| title | description | services | author | ms.service | ms.date | ms.author | ms.custom | ms.topic |
|---|---|---|---|---|---|---|---|---|
Azure Policy built-in definitions for Azure DDoS Protection |
Lists Azure Policy built-in policy definitions for Azure DDoS Protection. These built-in policy definitions provide common approaches to managing your Azure resources. |
ddos-protection |
AbdullahBell |
ddos-protection |
02/06/2024 |
abell |
subject-policy-reference |
include |
This page is an index of Azure Policy built-in policy definitions for Azure DDoS Protection. For additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.
The name of each built-in policy definition links to the policy definition in the Azure portal. Use the link in the Version column to view the source on the Azure Policy GitHub repo.
| Name (Azure portal) |
Description | Effect(s) | Version (GitHub) |
|---|---|---|---|
| Virtual networks should be protected by Azure DDoS Protection | Protect your virtual networks against volumetric and protocol attacks with Azure DDoS Protection. For more information, visit https://aka.ms/ddosprotectiondocs. | Modify, Audit, Disabled | 1.0.0 |
| Public IP addresses should have resource logs enabled for Azure DDoS Protection | Enable resource logs for public IP addresses in diagnostic settings to stream to a Log Analytics workspace. Get detailed visibility into attack traffic and actions taken to mitigate DDoS attacks via notifications, reports and flow logs. | AuditIfNotExists, DeployIfNotExists, Disabled | 1.0.0 |
- See the built-ins on the Azure Policy GitHub repo.
- Review the Azure Policy definition structure.
- Review Understanding policy effects.