What level of DDoS can Azure handle?

TravisCragg-MSFT 5,626 Reputation points Microsoft Employee

What level of DDoS can Azure handle?

[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question] Source: Microsoft Learn

Azure DDos Protection
Azure DDos Protection
An Azure service that provides defense against distributed denial-of-service (DDoS) attacks.
44 questions
No comments
{count} votes

Accepted answer
  1. Mike Ubezzi 2,771 Reputation points

    Currently Azure DDoS Standard plan has total mitigation capacity is 45+ tbps higher than Akamai and other vendors. We can mitigate attacks of significant volume and frequency at the same time and guarantee we don’t blackhole traffic. DDOS Standard is the same product that provides protection for our 1st party services like Xbox, O365, Teams etc
    DDoS Protection Standard provides SLA guarantee and cost protection. If the resource is protected with DDoS Protection Standard, any scale out costs during a DDoS attack are covered and customer will get the cost credit back for those scaled out resources.

    Examples of resources:

    • Data process (ingress/egress) for Azure firewall, AppGW/WAF
    • Scale out of VMs, AKS
    • Data egress for network bandwidth -happens during an amplification attack when DDoS impacted app makes outbound connections.
    • Scale out of backend PaaS resources like SQL, CosmosDB, Storage, App Services, etc.

    You can refer to these example reports DDoS attack analytics and DDoS holiday season.

    Source: Microsoft Learn

    No comments

0 additional answers

Sort by: Most helpful