Merge pull request #247530 from AbdullahBell/ddos-convert-log-analytics

DDoS Protection: Update: Configure Azure DDoS Protection Log Analytics workspace

Author: v-regandowner

articles/ddos-protection/TOC.yml

@@ -43,6 +43,22 @@
   items:
   - name: View and configure DDoS telemetry
     href: telemetry.md
+  - name: Configure Monitoring and Logging
+    items:
+      - name: Configure Log Analytics workspace 
+        href: ddos-configure-log-analytics-workspace.md
+      - name: Configure metric alerts through portal
+        href: alerts.md  
+      - name: Configure diagnostic logging
+        href: diagnostic-logging.md   
+      - name: Configure diagnostic logging alerts
+        href: ddos-diagnostic-alert-templates.md 
+  - name: View Monitoring and Logging
+    items: 
+      - name: View alerts in Microsoft Defender for Cloud
+        href: ddos-view-alerts-defender-for-cloud.md
+      - name: View diagnostic logs in Log Analytics workspace
+        href: ddos-view-diagnostic-logs.md        
 - name: Concepts
   items:
   - name: Azure DDoS Protection features
@@ -73,22 +89,6 @@
   items:
     - name: Switch tiers
       href: ddos-switch-ddos-protection-tier.md
-    - name: Configure Monitoring and Logging
-      items:
-        - name: Configure Log Analytics workspace 
-          href: ddos-configure-log-analytics-workspace.md
-        - name: Configure metric alerts through portal
-          href: alerts.md  
-        - name: Configure diagnostic logging alerts
-          href: ddos-diagnostic-alert-templates.md
-        - name: Configure diagnostic logging
-          href: diagnostic-logging.md    
-    - name: View Monitoring and Logging
-      items: 
-        - name: View alerts in Microsoft Defender for Cloud
-          href: ddos-view-alerts-defender-for-cloud.md
-        - name: View diagnostic logs in Log Analytics workspace
-          href: ddos-view-diagnostic-logs.md
     - name: Test with simulation partners
       href: test-through-simulations.md
     - name: Engage DDoS Rapid Response (DRR)

articles/ddos-protection/ddos-configure-log-analytics-workspace.md

@@ -4,17 +4,20 @@ description: Learn how to configure Log Analytics workspace for Azure DDoS Prote
 services: ddos-protection
 author: AbdullahBell
 ms.service: ddos-protection
-ms.topic: how-to
+ms.topic: tutorial
 ms.workload: infrastructure-services
-ms.date: 01/30/2023
+ms.date: 08/07/2023
 ms.author: abell
 ---
 
 # Configure Azure DDoS Protection Log Analytics workspace
 
 In order to use diagnostic logging, you'll first need a Log Analytics workspace with diagnostic settings enabled.
 
-In this article, you'll learn how to configure a Log Analytics workspace for Azure DDoS Protection.
+In this tutorial, you learn how to:
+
+> [!div class="checklist"]
+> * Configure a Log Analytics workspace for DDoS Protection.
 
 ## Prerequisites
 
@@ -63,4 +66,7 @@ For more information, see [Log Analytics workspace overview](../azure-monitor/lo
 
 ## Next steps
 
-* [configure diagnostic logging alerts](ddos-diagnostic-alert-templates.md)
+In this tutorial you learned how to create a Log Analytics workspace for Azure DDoS Protection. To learn how to configure alerts, continue to the next article.
+
+> [!div class="nextstepaction"]
+> [Configure diagnostic logging alerts](ddos-diagnostic-alert-templates.md)

articles/ddos-protection/ddos-protection-overview.md

@@ -21,6 +21,18 @@ Azure DDoS Protection, combined with application design best practices, provides
 
 Azure DDoS Protection protects at layer 3 and layer 4 network layers. For web applications protection at layer 7, you need to add protection at the application layer using a WAF offering. For more information, see [Application DDoS protection](../web-application-firewall/shared/application-ddos-protection.md).
 
+## Tiers
+
+### DDoS Network Protection
+
+Azure DDoS Network Protection, combined with application design best practices, provides enhanced DDoS mitigation features to defend against DDoS attacks. It's automatically tuned to help protect your specific Azure resources in a virtual network. For more information about enabling DDoS Network Protection, see [Quickstart: Create and configure Azure DDoS Network Protection using the Azure portal](manage-ddos-protection.md).
+
+### DDoS IP Protection 
+
+DDoS IP Protection is a pay-per-protected IP model. DDoS IP Protection contains the same core engineering features as DDoS Network Protection, but will differ in the following value-added services: DDoS rapid response support, cost protection, and discounts on WAF. For more information about enabling DDoS IP Protection, see [Quickstart: Create and configure Azure DDoS IP Protection using Azure PowerShell](manage-ddos-protection-powershell-ip.md).
+
+
+For more information about the tiers, see [Tier comparison](ddos-protection-sku-comparison.md).
 ## Key benefits
 
 ### Always-on traffic monitoring
@@ -35,11 +47,6 @@ Azure DDoS Protection applies three auto-tuned mitigation policies (TCP SYN, TCP
 ### Azure DDoS Rapid Response
  During an active attack, Azure DDoS Protection customers have access to the DDoS Rapid Response (DRR) team, who can help with attack investigation during an attack and post-attack analysis. For more information, see [Azure DDoS Rapid Response](ddos-rapid-response.md).
 
