Azure Web Application Firewall (WAF) is natively integrated and platform managed service that provides protection for your web applications from common exploits and vulnerabilities. Web applications are increasingly the targets of varied types attacks such as malicious bots, SQL injection attacks, and cross-site scripting attacks which can result in website site sabotages, exfiltration of sensitive data and application unavailability. Preventing such attacks in application code can be challenging and may require rigorous maintenance, patching, and monitoring at multiple layers of the application topology. A centralized web application firewall helps make security management much simpler and gives better assurance to application administrators against threats or intrusions. In addition, a WAF solution can react to a security threat faster by patching a known vulnerability at a central location, instead of securing each individual web application.

Azure WAF policy can be applied to web applications at edge with Front Door and in region with Application Gateway.