Consider which Distributed Denial of Service protection (DDoS protection) service to use for your Microsoft Azure services.

Contoso, Ltd. is a growing financial services company based in London with major offices located throughout the world. They’re continuing to move their on-premises services to Azure.

The IT director asked you, their lead system engineer and Azure administrator, to evaluate the risks and benefits of upgrading to Azure DDoS Protection. You're also asked to evaluate Azure DDoS Protection against the no-cost Azure DDoS infrastructure protection option that’s part of every property in Azure.

After completing this module, you’ll understand the basics of DDoS attacks and the features of the Azure DDoS Infrastructure Protection service and Azure DDoS Protection service.

Learning objectives

After completing this module, you’ll be able to:

  • Explain DDoS attack types and the components of an effective DDoS response strategy.

  • Compare Azure DDoS Infrastructure Protection and Azure DDoS Protection tiers.

  • Evaluate Azure DDoS Protection, its features, and architecture options.

  • List the fundamental best practices to build DDoS-resilient services on Azure.


To get the best learning experience from this module, you should have:

  • Intermediate-level knowledge of networking concepts such as:

    • Routing
    • Open Systems Interconnection (OSI) model
    • DNS
  • Beginner-level knowledge of Azure networking services including:

    • Virtual networks
    • Azure Firewall
    • Azure regions
  • Intermediate-level knowledge of security concepts such as:

    • The zero-trust security model
    • Botnets
    • Role-based access control (RBAC)