Merge pull request #220651 from duongau/vnetsecurity

Virtual Network - add DDoS protection section to PS, CLI and Portal quickstarts

Author: v-dirichards

articles/virtual-network/media/quick-create-portal/create-ddos-plan.png

@@ -23,7 +23,7 @@ In this quickstart, you learn how to create a virtual network. After creating a
 
 - This quickstart requires version 2.0.28 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.
 
-## Create a resource group and a virtual network
+## Create a resource group
 
 Before you can create a virtual network, you have to create a resource group to host the virtual network. Create a resource group with [az group create](/cli/azure/group#az-group-create). This example creates a resource group named **CreateVNetQS-rg** in the **Eastus** location:
 
@@ -33,13 +33,25 @@ az group create \
     --location eastus
 ```
 
-Create a virtual network with [az network vnet create](/cli/azure/network/vnet#az-network-vnet-create). This example creates a default virtual network named **myVNet** with one subnet named **default**:
+## Create a virtual network with DDoS Protection Standard enabled
+
+Create a DDoS Protection plan with [az network ddos-protection create](/cli/azure/network/ddos-protection#az-network-ddos-protection-create) to associate with the virtual network. This example creates a DDoS Protection plan named **myDDoSPlan** in the **EastUS** location:
+
+```azurecli-interactive
+az network ddos-protection create \
+    --resource-group CreateVNetQS-rg \
+    --name myDDoSPlan
+```
+
+Create a virtual network with [az network vnet create](/cli/azure/network/vnet#az-network-vnet-create). This example creates a default virtual network named **myVNet** with one subnet named **default** with a DDoS Protection plan enabled:
 
