Gateway WAF and other web application firewall apps available in Azure Marketplace.
Public IPs in a Azure Resource Manager-based Azure Virtual Network are currently the only type of protected resource. PaaS services (multitenant) are not supported. See DDoS Protection Standard reference architectures for details.