diff --git a/exports.js b/exports.js
index 364e127dda..22c69608e1 100644
--- a/exports.js
+++ b/exports.js
@@ -344,6 +344,7 @@ module.exports = {
         'queueServiceAllAccessAcl'      : require(__dirname + '/plugins/azure/queueservice/queueServiceAllAccessAcl.js'),
 
         'multipleSubnets'               : require(__dirname + '/plugins/azure/virtualnetworks/multipleSubnets.js'),
+        'ddosStandardProtectionEnabled' : require(__dirname + '/plugins/azure/virtualnetworks/ddosStandardProtectionEnabled.js'),
 
         'vmInstanceLimit'               : require(__dirname + '/plugins/azure/virtualmachines/vmInstanceLimit.js'),
         'classicInstances'              : require(__dirname + '/plugins/azure/virtualmachines/classicInstances.js'),
diff --git a/plugins/azure/virtualnetworks/ddosStandardProtectionEnabled.js b/plugins/azure/virtualnetworks/ddosStandardProtectionEnabled.js
new file mode 100644
index 0000000000..069dbc6f8d
--- /dev/null
+++ b/plugins/azure/virtualnetworks/ddosStandardProtectionEnabled.js
@@ -0,0 +1,50 @@
+const async = require('async');
+const helpers = require('../../../helpers/azure');
+
+module.exports = {
+    title: 'DDoS Standard Protection Enabled',
+    category: 'Virtual Networks',
+    description: 'Ensures that DDoS Standard Protection is enabled for Microsoft Azure Virtual Networks',
+    more_info: 'DDoS Protection Standard offers enhanced Distributed Denial-of-Service (DDoS) mitigation capabilities via adaptive tuning, attack alert notifications, and telemetry to protect against the impacts of large DDoS attacks for all the protected resources available within your Azure Virtual Networks.',
+    recommended_action: 'Enable DDoS protection for virtual networks',
+    link: 'https://azure.microsoft.com/en-us/blog/azure-ddos-protection-for-virtual-networks-generally-available/',
+    apis: ['virtualNetworks:listAll'],
+
+    run: function(cache, settings, callback) {
+        const results = [];
+        const source = {};
+        const locations = helpers.locations(settings.govcloud);
+
+        async.each(locations.virtualNetworks, (location, rcb) => {
+            var virtualNetworks = helpers.addSource(cache, source, 
+                ['virtualNetworks', 'listAll', location]);
+
+            if (!virtualNetworks) return rcb();
+
+            if (virtualNetworks.err || !virtualNetworks.data) {
+                helpers.addResult(results, 3, 'Unable to query for Virtual Networks: ' + helpers.addError(virtualNetworks), location);
+                return rcb();
+            }
+
+            if (!virtualNetworks.data.length) {
+                helpers.addResult(results, 0, 'No existing Virtual Networks found', location);
+                return rcb();
+            }
+                
+            virtualNetworks.data.forEach(virtualNetwork => {
+                if (virtualNetwork.enableDdosProtection) {
+                    helpers.addResult(results, 0,
+                        'DDoS Standard Protection is enabled for Microsoft Azure Virtual Network', location, virtualNetwork.id);
+                } else {
+                    helpers.addResult(results, 2,
+                        'DDoS Standard Protection is not enabled for Microsoft Azure Virtual Network', location, virtualNetwork.id);
+                }
+            });
+
+            rcb();
+        }, function() {
+            // Global checking goes here
+            callback(null, results, source);
+        });
+    }
+};
diff --git a/plugins/azure/virtualnetworks/ddosStandardProtectionEnabled.spec.js b/plugins/azure/virtualnetworks/ddosStandardProtectionEnabled.spec.js
new file mode 100644
index 0000000000..d8f4fe9863
--- /dev/null
+++ b/plugins/azure/virtualnetworks/ddosStandardProtectionEnabled.spec.js
@@ -0,0 +1,93 @@
+var expect = require('chai').expect;
+var ddosStandardProtectionEnabled = require('./ddosStandardProtectionEnabled');
+
+const virtualNetworks = [
+    {
+        "name": 'test-vnet',
+        "id": '/subscriptions/123/resourceGroups/aqua-resource-group/providers/Microsoft.Network/virtualNetworks/test-vnet',
+        "type": 'Microsoft.Network/virtualNetworks',
+        "location": 'eastus',
+        "provisioningState": 'Succeeded',
+        "virtualNetworkPeerings": [],
+        "enableDdosProtection": true
+    },
+    {
+        "name": 'test-vnet',
+        "id": '/subscriptions/123/resourceGroups/aqua-resource-group/providers/Microsoft.Network/virtualNetworks/test-vnet',
+        "type": 'Microsoft.Network/virtualNetworks',
+        "location": 'eastus',
+        "provisioningState": 'Succeeded',
+        "virtualNetworkPeerings": [],
+        "enableDdosProtection": false
+    }
+];
+
+const createCache = (virtualNetworks) => {
+    return {
+        virtualNetworks: {
+            listAll: {
+                'eastus': {
+                    data: virtualNetworks
+                }
+            }
+        }
+    };
+};
+
+const createErrorCache = () => {
+    return {
+        virtualNetworks: {
+            listAll: {
+                'eastus': {}
+            }
+        }
+    };
+};
+
+describe('ddosStandardProtectionEnabled', function() {
+    describe('run', function() {
+        it('should give passing result if no virtual networks', function(done) {
+            const cache = createCache([]);
+            ddosStandardProtectionEnabled.run(cache, {}, (err, results) => {
+                expect(results.length).to.equal(1);
+                expect(results[0].status).to.equal(0);
+                expect(results[0].message).to.include('No existing Virtual Networks found');
+                expect(results[0].region).to.equal('eastus');
+                done();
+            });
+        });
+
+        it('should give failing result if DDoS standard protection is not enabled for virtual network', function(done) {
+            const cache = createCache([virtualNetworks[1]]);
+            ddosStandardProtectionEnabled.run(cache, {}, (err, results) => {
+                expect(results.length).to.equal(1);
+                expect(results[0].status).to.equal(2);
+                expect(results[0].message).to.include('DDoS Standard Protection is not enabled for Microsoft Azure Virtual Network');
+                expect(results[0].region).to.equal('eastus');
+                done();
+            });
+        });
+
+        it('should give unknown result if Unable to query for Virtual Networks', function(done) {
+            const cache = createErrorCache();
+            ddosStandardProtectionEnabled.run(cache, {}, (err, results) => {
+                expect(results.length).to.equal(1);
+                expect(results[0].status).to.equal(3);
+                expect(results[0].message).to.include('Unable to query for Virtual Networks:');
+                expect(results[0].region).to.equal('eastus');
+                done();
+            });
+        });
+
+        it('should give passing result if DDoS standard protection is enabled for virtual network', function(done) {
+            const cache = createCache([virtualNetworks[0]]);
+            ddosStandardProtectionEnabled.run(cache, {}, (err, results) => {
+                expect(results.length).to.equal(1);
+                expect(results[0].status).to.equal(0);
+                expect(results[0].message).to.include('DDoS Standard Protection is enabled for Microsoft Azure Virtual Network');
+                expect(results[0].region).to.equal('eastus');
+                done();
+            });
+        });
+    });
+}); 
\ No newline at end of file