 ```azurecli-interactive
 az network vnet create \
   --name myVNet \
   --resource-group CreateVNetQS-rg \
   --subnet-name default
+  --ddos-protection-plan myDDoSPlan \
+  --ddos-protection true
 ```
 
 ## Create virtual machines

articles/virtual-network/media/quick-create-portal/enable-ddos.png

@@ -15,7 +15,7 @@ ms.custom: mode-ui
 
 # Quickstart: Create a virtual network using the Azure portal
 
-In this quickstart, you learn how to create a virtual network using the Azure portal. You deploy two virtual machines (VMs). Next, you securely communicate between VMs and connect to VMs from the internet. A virtual network is the fundamental building block for your private network in Azure. It enables Azure resources, like VMs, to securely communicate with each other and with the internet.
+In this quickstart, you'll learn how to create a virtual network using the Azure portal. You deploy two virtual machines (VMs). Next, you securely communicate between VMs and connect to VMs from the internet. A virtual network is the fundamental building block for your private network in Azure. It enables Azure resources, like VMs, to securely communicate with each other and with the internet.
 
 ## Prerequisites
 
@@ -25,66 +25,80 @@ In this quickstart, you learn how to create a virtual network using the Azure po
 
 Sign in to the [Azure portal](https://portal.azure.com).
 
-## Create a virtual network
+## Create a DDoS protection plan
 
 1. Select **Create a resource** in the upper left-hand corner of the portal.
 
+1. In the search box, enter **DDoS protection plan**. Select **DDoS protection plan** in the search results and then select **Create**.
 
-1. In the search box, enter **Virtual Network**. Select **Virtual Network** in the search results.
-
-1. In the **Virtual Network** page, select **Create**.
+1. In the **Create a DDoS protection plan** page, enter or select the following information on the **Basics** tab:
 
-1. In **Create virtual network**, enter or select this information in the **Basics** tab:
+    :::image type="content" source="./media/quick-create-portal/create-ddos-plan.png" alt-text="Screenshot of creating a DDoS protection plan.":::
 
     | Setting | Value |
-    | ------- | ----- |
+    |--|--|
     | **Project details** |   |
     | Subscription | Select your subscription. |
     | Resource group | Select **Create new**.  </br> Enter **myResourceGroup**. </br> Select **OK**. |
     | **Instance details** |   |
-    | Name | Enter **myVNet**. |
+    | Name | Enter **myDDoSPlan**. |
     | Region | Select **(US) East US**. |
 
+1. Select **Review + create** and then select **Create** to deploy the DDoS protection plan.
 
-    :::image type="content" source="./media/quick-create-portal/example-basics-tab.png" alt-text="Screenshot of creating a virtual network in Azure portal." border="true":::
+## Create a virtual network
 
+1. Select **Create a resource** in the upper left-hand corner of the portal.
+
+1. In the search box, enter **Virtual Network**. Select **Virtual Network** in the search results.
+
+1. In the **Virtual Network** page, select **Create**.
+
+1. In **Create virtual network**, enter or select this information in the **Basics** tab:
 
+    :::image type="content" source="./media/quick-create-portal/example-basics-tab.png" alt-text="Screenshot of creating a virtual network in Azure portal.":::
 
+    | Setting | Value |
+    | ------- | ----- |
+    | **Project details** |   |
+    | Subscription | Select your subscription. |
+    | Resource group | Select **myResourceGroup**. |
+    | **Instance details** |   |
+    | Name | Enter **myVNet**. |
+    | Region | Select **(US) East US**. |
 
 1. Select the **IP Addresses** tab, or select the **Next: IP Addresses** button at the bottom of the page and enter in the following information then select **Add**:
 
+    :::image type="content" source="./media/quick-create-portal/example-ip-address-tab.png" alt-text="Screenshot of editing ip address tab for virtual network.":::
+
     | Setting            | Value                      |
     |--------------------|----------------------------|
     | IPv4 address space | Enter **10.1.0.0/16**.     |
     | **Add subnet**                                  |
     | Subnet name        | Enter **MySubnet**.        |
     | Subnet address range | Enter **10.1.0.0/24**.   |
     | Select **Add**.    |                            |
-   
-
-     :::image type="content" source="./media/quick-create-portal/example-ip-address-tab.png" alt-text="Screenshot of editing ip address tab for virtual network." border="true":::
 
 1. Select the **Security** tab, or select the **Next: Security** button at the bottom of the page.
 
 1. Under **BastionHost**, select **Enable**. Enter this information:
 
+    :::image type="content" source="./media/quick-create-portal/example-security-tab.png" alt-text="Screenshot of editing security tab for virtual network.":::
+
     | Setting            | Value                      |
     |--------------------|----------------------------|
     | Bastion name | Enter **myBastionHost** |
     | AzureBastionSubnet address space | Enter **10.1.1.0/24** |
     | Public IP Address | Select **Create new**. </br> For **Name**, enter **myBastionIP**. </br> Select **OK**. |
 
+1. Under **DDoS Protection Standard**, select **Enable**. Then for **DDoS Protection Plan**, select the **myDDoSPlan** resource created in the last section.
 
-    :::image type="content" source="./media/quick-create-portal/example-security-tab.png" alt-text="Screenshot of editing security tab for virtual network." border="true":::
-
-
+    :::image type="content" source="./media/quick-create-portal/enable-ddos.png" alt-text="Screenshot of enabling DDoS protection standard in the security tab.":::
 
 1. Select the **Review + create** tab or select the **Review + create** button.
 
 1. Select **Create**.
 
-
-
 ## Create virtual machines
 
 Create two VMs in the virtual network:

articles/virtual-network/media/quick-create-portal/example-basics-tab.png

@@ -40,18 +40,32 @@ $rg = @{
 New-AzResourceGroup @rg
 ```
 
+### Create a DDoS Protection plan
+
+Create a DDoS Protection plan with [New-AzDdosProtectionPlan](/powershell/module/az.network/new-azddosprotectionplan) to associate with the virtual network. This example creates a DDoS Protection plan named **myDDoSPlan** in the **EastUS** location:
+
+```azurepowershell-interactive
+$plan = @{
+    Name = 'myDDoSPlan'
+    ResourceGroupName = 'CreateVNetQS-rg'
+    Location = 'EastUS'
+}
+$ddosplan = New-AzDdosProtectionPlan @plan
+```
+
 ### Create the virtual network
 
-Create a virtual network with [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork). This example creates a default virtual network named **myVNet** in the **EastUS** location:
+Create a virtual network with [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork). This example creates a default virtual network named **myVNet** in the **EastUS** location with the DDoS Protection Standard enabled:
 
 ```azurepowershell-interactive
 $vnet = @{
     Name = 'myVNet'
     ResourceGroupName = 'CreateVNetQS-rg'
     Location = 'EastUS'
-    AddressPrefix = '10.0.0.0/16'    
+    AddressPrefix = '10.0.0.0/16'
+    DDoSProtectionPlan = $ddosplan.Id
 }
-$virtualNetwork = New-AzVirtualNetwork @vnet
+$virtualNetwork = New-AzVirtualNetwork @vnet -EnableDdosProtection
 ```
 
 ### Add a subnet