About Azure DDoS Protection SKU Comparison
The sections in this article discuss the resources and settings of Azure DDoS Protection.
DDoS Network Protection
Azure DDoS Network Protection, combined with application design best practices, provides enhanced DDoS mitigation features to defend against DDoS attacks. It's automatically tuned to help protect your specific Azure resources in a virtual network. For more information about enabling DDoS Network Protection, see Quickstart: Create and configure Azure DDoS Network Protection using the Azure portal.
DDoS IP Protection Preview
DDoS IP Protection is a pay-per-protected IP model. DDoS IP Protection contains the same core engineering features as DDoS Network Protection, but will differ in the following value-added services: DDoS rapid response support, cost protection, and discounts on WAF. For more information about enabling DDoS IP Protection, see Quickstart: Create and configure Azure DDoS IP Protection using Azure PowerShell.
DDoS IP Protection is currently only available in the Azure Preview Portal.
DDoS IP Protection is currently available in the following regions.
|Americas||Europe||Middle East||Africa||Asia Pacific|
|West Central US||France Central||UAE Central||South Africa North||Australia Central|
|North Central US||Germany West Central||Qatar Central||Korea Central|
|West US||Switzerland North||Japan East|
|West US 3||France South||West India|
|Norway East||Jio India Central|
|Sweden Central||Australia Central 2|
Azure DDoS Protection supports two SKU Types, DDoS IP Protection and DDoS Network Protection. The SKU is configured in the Azure portal during the workflow when you configure Azure DDoS Protection.
The following table shows features and corresponding SKUs.
|Feature||DDoS IP Protection||DDoS Network Protection|
|Active traffic monitoring & always on detection||Yes||Yes|
|L3/L4 Automatic attack mitigation||Yes||Yes|
|Automatic attack mitigation||Yes||Yes|
|Application based mitigation policies||Yes||Yes|
|Metrics & alerts||Yes||Yes|
|Mitigation flow logs||Yes||Yes|
|Mitigation policies tuned to customers application||Yes||Yes|
|Integration with Firewall Manager||Yes||Yes|
|Azure Sentinel data connector and workbook||Yes||Yes|
|DDoS rapid response support||Not available||Yes|
|Cost protection||Not available||Yes|
|WAF discount||Not available||Yes|
|Protection of resources across subscriptions in a tenant||Yes||Yes|
|Price||Per protected IP||Per 100 protected IP addresses|
At no additional cost, Azure DDoS infrastructure protection protects every Azure service that uses public IPv4 and IPv6 addresses. This DDoS protection service helps to protect all Azure services, including platform as a service (PaaS) services such as Azure DNS. For more information on supported PaaS services, see DDoS Protection reference architectures. Azure DDoS infrastructure protection requires no user configuration or application changes. Azure provides continuous protection against DDoS attacks. DDoS protection does not store customer data.
Submit and view feedback for