hands-on lab

Implementing an Azure WAF Application Gateway

Up to 45m
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


Security is of the utmost importance more than ever. Azure Web Application Firewall on Azure Application Gateway provides additional security protection for Application Gateways. Web applications are increasingly targeted by malicious attacks year over year, using WAF with Application Gateway can help Cloud engineers and developers protect their environments.

In this lab, you will explore enabling WAF on Application Gateway and creating a policy.

Learning Objectives

Upon completion of this Lab you will be able to:

  • Enable WAF on an Application Gateway and enable monitoring
  • Create a WAF policy and enforce it on multiple Application Gateways or Sites
  • Create Custom Rules to mitigate security risks

Intended Audience

This lab is intended for:

  • Those studying for the AZ-700: Designing and Implementing Microsoft Azure Networking Solutions certification
  • Anyone interested in Azure networking or security


You should possess:

  • Basic understanding of Azure fundamentals
  • Understanding of Firewalls and Application Gateways

The following content is sufficient to fulfill these prerequisites:


February 22nd, 2023 - Resolved WAF policy creation issue

November 4th, 2022 - Updated the instructions and screenshots to reflect the latest UI

Environment before

Environment after

About the author

Learning paths

Luke is a Site Reliability Engineer at Microsoft. His background is infrastructure development using Terraform and in 2021 he was awarded the HashiCorp Ambassador award. He is an Azure DevOps Engineer Expert, Azure Administrator Associate, and HashiCorp Certified - Terraform Associate.

Covered topics

Lab steps

Logging in to the Microsoft Azure Portal
Ensuring the Lab Setup Has Completed
Enabling WAF on an Application Gateway
Creating a WAF Policy