Create an Azure DDoS Protection Plan for VNETs / Enable Azure DDoS Protection for Public IPs

Implementation Effort: Low

User Impact: Low

Overview

Distributed Denial of Service attacks aim to exhaust network or application resources and disrupt services. Within a Zero Trust model—where every request at your perimeter is considered untrusted—Azure DDoS Protection, combined with application design best practices, offers enhanced DDoS mitigation features to defend against these attacks. It automatically tunes to your specific Azure resources in a virtual network and requires no changes to your applications or infrastructure. Azure DDoS Protection provides two tiers:

• DDoS Network Protection - Azure DDoS Network Protection, combined with application design best practices, provides enhanced DDoS mitigation features to defend against DDoS attacks. It's automatically tuned to help protect your specific Azure resources in a virtual network.
• DDoS IP Protection - DDoS IP Protection is a pay-per-protected IP model. DDoS IP Protection contains the same core engineering features as DDoS Network Protection, but will differ in the following value-added services: DDoS rapid response support, cost protection, and discounts on WAF.

Reference

• What is Azure DDoS Protection?
• Azure DDoS Protection features
• About Azure DDoS Protection Tier Comparison