Skip Navigation

Azure DDoS Protection

Protect your Azure resources from Distributed Denial of Service (DDoS) attacks

Product features

DDoS attack protection with the scale and elasticity of Azure

Backed by the Microsoft global network, DDoS Protection brings massive DDoS mitigation capacity to every Azure region. Scrub traffic at the Azure network edge before it can impact the availability of your service.

Turnkey defense

Cover all resources on a virtual network when you enable Azure DDoS Protection via simplified configuration. Always-on traffic monitoring provides near real-time detection of a DDoS attack, with no intervention required. DDoS Protection automatically mitigates the attack as soon as it is detected.

Adaptive tuning

DDoS Protection provides advanced intelligence that automatically configures and tunes your DDoS Protection settings. The DDoS service understands your resources and resource configuration and uses intelligent traffic-profiling to learn application traffic patterns over time.

Multi-layered protection

Deployed with Azure Application Gateway Web Application Firewall, DDoS Protection defends against a comprehensive set of network layer (layer 3/4) attacks and protects web apps from common application layer (layer 7) attacks, such as SQL injection, cross-site scripting attacks and session hijacks. Web Application Firewall comes preconfigured to handle threats identified by the Open Web Application Security Project top 10 common vulnerabilities.

Near real-time metrics and alerts

Native integration with Azure Monitor exposes attack metrics and telemetry alongside other resource telemetry. Flexible alerting mechanisms notify you when an application is under attack.

Attack analytics

Get detailed reports in five-minute increments during an attack and a complete summary after the attack ends. Stream DDoS mitigation flow logs to an offline security information and event management (SIEM) system for near real-time monitoring during an attack.

Protection against unplanned resource costs

Receive service credit for resource costs incurred as a result of a documented DDoS attack.

Related products and services

Application Gateway

Build secure, scalable and highly available web front ends in Azure

Virtual Network

Provision private networks, optionally connect to on-premises datacenters

Load Balancer

Deliver high availability and network performance to your applications

Get started with DDoS Protection