1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Implementing Azure Network Security

Creating and Configuring Azure Front Door

Start course
Duration1h 26m


This course covers how to implement Azure network security. Through a combination of both theory and practical demonstrations, you will learn how to create and configure a range of Azure services designed to keep your network secure.

This includes topics such as virtual network connectivity, the Azure Front Door Service, NSG configuration, Azure firewall configuration, and application security groups. The course then moves on to the configuration of remote access management via just-in-time access and tools that are used to configure baselines.

We’d love to get your feedback on this course, so please give it a rating when you’re finished. If you have any queries or suggestions, please contact us at support@cloudacademy.com.

Learning Objectives

  • Understand how to implement Azure network security
  • Learn about the various Azure services and methodologies available to secure your network

Intended Audience

This course is intended for IT professionals who are interested in earning Azure certification and for those who work with Microsoft Azure on a daily basis.


To get the most from this course, you should have at least a basic understanding of Azure network resources such as virtual networks, Azure firewalls, and network security groups.



Hi everyone, welcome back. In this demonstration, I'm going to show you how to create a Front Door profile. I'm going to use two instances of web app, each running in different Azure region, which I've already deployed. The first instance is called MyAppEast01 and the second is MyAppWest01.

What I'm going to do here is add a frontend host for Front Door, and then add an application backend and backend pools. I'll then add a routing rule so my Front Door can route traffic to my web apps.

So, let's create a Front Door configuration that will direct traffic based on the lowest latency between two backends that I'll set up. What I'm going to do here to get started is click Create a resource over here in the left. And then from the Networking category, what I'm going to do is select Front Door. Now let's specify my resource group here. And I think I put everything in myRG. And everything goes in my Lab Subscription. Now you'll notice I can't select a location here. That's because the location is locked to wherever my resource group is deployed.

With my basic Front Door information provided, I now have to define the frontend host for my configuration. Now, because this is going to result in a publicly-accessible domain name, the hostname of my Front Door needs to be unique across the Azure landscape. If it's not unique, Azure's going to tell me as much.

What I'm going to do is create my frontend and call it MyAzFD01. Now what I could do here if I wanted to is enable sessions affinity and even a web application firewall. For this demo, I'll leave these at their defaults.

Now clicking Add here, what this does is create the frontend for my Front Door. At this point, I need to configure my application backends in a backend pool. This tells Front Door where my application lives.

To do this, I need to click the little plus icon here in the Backend pools pane. And then I have to specify a name for my backend pool. So I'll call it simply BackendPool. Now, clicking on Add a Backend here lets me add my websites that I created earlier. The backend host type lets me specify what the host's type is for my backend.

I have a couple of different options here. I'm going to choose App Service here since my web apps are app service apps. I then have to choose my Azure subscription that contains my websites. And like I said, everything's in the Lab Subscription. And then from here, I can choose the first website from the dropdown.

We can see I have West01 and East01. I can leave the remaining fields as they are for now and then I'll click Add. Now what I'm going to do here is repeat the process to add my second website. Now, although I can choose to update the Health Probes here and configure the load balancing for my backend pool, the default values will work for this exercise. So I'll leave them at their default.

And then from here, I'll click Add to finish up my backend config. At this point, I need to add a routing rule. To do this, I have to click the little plus icon here again in the Routing Rules pane. What this does is map my frontend host to my backend pool that I just created. Essentially, what I'm doing here is telling my configuration to forward incoming requests from my frontend to my backend pool.

I'm going to call my rule DefaultRouting. The Accepted Protocol field here allows me to specify which protocols will be allowed for the rule. You can see here that the frontend hosts field defaulted to my only configured frontend already.

Notice here that the default pattern to match is /*. This means all traffic that hits the root of my site, or anything below it, will match the rule.

Now, since we aren't doing any redirecting of traffic, we'll leave the Route Type set to Forward so that it forwards my traffic to my back end. The Backend pool dropdown here shows where my traffic will go. We can see it's going to my backend pool.

Now, the Forwarding Protocol here refers to the protocol to use for forwarding requests to the backend or to match from the incoming request. What I'm going to do here is set this to match the request. So the request that comes in is http, it's going to forward http. By changing to https, I could forward it on as https. I'll just match the request as it comes in.

We're going to leave URL Rewrite and Caching disabled since we don't need either feature here. And then, what I'll do is I'll click Add here to add the routing for my Front Door. And now with everything configured, from here, what I can do is click on Review and Create. And this will validate my Front Door configuration.

Now, when it passes validation, I can click Create to begin the deployment. So, with my Front Door created now, I can access it by going to a web browser and browsing to its URL. In this case, what I'll do is I'll go to the resource here. The URL of my Front Door is https//myazfd01.azurefd.net. And what I'll do here is open this in an incognito window. Now what happens is that my request is automatically routed to the backend that's nearest to me, and it will failover in the event one of my backends goes down. So, with that, you've learned how to deploy and configure Azure Front Door.

About the Author
Learning paths8

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.