Trace Id is missing
Skip to main content

Azure DDoS Protection

Protect your Azure resources from distributed denial-of-service (DDoS) attacks.

Always-on monitoring and automatic DDoS network attack mitigation

Help protect your apps and resources with a profile automatically tuned to your expected traffic volume. Defend against even the most sophisticated attacks with an Azure global network that gives you dedicated monitoring, logging, telemetry, and alerts. Choose from options, Network Protection and IP Protection, that meet the protection and cost needs of all organizations - from enterprises to small and medium businesses.

Adaptive threat intelligence automatically detects and mitigates even the most complex DDoS attacks

Massive DDoS mitigation capacity scrubs traffic at the network edge before it impacts applications

Full visibility into DDoS attacks with actionable insights for quick response

Easy-to-deploy, multilayered DDoS protection immediately helps safeguard all resources on virtual networks upon enablement

Minimize application downtime and latency during attacks

Monitor your app traffic patterns all day, every day with adaptive tuning that compares actual traffic against thresholds defined in your DDoS policy. Mitigate DDoS attacks instantaneously without impacting the availability or performance of highly latency-sensitive applications.

An AppCenter Demo for a Smart Hotel app being distributed to users and test run.
Data monitoring app performance and usage such as active users, daily sessions per user, session duration and top devices.

Set up multilayer protection within minutes

Defend against a comprehensive set of network layer (layer 3/4) attacks, and from common application layer (layer 7) attacks. Deployed with Azure Application Gateway web application firewall (WAF), protection is easy to enable on any new or existing virtual network, and requires no user configuration or application or resource changes. Inline DDoS protection is offered through partner network virtual appliances deployed with Azure Gateway Load Balancer.

Interoperate seamlessly with other Azure services

Provide comprehensive protection and performance with Azure Monitor for alerting, metrics, and insights, and Microsoft Defender for Cloud for security posture management. Use your logs with Microsoft Sentinel and other security information and event management solutions.

Data monitoring app performance and usage such as active users, daily sessions per user, session duration and top devices.
Data monitoring app performance and usage such as active users, daily sessions per user, session duration and top devices.

Protect your apps with the security Microsoft uses

Reduce risk and focus on keeping your business running efficiently with the same security solution Microsoft uses to help safeguard critical services.

A person working at their desk.

Eliminate critical business impact with rapid response

Engage the DDoS Protection rapid response team for help during an active attack. Get help with investigation, custom mitigation, analysis, and, if necessary, fast-track your incident to Microsoft support.

A person looking at their computer.

Avoid unforeseen costs of DDoS attacks

Help protect against the costs of DDoS-related usage spikes, such as app-scaling charges and bandwidth surges, with DDoS Protection. You won't be charged for attack traffic, and you'll receive service credit for resource costs incurred from a documented DDoS attack.

Comprehensive security and compliance, built in

Get started with an Azure free account


Start free. Get $200 credit to use within 30 days. While you have your credit, get free amounts of many of our most popular services, plus free amounts of 55+ other services that are always free.


After your credit, move to pay as you go to keep building with the same free services. Pay only if you use more than your free monthly amounts.


After 12 months, you'll keep getting 55+ always-free services—and still pay only for what you use beyond your free monthly amounts.

Trusted by companies of all sizes

Creating a seamless, secure client experience

“In our on-premises environment, each security layer was standalone, presented in several dashboards. In Azure, we wanted to focus not only on the available solutions, but also combining their functionalities into a single easy-to-deploy, easy-to-manage, highly secure environment.”

André Beerendonk, Team Manager for IT Operations, VECOZO

Two employees working together at a desk

“We need providers like Microsoft that we can trust so we can focus on the business. We use Azure DDoS Network Protection and Azure Web Application Firewall on Azure Application Gateway to protect our business-critical workloads and data streams across our environment.”

Marius Matonis, Senior Technical Lead, Elvia

A bird's eye view of a large river flowing through mountains and towns

An end-to-end digital transformation

"Understanding the inner workings of a firewall is not our expertise, and with Azure Firewall Premium, it doesn't have to be. We use Azure Firewall Premium to protect Dematic and our customers around the clock, and we can depend on it."

Brandon Bates, Principal Architect, Dematic

A rendering of a Dematic warehouse

Cybersecurity services for counterattack protection

The Dominican Judicial branch needed to create a virtualized digital justice ecosystem, improving the quality and speed of its processes. With Azure, it built a robust, flexible, scalable, and highly reliable network.

Dominican and Judicial Branch

Gaining cloud security benefits

Smart infrastructure company Costain reduced risk by replacing its legacy datacenter wide area network (WAN) hardware with cloud-based Azure Virtual WAN and Azure Firewall Manager. It now sees and controls all traffic moving across its networks.



"Moving over to Azure is definitely one of the most important parts of our technology roadmap. Azure enables the enterprise to deliver faster and more flexibly, while maintaining our levels of security and compliance."
Werner Huss, Ticketshop Head of Engineering, ÖBB
Back to tabs

Frequently asked questions about Azure DDoS Protection

  • Distributed denial of service (DDoS) is a type of attack where an attacker sends more requests to an application than the application is capable of handling. This depletes resources, affecting the application's availability and its ability to service customers. Over the past few years, the industry has seen a sharp increase in attacks, which are becoming more sophisticated and larger in magnitude. DDoS attacks can target any endpoint that's publicly reachable through the internet.

  • DDoS Network Protection, combined with application design best practices, provides enhanced DDoS mitigation features to defend against DDoS attacks. It's automatically tuned to help protect your specific Azure resources in a virtual network. Protection is easy to enable on any new or existing virtual network, and requires no application or resource changes. It has several advantages over the default infrastructure-level DDoS protection, including logging, alerting, and telemetry. See DDoS Network Protection overview for more details.

  • DDoS Protection is zone-resilient by default, and managed by the service itself. No customer configuration is necessary to enable zone resiliency.

  • Use DDoS Protection service in combination with a web application firewall (WAF) for protection both at the network layer (layer 3 and 4, offered by DDoS Network Protection) and at the application layer (layer 7, offered by a WAF). Offerings include Application Gateway WAF and other web application firewall apps available in Azure Marketplace.

  • Public IPs in a Azure Resource Manager-based Azure Virtual Network are currently the only type of protected resource. PaaS services (multitenant) are not supported. See DDoS Network Protection reference architectures for details.

Ready when you are—let's set up your Azure free account

AI-powered assistant