Notes from MS Learn AZ-700 Module 6: Design and implement network security – Unit 4: Exercise – Configure DDoS Protection on a Virtual Network Using the Azure Portal
Tasks (taken from MS Learn: Items without “Task” in front of them are personal additions)
- Task 1: Create a DDoS Protection plan.
- Search and click DDoS Protection Plans in Azure Portal
- Click Create
- Select or Create New Resource Group (create new in this example)
- Enter unique name and click OK
- Enter unique name under Instance Details
- Choose Region from dropdown
- Click Review + Create
- Once Validated click Create
- Task 2: Enable DDoS Protection on a new virtual network.
- Search and click Virtual Networks in Azure Portal
- Click Create
- Choose Resource Group from dropdown
- Enter unique Name under Instance details
- Choose Next : IP Addresses >
- Choose Next : Security >
- Toggle DDoS Network Protection to Enable
- Choose DDoS Protection Plan created earlier from dropdown
- Select Review + Create
- Once validated select Create
- Task 3: Configure DDoS telemetry.
- Search and click Public IP Addresses in Azure Portal
- Click Create
- Enter unique name
- Enter DNS Name Label
- Choose Resource Group from dropdown
- Click Create
- Search for DDoS protection plan created earlier
- Choose Metrics under Monitoring
- Set Scope to MyPublicIPAddress
- Click Apply
- Set Metrick from dropdown
- Inbound packets dropped
- Task 4: Configure DDoS diagnostic logs.
- Search and select my public IP address
- Choose Diagnostic settings under Monitoring
- Select Add diagnostic setting
- Check all 3 boxes under Categories
- Check AllMetrics box under metrics
- Check send to Log Analytics workspace box
- Select Add diagnostic setting
- Task 5: Configure DDoS alerts.
- Search and navigate to Virtual Machines in Portal
- Click Create > Azure Virtual Machine
- Choose Resource Group from dropdown
- Provide Virtual Machine Name
- Choose Review + Create
- Once Validated click Create
- Click Download private key and create resource in Generate new key pair dialog
- Click Go to resource
- Click Networking under settings
- Click link next to Network Interface
- Select IP configurations under settings
- Chose ipconfig1
- Under Public IP address choose MyPublicIPAddress
- Click Save
- Navigate to DDoS protection plans in Azure Portal
- Choose MyDDoSProtectionPlan as created earlier
- Click Alerts under monitoring
- Click Create > Alert Rule
- Delete existing resource
- Click Select Scope
- Under Filter by resource choose search for and choose Public IP Addresses from the dropdown
- Choose MyPublicIPAddress as created earlier
- Click Done
- Choose Next : Condition >
- Choose Under DDoS attack or not
- Select Maximum under Aggregation type dropdown
- Select Greater than or equal too under Operator dropdown
- Enter Threshold value (1 in this example)
- Select Next: Actions >
- Select Next : Details >
- Enter Alert rule name
- Choose Review + create
- Click Create
- Choose Under DDoS attack or not
- Click Alerts under monitoring
- Choose MyDDoSProtectionPlan as created earlier
- Task 6: Monitor a DDoS test attack.
- Search Public IP Addresses in Azure Portal and on page click MyPublicIPAddress as created above
- Copy the IP Address
- Click Metrics under Monitoring section in left panel
- In the Metric dropdown choose Under DDoS attack or not
- Value changes from 0 to 1 if under attack