diff --git a/Azure WAF/Policy - Azure Policy Definitions/Policy - Application Gateway WAF should have HTTP DDoS Ruleset enabled/Policy - Application Gateway WAF should have HTTP DDoS Ruleset enabled.json b/Azure WAF/Policy - Azure Policy Definitions/Policy - Application Gateway WAF should have HTTP DDoS Ruleset enabled/Policy - Application Gateway WAF should have HTTP DDoS Ruleset enabled.json
new file mode 100644
index 0000000..d4aefcb
--- /dev/null
+++ b/Azure WAF/Policy - Azure Policy Definitions/Policy - Application Gateway WAF should have HTTP DDoS Ruleset enabled/Policy - Application Gateway WAF should have HTTP DDoS Ruleset enabled.json	
@@ -0,0 +1,53 @@
+{
+  "properties": {
+    "displayName": "AzureApplicationGateway-Should-be-Deployed-with-HTTPDDoSRuleset",
+    "policyType": "Custom",
+    "mode": "All",
+    "description": "This policy ensures that the Application Gateway deployments are HTTP DDoS Ruleset enabled to protect against Application Layer DDoS attacks.",
+    "metadata": {
+      "category": ""
+    },
+    "version": "1.0.0",
+    "parameters": {
+      "effect": {
+        "type": "String",
+        "metadata": {
+          "displayName": "Effect",
+          "description": "Enable or disable the execution of the policy"
+        },
+        "allowedValues": [
+          "Audit",
+          "Deny",
+          "Disabled"
+        ],
+        "defaultValue": "Audit"
+      }
+    },
+    "policyRule": {
+      "if": {
+        "allOf": [
+          {
+            "field": "type",
+            "equals": "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies"
+          },
+          {
+            "count": {
+              "field": "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/managedRules.managedRuleSets[*]",
+              "where": {
+                "field": "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/managedRules.managedRuleSets[*].ruleSetType",
+                "equals": "Microsoft_HTTPDDoSRuleSet"
+              }
+            },
+            "less": 1
+          }
+        ]
+      },
+      "then": {
+        "effect": "[parameters('effect')]"
+      }
+    },
+    "versions": [
+      "1.0.0"
+    ]
+  }
+}
diff --git a/Azure WAF/Policy - Azure Policy Definitions/Policy - Application Gateway WAF should have HTTP DDoS Ruleset enabled/README.md b/Azure WAF/Policy - Azure Policy Definitions/Policy - Application Gateway WAF should have HTTP DDoS Ruleset enabled/README.md
new file mode 100644
index 0000000..439684e
--- /dev/null
+++ b/Azure WAF/Policy - Azure Policy Definitions/Policy - Application Gateway WAF should have HTTP DDoS Ruleset enabled/README.md	
@@ -0,0 +1,3 @@
+## Application Gateway WAF should have HTTP DDoS Ruleset enabled
+
+This policy mandates having HTTP DDoS Ruleset for Application Gateway WAF and has three options i.e., Audit, Deny & Disabled actions.