Links

Microsoft Network FrontDoor

Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes

Asset Inventory

Design Guidance:

Microsoft.Network/frontDoors

Name
Terraform
Friendly Name
Terraform
Frontend Endpoints
Terraform
Frontend Endpoints-Id
Terraform
Frontend Endpoints-Name
Terraform
Frontend Endpoints-Host Name
Terraform
Tags
Terraform

Microsoft.Network/frontDoors/rulesEngines

Microsoft.Network/frontDoors

Routing Rules-Id
Terraform
Routing Rules-Name
Terraform
Frontend Endpoints-Id
Terraform
Rules Engine-Id
Terraform

Microsoft.Network/FrontDoorWebApplicationFirewallPolicies


Load Balancing

Microsoft.Network/frontDoors

Backend Pools-Id
Terraform
Backend Pools-Name
Terraform
Backends-Address
Terraform
Load Balancing Settings-Id
Terraform
Load Balancing Settings-Id
Terraform
Load Balancing Settings-Name
Terraform
Load Balancing Settings-Additional Latency Milliseconds
Terraform
Load Balancing Settings-Sample Size
Terraform
Load Balancing Settings-Successful Samples Required
Terraform
Backends-Priority
Terraform
Backends-Weight
Terraform

Secure Response Headers

Design Guidance:

Microsoft.Network/frontDoors

Backends-Backend Host Header
Terraform

Microsoft.Network/frontDoors/rulesEngines

Request Header Actions-Header Action Type
Terraform
Request Header Actions-Header Name
Terraform
Request Header Actions-Value
Terraform
Response Header Actions-Header Action Type
Terraform
Response Header Actions-Header Name
Terraform
Response Header Actions-Value
Terraform

Network Access Points Enforcing Network Access

Microsoft.Network/frontDoors

Backends-Enabled State
Terraform
Backends-Private Link Alias
Terraform

Design for High Availability

Design Guidance:

Microsoft.Network/frontDoors

Health Probe Settings-Id
Terraform
Health Probe Settings-Id
Terraform
Health Probe Settings-Name
Terraform
Health Probe Settings-Enabled State
Terraform
Health Probe Settings-Interval In Seconds
Terraform
Health Probe Settings-Path
Terraform

Access Policy Enforcement

Microsoft.Network/frontDoors

Backend Pools Settings-Enforce Certificate Name Check
Terraform

Session Binding

Microsoft.Network/frontDoors

Frontend Endpoints-Session Affinity Enabled State
Terraform

Firewalls

Design Guidance:

Microsoft.Network/frontDoors

Web Application Firewall Policy Link-Id
Terraform

Input Validation

Microsoft.Network/frontDoors

Health Probe Settings-Health Probe Method
Terraform

TLS

Design Guidance:

Microsoft.Network/frontDoors

Health Probe Settings-Protocol
Terraform

Microsoft.Network/frontDoors

Routing Rules-Accepted Protocols
Terraform
Routing Rules-Enabled State
Terraform
Route Configuration-Forwarding Protocol
Terraform
Route Configuration-Redirect Protocol
Terraform

Deny-all Communications and Only Allow-by-Exception

Microsoft.Network/frontDoors

Backends-HTTP Port
Terraform
Backends-HTTPS Port
Terraform

Cache Management

Design Guidance:

Microsoft.Network/frontDoors

Cache Configuration-Cache Duration
Terraform

Redirect To TLS

Design Guidance:

Microsoft.Network/frontDoors

Route Configuration-Redirect Type
Terraform

Payload Inspection

Microsoft.Network/frontDoors/rulesEngines

Match Conditions-Negate Condition
Terraform
Match Conditions-Rules Engine Match Value
Terraform
Match Conditions-Rules Engine Match Variable
Terraform
Match Conditions-Rules Engine Operator
Terraform
Match Conditions-Selector
Terraform
Match Conditions-Transforms
Terraform
Rules-Match Processing Behavior
Terraform

Microsoft.Network/FrontDoorWebApplicationFirewallPolicies

Custom Rules-Rules
Rules-Action
Rules-Enabled State
Rules-Match Conditions
Match Conditions-Match Value
Match Conditions-Match Variable
Match Conditions-Negate Condition
Match Conditions-Operator
Match Conditions-Selector
Match Conditions-Transforms
Rules-Priority
Rules-Rule Type
Managed Rules-Managed Rule Sets
Managed Rule Sets-Exclusions
Exclusions-Match Variable
Exclusions-Selector
Exclusions-Selector Match Operator
Managed Rule Sets-Rule Group Overrides
Rule Group Overrides-Exclusions
Exclusions-Match Variable
Exclusions-Selector
Exclusions-Selector Match Operator
Rule Group Overrides-Rule Group Name
Rule Group Overrides-Rules
Rules-Action
Rules-Enabled State
Rules-Exclusions
Exclusions-Match Variable
Exclusions-Selector
Exclusions-Selector Match Operator
Rules-Rule Id
Managed Rule Sets-Rule Set Type
Managed Rule Sets-Rule Set Version
Policy Settings-Custom Block Response Body
Policy Settings-Custom Block Response Status Code
Policy Settings-Enabled State
Policy Settings-Mode
Policy Settings-Redirect Url

Transaction Rate-limiting

Design Guidance:

Microsoft.Network/FrontDoorWebApplicationFirewallPolicies

Rules-Rate Limit Duration In Minutes
Rules-Rate Limit Threshold