diff --git a/quickstart/101-ddos-protection-plan/main.tf b/quickstart/101-ddos-protection-plan/main.tf
new file mode 100644
index 00000000..facff4e7
--- /dev/null
+++ b/quickstart/101-ddos-protection-plan/main.tf
@@ -0,0 +1,44 @@
+resource "random_pet" "rg_name" {
+  prefix = var.resource_group_name_prefix
+}
+
+resource "azurerm_resource_group" "rg" {
+  name     = random_pet.rg_name.id
+  location = var.resource_group_location
+}
+
+resource "random_string" "ddos_protection_plan_name" {
+  length  = 13
+  upper   = false
+  numeric = false
+  special = false
+}
+
+resource "azurerm_network_ddos_protection_plan" "ddos" {
+  name                = random_string.ddos_protection_plan_name.result
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.rg.location
+}
+
+resource "random_string" "virtual_network_name" {
+  length  = 13
+  upper   = false
+  numeric = false
+  special = false
+}
+
+resource "azurerm_virtual_network" "vnet" {
+  name                = random_string.virtual_network_name.result
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = azurerm_resource_group.rg.location
+  address_space       = [var.vnet_address_prefix]
+
+  subnet {
+    name           = "default"
+    address_prefix = var.subnet_prefix
+  }
+  ddos_protection_plan {
+    id     = azurerm_network_ddos_protection_plan.ddos.id
+    enable = var.ddos_protection_plan_enabled
+  }
+}
\ No newline at end of file
diff --git a/quickstart/101-ddos-protection-plan/outputs.tf b/quickstart/101-ddos-protection-plan/outputs.tf
new file mode 100644
index 00000000..55696ea9
--- /dev/null
+++ b/quickstart/101-ddos-protection-plan/outputs.tf
@@ -0,0 +1,11 @@
+output "resource_group_name" {
+  value = azurerm_resource_group.rg.name
+}
+
+output "ddos_protection_plan_name" {
+  value = azurerm_network_ddos_protection_plan.ddos.name
+}
+
+output "virtual_network_name" {
+  value = azurerm_virtual_network.vnet.name
+}
\ No newline at end of file
diff --git a/quickstart/101-ddos-protection-plan/providers.tf b/quickstart/101-ddos-protection-plan/providers.tf
new file mode 100644
index 00000000..4fd5f6ba
--- /dev/null
+++ b/quickstart/101-ddos-protection-plan/providers.tf
@@ -0,0 +1,16 @@
+terraform {
+  required_version = ">=1.0"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.0"
+    }
+  }
+}
+provider "azurerm" {
+  features {}
+}
\ No newline at end of file
diff --git a/quickstart/101-ddos-protection-plan/readme.md b/quickstart/101-ddos-protection-plan/readme.md
new file mode 100644
index 00000000..5080bef8
--- /dev/null
+++ b/quickstart/101-ddos-protection-plan/readme.md
@@ -0,0 +1,27 @@
+# Azure DDoS protection plan and virtual network
+
+This template creates an Azure DDoS protection plan and a virtual network.
+
+## Terraform resource types
+
+- [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet)
+- [azurerm_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group)
+- [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string)
+- [azurerm_network_ddos_protection_plan](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_ddos_protection_plan)
+- [azurerm_virtual_network](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network)
+
+## Variables
+
+| Name | Description | Default |
+|-|-|-|
+| `resource_group_name_prefix` | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | rg |
+| `resource_group_location` | Location of the resource group. | eastus |
+| `ddos_protection_plan_name` | Specify a DDoS protection plan name. | null |
+| `virtual_network_name` | Specify a DDoS virtual network name. | null |
+| `vnet_address_prefix` | Specify the virtual network address prefix | 172.17.0.0/16 |
+| `subnet_prefix` | Specify the virtual network subnet prefix | 172.17.0.0/24 |
+| `ddos_protection_plan_enabled` | Enable DDoS protection plan. | true |
+
+## Example
+
+To see how to run this example, see [Create an Azure DDoS protection plan and virtual network using Terraform](https://docs.microsoft.com/azure/developer/terraform/create-ddos-protection-plan-and-virtual-network).
\ No newline at end of file
diff --git a/quickstart/101-ddos-protection-plan/variables.tf b/quickstart/101-ddos-protection-plan/variables.tf
new file mode 100644
index 00000000..5d1e5855
--- /dev/null
+++ b/quickstart/101-ddos-protection-plan/variables.tf
@@ -0,0 +1,41 @@
+variable "resource_group_location" {
+  type        = string
+  description = "Location for all resources."
+  default     = "eastus"
+}
+
+variable "resource_group_name_prefix" {
+  type        = string
+  description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
+  default     = "rg"
+}
+
+variable "ddos_protection_plan_name" {
+  type        = string
+  description = "Specify a DDoS protection plan name."
+  default     = null
+}
+
+variable "virtual_network_name" {
+  type        = string
+  description = "Specify a DDoS virtual network name."
+  default     = null
+}
+
+variable "vnet_address_prefix" {
+  type        = string
+  description = "Specify the virtual network address prefix"
+  default     = "172.17.0.0/16"
+}
+
+variable "subnet_prefix" {
+  type        = string
+  description = "Specify the virtual network subnet prefix"
+  default     = "172.17.0.0/24"
+}
+
+variable "ddos_protection_plan_enabled" {
+  type        = bool
+  description = "Enable DDoS protection plan."
+  default     = true
+}
\ No newline at end of file