As announced at the Ignite Conference, a new Distributed Denial of Service protection has been added to Azure virtual network.

This comes into 2 different offers:

  • Basic and free
  • Standard, providing custom and tuned protection based on your Azure Resource

 

To start using it you can register for the standard preview at http://aka.ms/ddosprotection (no charge during preview)

NOTE this is currently only available in US regions

Once registered, you can go to your Azure Portal to activate it on your existing Azure Virtual Network (or create a new VNet)

Enable DDoS on existing VNet

From the Azure Portal, search for Virtual Networks (or go directly if you have pinned it on your quick launch [Favorites])

image

Edit your existing network

image

Go to the DDoS protection option

image

And finally enable it

image

 

Enable DDoS Protection when creating a new VNet

From the Azure Portal, search for Virtual Networks (or go directly if you have pinned it on your quick launch [Favorites])

image

Create a new VNet and enable the DDoS Protection option

image

 

Create DDoS Alerts

Ok, so now you have the DDoS protection activated. You then need to set an alert to be notified when you are under attack

Go to Monitor and Metrics

imageimage

Select the subscription, resource group and public IP you want to get notified when under attack

image

Then click on Add metric alert

image

Name the new alert and select the metric Under DDoS attack or not and set the condition to greater than 0 over the last 5 minutes (as this is the least timeframe available) and finally set your actions from sending a notification email to run a webhook

imageimage

You can then also keep the logs to a for compliance and regulation action

Go to the Diagnostic settings, select again the public IP address and Turn on diagnostic to collect data

imageimage

You can then define where to save the logs, from storage account to Log analytics and select DDoSProtectionNotifications

image