Skip Navigation
  3. Azure DDoS Protection

Azure DDoS Protection

Protect your Azure resources from Distributed Denial of Service (DDoS) attacks

  • Always-on monitoring and automatic network attack mitigation
  • Adaptive tuning based on platform insights in Azure
  • Application layer protection with Azure Application Gateway Web Application Firewall
  • Integration with Azure Monitor for analytics and insights
  • Protection against the unforeseen costs of a DDoS attack

DDoS attack protection with the scale and elasticity of Azure

Backed by the Microsoft global network, DDoS Protection brings massive DDoS mitigation capacity to every Azure region. Scrub traffic at the Azure network edge before it can impact the availability of your service.

Turnkey defense

Cover all resources on a virtual network when you enable Azure DDoS Protection via simplified configuration. Always-on traffic monitoring provides near real-time detection of a DDoS attack, with no intervention required. DDoS Protection automatically mitigates the attack as soon as it is detected.

Adaptive tuning

DDoS Protection provides advanced intelligence that automatically configures and tunes your DDoS Protection settings. The DDoS service understands your resources and resource configuration and uses intelligent traffic-profiling to learn application traffic patterns over time.

Multi-layered protection

Deployed with Azure Application Gateway Web Application Firewall, DDoS Protection defends against a comprehensive set of network layer (layer 3/4) attacks and protects web apps from common application layer (layer 7) attacks, such as SQL injection, cross-site scripting attacks and session hijacks. Web Application Firewall comes preconfigured to handle threats identified by the Open Web Application Security Project top 10 common vulnerabilities.

Near real-time metrics and alerts

Native integration with Azure Monitor exposes attack metrics and telemetry alongside other resource telemetry. Flexible alerting mechanisms notify you when an application is under attack.

Attack analytics

Get detailed reports in five-minute increments during an attack and a complete summary after the attack ends. Stream DDoS mitigation flow logs to an offline security information and event management (SIEM) system for near real-time monitoring during an attack.

Rapid response

Engage the DDoS Protection rapid response team for help with attack investigation, custom mitigation and analysis.

Protection against unplanned resource costs

Receive service credit for resource costs incurred as a result of a documented DDoS attack.

Why trust Azure DDoS Protection?

  • Microsoft invests more than USD 1 billion annually on cyber security research and development.

  • We employ more than 3,500 security experts completely dedicated to your data security and privacy.

  • Azure has more compliance certifications than any other cloud provider. View the comprehensive list.

    ISO/IEC
    ISO/IEC
    CSA/CCM
    CSA/CCM
    ITAR
    ITAR
    CJIS
    CJIS
    HIPAA
    HIPAA
    IRS
    IRS
Learn more about security on Azure

Azure DDoS Protection pricing

  • No upfront cost
  • No termination fees
  • Pay only for what you use
Learn more about Azure DDoS Protection pricing

Everything you need to get started

Get instant access and a $200 credit by signing up for a free Azure account.

Learn how to use Azure DDoS Protection with 5-minute quickstart tutorials and documentation.

Enhance Azure DDoS Protection with additional features and products, like security and backup services.

Documentation and resources

Related products and services

Application Gateway

Build secure, scalable and highly available web front ends in Azure

Virtual Network

Provision private networks, optionally connect to on-premises datacenters

Load Balancer

Deliver high availability and network performance to your applications

Learn More

Resources

Ready when you are—let us set up your Azure free account