A distributed denial-of-service attack (DDoS attack) is a service disruption intended to prevent a service from functioning correctly. A DDoS attack uses multiple origination sources to prevent firewall rules from blocking attacks. All Azure resources are protected by Azure DDoS Protection Basic for free.
Azure DDoS Protection Standard provides enhanced DDoS mitigation capabilities on top of the core DDoS protection to protect against volumetric attacks where a flood of data is sent, protocol attacks where the layer 3/4 protocol is targeted, and application layer attacks like SQL injection attacks when used with Azure WAF. Rich telemetry is exposed via Azure Monitor for detailed monitoring during attacks.