4

I see Azure DDoS protection can be enabled at the VNET level, and I understand that I can configure the integration of an App Services web app with a VNET, but is that enough to place my application under DDoS protection?

I am under the impression that the VNET integration in App Services is only meant to give the application access to resources that live in a VNET. Is that really the case? Or will such integration also place the application under the DDoS protection that is enabled for the VNET?

Do I need to have a fully isolated App Services Environment (ASE) in a VNET to keep web applications under the DDoS protection plan of the VNET?

Gabriel C
  • 141
  • 1
  • 2

1 Answers1

3

VNET integration won't help with that. (DDoS) Standard Protection is for resources in a virtual network including public IP addresses associated with virtual machines, load balancers, and application gateways.

That said, you can use the Azure Application Gateway for App Services. No need to deploy an ASE in this case.

https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app-powershell

Bruno Faria
  • 3,804
  • 1
  • 11
  • 18