Last week during Ignite 2022, Microsoft released a public preview of a new DDoS feature called IP-based protection which is aimed at protecting DDoS attacks on layer 4 (namely TCP SYN Flood attacks)
When looking at the statistics for Q3 this year from the blog from Cloudflare, the most predominant form of DDoS attacks is still plain TCP SYN Flood Attacks
Source: Cloudflare DDoS threat report 2022 Q3
Microsoft has had DDoS protection that can block these types of attacks for some time now, but unfortunately, it has come at an extremely high cost, just enabling the feature per month costs $2,944. Another thing is that with this feature enabled you can protect up to 100 public IP addresses.
While most organizations try to keep the number of public IP addresses as low as possible, there are some services as well where it does not make any sense to have DDoS protection enabled as well.
This is where the new feature comes in, called IP-based protection. Allowing us to get some of the same features but allowing us to enable the protection feature per public IP address.
There are also some other features that is not included in the IP based protection compared to the standard DDoS protection feature which can be viewed here –> Azure DDoS Protection SKU Comparison | Microsoft Learn
This feature is in preview, so some major locations are missing such as West Europe.
To enable the feature is simple. You just need to run Azure PowerShell with the latest module (version 4.21.0) which allows reading the DDoS tag on the public IPs.
Install-Module Az.Network $publicIp = Get-AzPublicIpAddress -Name nameofpip -ResourceGroupName nameofrg $publicIp.DdosSettings.ProtectionMode = 'Enabled' Set-AzPublicIpAddress -PublicIpAddress $publicIp
Now if you want to test DDoS attacks against Microsoft Azure to determine how the feature will work, there are only two supported partners now that can be used to simulate DDoS attacks against Azure, which you can read more about here –> Azure DDoS Protection simulation testing | Microsoft Learn
Once you have enabled the feature you can view the feature using the Azure preview portal here –> https://preview.portal.azure.com
Then by going into the public IP address you will see the new property there –>
