Azure Policy built-in definitions for Azure DDoS Protection Standard

This page is an index of Azure Policy built-in policy definitions for Azure DDoS Protection Standard. For additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.

The name of each built-in policy definition links to the policy definition in the Azure portal. Use the link in the Version column to view the source on the Azure Policy GitHub repo.

Azure DDoS Protection Standard

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Virtual networks should be protected by Azure DDoS Protection Standard Protect your virtual networks against volumetric and protocol attacks with Azure DDoS Protection Standard. For more information, visit https://aka.ms/ddosprotectiondocs. Modify, Audit, Disabled 1.0.0
Public IP addresses should have resource logs enabled for Azure DDoS Protection Standard Enable resource logs for public IP addresses in diagnostic settings to stream to a Log Analytics workspace. Get detailed visibility into attack traffic and actions taken to mitigate DDoS attacks via notifications, reports and flow logs. AuditIfNotExists, DeployIfNotExists, Disabled 1.0.0

Next steps