As announced at the Ignite Conference, a new Distributed Denial of Service protection has been added to Azure virtual network.
This comes into 2 different offers:
- Basic and free
- Standard, providing custom and tuned protection based on your Azure Resource
To start using it you can register for the standard preview at http://aka.ms/ddosprotection (no charge during preview)
NOTE this is currently only available in US regions
Once registered, you can go to your Azure Portal to activate it on your existing Azure Virtual Network (or create a new VNet)
Enable DDoS on existing VNet
From the Azure Portal, search for Virtual Networks (or go directly if you have pinned it on your quick launch [Favorites])
Edit your existing network
Go to the DDoS protection option
And finally enable it
Enable DDoS Protection when creating a new VNet
From the Azure Portal, search for Virtual Networks (or go directly if you have pinned it on your quick launch [Favorites])
Create a new VNet and enable the DDoS Protection option
Create DDoS Alerts
Ok, so now you have the DDoS protection activated. You then need to set an alert to be notified when you are under attack
Go to Monitor and Metrics
Select the subscription, resource group and public IP you want to get notified when under attack
Then click on Add metric alert
Name the new alert and select the metric Under DDoS attack or not and set the condition to greater than 0 over the last 5 minutes (as this is the least timeframe available) and finally set your actions from sending a notification email to run a webhook
You can then also keep the logs to a for compliance and regulation action
Go to the Diagnostic settings, select again the public IP address and Turn on diagnostic to collect data
You can then define where to save the logs, from storage account to Log analytics and select DDoSProtectionNotifications