-## Tier
-
-Azure DDoS Protection is offered in two available tiers, DDoS IP Protection and DDoS Network Protection. For more information about the tiers, see [Tier comparison](ddos-protection-sku-comparison.md).
-
-
 ### Native platform integration
  Natively integrated into Azure. Includes configuration through the Azure portal. Azure DDoS Protection understands your resources and resource configuration.
 

articles/ddos-protection/ddos-protection-sku-comparison.md

@@ -5,7 +5,7 @@ author: AbdullahBell
 ms.author: Abell
 ms.service: ddos-protection
 ms.topic: conceptual 
-ms.date: 05/23/2023
+ms.date: 08/08/2023
 ms.custom: template-concept, ignite-2022
 ---
 
@@ -15,17 +15,9 @@ ms.custom: template-concept, ignite-2022
 
 The sections in this article discuss the resources and settings of Azure DDoS Protection.
 
-## DDoS Network Protection
-
-Azure DDoS Network Protection, combined with application design best practices, provides enhanced DDoS mitigation features to defend against DDoS attacks. It's automatically tuned to help protect your specific Azure resources in a virtual network. For more information about enabling DDoS Network Protection, see [Quickstart: Create and configure Azure DDoS Network Protection using the Azure portal](manage-ddos-protection.md).
-
-## DDoS IP Protection 
-
- DDoS IP Protection is a pay-per-protected IP model. DDoS IP Protection contains the same core engineering features as DDoS Network Protection, but will differ in the following value-added services: DDoS rapid response support, cost protection, and discounts on WAF. For more information about enabling DDoS IP Protection, see [Quickstart: Create and configure Azure DDoS IP Protection using Azure PowerShell](manage-ddos-protection-powershell-ip.md).
-
 ## Tiers
 
-Azure DDoS Protection supports two tier Types, DDoS IP Protection and DDoS Network Protection. The tier is configured in the Azure portal during the workflow when you configure Azure DDoS Protection.
+Azure DDoS Protection supports two tier types, DDoS IP Protection and DDoS Network Protection. The tier is configured in the Azure portal during the workflow when you configure Azure DDoS Protection.
 
 The following table shows features and corresponding tiers.
 
@@ -56,11 +48,11 @@ The following table shows features and corresponding tiers.
 
 DDoS Network Protection and DDoS IP Protection have the following limitations:
 
-- PaaS services (multi-tenant), which includes Azure App Service Environment for Power Apps, Azure API Management in deployment modes other than APIM with virtual network integration (For more informaiton see https://techcommunity.microsoft.com/t5/azure-network-security-blog/azure-ddos-standard-protection-now-supports-apim-in-vnet/ba-p/3641671), and Azure Virtual WAN aren't currently supported. 
+- PaaS services (multi-tenant), which includes Azure App Service Environment for Power Apps, Azure API Management in deployment modes other than APIM with virtual network integration (For more information see https://techcommunity.microsoft.com/t5/azure-network-security-blog/azure-ddos-standard-protection-now-supports-apim-in-vnet/ba-p/3641671), and Azure Virtual WAN aren't currently supported. 
 - Protecting a public IP resource attached to a NAT Gateway isn't supported.
 - Virtual machines in Classic/RDFE deployments aren't supported.
-- VPN gateway or Virtual network gateway is protected by a fixed DDoS policy. Adaptive tuning is not supported at this stage. 
-- Disabling DDoS protection for a public IP address is currently a preview feature. If you disable DDoS protection for a public IP resource that is linked to a virtual network with an active DDoS protection plan, you will still be billed for DDoS Network Protection. However, the following functionalities will be suspended: mitigation of DDoS attacks, telemetry, and logging of DDoS mitigation events. 
+- VPN gateway or Virtual network gateway is protected by a fixed DDoS policy. Adaptive tuning isn't supported at this stage. 
+- Disabling DDoS protection for a public IP address is currently a preview feature. If you disable DDoS protection for a public IP resource that is linked to a virtual network with an active DDoS protection plan, you'll still be billed for DDoS Network Protection. However, the following functionalities will be suspended: mitigation of DDoS attacks, telemetry, and logging of DDoS mitigation events. 
 - Partially supported: the Azure DDoS Protection service can protect a public load balancer with a public IP address prefix linked to its frontend. It effectively detects and mitigates DDoS attacks. However, telemetry and logging for the protected public IP addresses within the prefix range are currently unavailable.