If I add Azure AD to a cloud architecture do I still need to add a WAF to protect against DOS/DDOS specifically?
If attacks can’t get past authentication being the premises of the question.
Asked
Active
Viewed 321 times
1 Answers
1
Azure provides continuous protection against DDoS attacks that is integrated into the platform by default at no extra cost. Azure also offers the service "Azure DDoS Protection Standard" to provide advanced DDoS mitigation capabilities.
You don't need a WAF. Some people use it and others don't but it mainly provides another layer of defense. If you keep your applications up to date they should also probably be fine without it, though Azure DDOS best practices recommend that you configure a WAF to help secure web applications and to block attacks at the application layer.
An app gateway with WAF enabled can provide the protection you need.
Alternatively, Azure Security Center gives you a license for Microsoft Defender, and Azure Sentinel provides monitoring that could suit your purposes.
Marilee Turscak - MSFT
- 5,874
- 2
- 15
- 25