Ensure that the monitoring of "DDoS Protection Standard" feature is enabled within your Microsoft Azure cloud account settings so that Azure Security Center can assess if DDoS protection is enabled for all the Azure Virtual Networks (VNets) with a subnet that is part of an application gateway with a public IP.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
A Distributed Denial-of-Service (DDoS) attack represents a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its infrastructure with a flood of HTTP traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised machines or networks as the sources of traffic. With DDoS Protection Standard feature enabled, Azure Security Center can determine if the monitoring of DDoS protection is enabled for your Microsoft Azure public virtual networks and make the proper recommendations.
Audit
To determine if monitoring of DDoS protection for public virtual networks is enabled within Azure Security Center settings, perform the following actions:
Remediation / Resolution
To enable the monitoring of Distributed Denial-of-Service (DDoS) protection for your Azure public virtual networks, perform the following actions:
References
- Azure Official Documentation
- Azure DDoS Protection
- Azure DDoS Protection Standard overview
- Working with security policies
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
Enable DDoS Protection Standard Monitoring for Public Virtual Networks
Risk level: High