- Global entry point and intelligent routing: Front Door leverages Microsoft’s global network to steer users to the nearest edge, minimizing latency and improving global user experience.
- Acceleration: Edge termination plus optimizations (Anycast, split‑TCP and other edge optimizations) reduce round trips and increase throughput for both static and dynamic content.
- Edge TLS termination: Offload SSL/TLS at the edge to remove cryptographic load from origin servers and shorten TLS handshake latency.
- Health probes and instant failover: Continuous origin health probes enable automatic failover to healthy backends with minimal disruption.
- URL/path‑based routing and multi‑site hosting: Map different paths or hostnames to distinct backend pools (e.g., static assets served from an optimized origin, APIs served from dedicated backend servers).
- Integrated WAF and security: Protect web apps from common attacks using Front Door’s Web Application Firewall, with additional protections available on higher SKUs.
- Centralized certificate and domain management: Manage custom domains and certificates (including Azure‑managed certificates) from a single pane of glass.
- Telemetry and diagnostics: Logs and metrics show user connection locations, performance metrics, and help troubleshoot availability issues.
- Anycast edge IPs (or DNS‑based edge selection) route clients to the nearest Point of Presence so requests land on Microsoft’s edge quickly.
- Split‑TCP and other edge optimizations improve throughput and reduce latency between the edge and origins, accelerating both static and dynamic responses.
- Front Door continuously probes configured origins and uses probe results plus routing rules to send traffic only to healthy backends.
- Path‑based routing enables traffic segmentation (for example, route /images/* to a storage origin and /api/* to application servers), allowing you to optimize origins for each workload.
Front Door is a global layer‑7 service (global web traffic manager + edge delivery). Use Front Door when you need global entry, edge acceleration, and multi‑region failover. If your scenario requires regional, VNet‑integrated layer‑7 delivery (for example backends only reachable from a virtual network), consider regional load balancers or Application Gateway instead.
Front Door SKUs: Standard vs Premium
Both Standard and Premium provide the core global delivery features — edge acceleration, global load balancing with health probes, TLS termination, custom domains, and telemetry. The Premium SKU builds on Standard with enterprise features focused on security and private connectivity. Core features (Standard and Premium)- Accelerated delivery of static and dynamic content via Microsoft’s global edge.
- Global load balancing with health probes and automatic failover.
- TLS/SSL termination at the edge and support for custom domains with Azure‑managed certificates.
- Telemetry and diagnostics to monitor traffic patterns and diagnose issues.
- Advanced WAF features and richer managed rule sets for deeper protection against injections, XSS, and other attacks.
- Bot mitigation and enhanced protections to reduce automated abuse (note: network DDoS protection is provided by Azure DDoS Protection).
- Private Link support so Front Door can privately connect to Azure backend resources without traversing the public internet.
- Integration with Microsoft threat intelligence to block traffic from known malicious sources and risky regions.
- More detailed security telemetry and event insights for suspicious activity analysis.
| Feature | Standard SKU | Premium SKU |
|---|---|---|
| Global load balancing & edge acceleration | ✓ | ✓ |
| TLS termination & custom domain management | ✓ | ✓ |
| Basic WAF protections | ✓ | ✓ (advanced rule sets & customization) |
| Bot mitigation | Basic | Enhanced |
| Private Link to backends | No | Yes |
| Microsoft threat intelligence integration | Limited | Yes |
| Detailed security telemetry | Standard logs | Enhanced security events |
- Choose Standard for most global web applications that need fast global delivery, simple certificate management, and baseline web protection.
- Choose Premium when you require enterprise‑grade security, private connectivity to VNet resources (Private Link), integration with threat intelligence, or advanced bot mitigation.