hands-on lab

Securing Public Web Apps through FrontDoor using Access Restrictions Advanced Filters

Up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


Azure Front Door offers various security control and mechanisms that help you build secure and scalable infrastructure without managing the underlying logic and complication of managing the service over time. When coupled with access controls available on Azure App Service, both services are tightly coupled to provide ease of setup and management of security controls.

While serving highly available and resilient public cloud service is crucial to a business, it's also essential to control the boundaries of how that service will be accessed over the internet. Disabling the direct endpoint access to service will help with load balancing and create a highly flexible design to help scale and expand the resources over time.

In this hands-on lab, you will learn how to secure public web app endpoints hosted behind Azure Front Door using advanced access restriction filters.

Learning Objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Create Access Restriction Rule for Web App
  • Enable Frontdoor Access to Webapp using Advanced Filters

Intended Audience

  • Candidates for Azure Security Engineer (AZ-500)
  • Cloud Architects
  • Security Engineers
  • DevOps Engineers
  • Software Engineers


Familiarity with the following will be beneficial but is not required:

  • App Service VNet Integration
  • Azure Front Door

The following content can be used to fulfill the prerequisite:

Environment before

Environment after

About the author

Learning paths

Parveen is an Azure advocate with previous experience in the professional consulting services industries. He specializes in infrastructure and DevOps with a wide range of knowledge in security and access management. He is also an Azure Certified - DevOps Engineer Expert, Security Engineer, Developer Associate, Administrator Associate, CompTIA Certified - Network+, Security+, and AWS Cloud Practitioner.
Parveen enjoys writing about cloud technologies and sharing the knowledge with the community to help students upskill in the cloud.

Covered topics

Lab steps

Logging in to the Microsoft Azure Portal
Disabling Frontdoor and Public Access to the Webapp using Access Restriction
Enabling Frontdoor Access to the Webapp using Service Tag Filter