Azure DDoS Protection
Protect your Azure resources from denial of service threats
- Always-on monitoring and automatic network attack mitigation
- Adaptive tuning based on Azure's unique platform insights
- Application layer protection with Azure Application Gateway Web Application Firewall
- Integration with Azure Monitor for analytics and insights
- Protection against the unforeseen costs of a DDoS attack
Protection leveraging the scale and elasticity of Azure
DDoS Protection leverages the scale and elasticity of Microsoft’s global network to bring massive DDoS mitigation capacity in every Azure region. Microsoft’s DDoS Protection service protects your Azure applications by scrubbing traffic at the Azure network edge before it can impact your service's availability.
Simplified configuration immediately protects all resources on a virtual network as soon as Azure DDoS Protection is enabled. Always on traffic monitoring provides near real-time detection of a DDoS attack. No intervention is required. DDoS Protection instantly and automatically mitigates the attack once it has been detected.
Azure DDoS Protection integrates with the Azure platform providing advanced intelligence that is able to automatically configure and automatically tune your DDoS Protection settings. DDoS Protection understands your resources and resource configuration. Intelligent traffic profiling automatically learns your application’s traffic over time.
Protect against DDoS attacks at Layers 3-7
Deployed with Azure Application Gateway Web Application Firewall, DDoS Protection offers advanced protection at Layers 3/4. The DDoS Protection service protects your application from a comprehensive set of network layer (Layer 3/4) attacks. For Layer 7 protection, Azure Application Gateway WAF helps protect web applications from common application layer attacks like SQL injection, cross-site scripting attacks, and session hijacks. AppGW WAF comes preconfigured with protection from threats identified by the Open Web Application Security Project (OWASP) top 10 common vulnerabilities.
Alerting and insights into DDoS attack telemetry
Native integration with Azure Monitor exposes attack metrics and telemetry alongside other resource telemetry. Azure Monitor alerting integration offers flexible alerting mechanisms to notify you when your application is under attack.
Protection against unplanned costs
Our cost protection provides service credits for resource costs that are incurred as a result of a documented DDoS attack.
Related products and services