Ensure that DDoS protection monitoring for public virtual networks is enabled within your Microsoft Azure cloud account settings so that Microsoft Defender for Cloud can assess if DDoS protection is enabled for all your Azure Virtual Networks (VNets) with a subnet that is part of an application gateway with a public IP.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
A Distributed Denial-of-Service (DDoS) attack represents a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its infrastructure with a flood of HTTP traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised machines or networks as the sources of traffic. Microsoft Defender for Cloud can determine if the monitoring of the DDoS protection is enabled for your Azure public virtual networks and make the proper recommendations.
Audit
To determine if the monitoring of DDoS protection for public virtual networks is enabled within the Microsoft Defender for Cloud security policy, perform the following operations:
Remediation / Resolution
To enable the monitoring of Distributed Denial-of-Service (DDoS) protection for your Microsoft Azure public virtual networks, perform the following operations:
References
- Azure Official Documentation
- Azure DDoS Protection
- Azure DDoS Protection Standard overview
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Manage security policies
- Azure Policy built-in policy definitions
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token