Azure Policy built-in definitions for Azure DDoS Protection

This page is an index of Azure Policy built-in policy definitions for Azure DDoS Protection. For additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.

The name of each built-in policy definition links to the policy definition in the Azure portal. Use the link in the Version column to view the source on the Azure Policy GitHub repo.

Azure DDoS Protection

(Azure portal)
Description Effect(s) Version
Virtual networks should be protected by Azure DDoS Protection Protect your virtual networks against volumetric and protocol attacks with Azure DDoS Protection. For more information, visit Modify, Audit, Disabled 1.0.0
Public IP addresses should have resource logs enabled for Azure DDoS Protection Enable resource logs for public IP addresses in diagnostic settings to stream to a Log Analytics workspace. Get detailed visibility into attack traffic and actions taken to mitigate DDoS attacks via notifications, reports and flow logs. AuditIfNotExists, DeployIfNotExists, Disabled 1.0.0

Next steps