Azure Proactive Resiliency Library v2
Tools Glossary GitHub GitHub Issues Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

profiles

Summary

RecommendationImpactCategoryAutomation AvailableIn Azure Advisor
Restrict traffic to your originsHighSecurityNoNo
Use the latest API version and SDK versionMediumScalabilityNoYes
Configure logsMediumMonitoring and AlertingNoNo
Disable health probes when there is only one origin in an origin groupLowHigh AvailabilityYesNo
Select good health probe endpointsMediumHigh AvailabilityNoNo
Use HEAD health probesMediumScalabilityNoNo
Avoid using Classic Azure Front DoorHighService Upgrade and RetirementNoNo

Details

Restrict traffic to your origins

Impact:  High Category:  Security

APRL GUID:  6c40b7ae-2bea-5748-be1a-9e9e3b834649

Description:

Front Door's features perform optimally when traffic exclusively comes through Front Door. It's advised to set up your origin to deny access to traffic that bypasses Front Door.

Potential Benefits:

Enhances security and performance
Learn More:
Secure traffic to Azure Front Door origins

ARG Query:

Click the Azure Resource Graph tab to view the query

// under-development

Use the latest API version and SDK version

Impact:  Medium Category:  Scalability

APRL GUID:  52bc9a7b-23c8-bc4c-9d2a-7bc43b50104a

Description:

When working with Azure Front Door through APIs, ARM templates, Bicep, or SDKs, using the latest API or SDK version is crucial. Updates bring new functions, important security patches, and bug fixes.

Potential Benefits:

Enhanced security and features
Learn More:
REST API Reference
Client library for Java
SDK for Python

ARG Query:

Click the Azure Resource Graph tab to view the query

// under-development

Configure logs

Impact:  Medium Category:  Monitoring and Alerting

APRL GUID:  1ad74c3c-e3d7-0046-b83f-a2199974ef15

Description:

Front Door logs offer comprehensive telemetry on each request, crucial for understanding your solution's performance and responses, especially when caching is enabled, as origin servers might not receive every request.

Potential Benefits:

Enhanced insights and solution monitoring
Learn More:
Monitor metrics and logs in Azure Front Door
WAF logs
Configure Azure Front Door logs

ARG Query:

Click the Azure Resource Graph tab to view the query

// under-development

Disable health probes when there is only one origin in an origin group

Impact:  Low Category:  High Availability

APRL GUID:  38f3d542-6de6-a44b-86c6-97e3be690281

Description:

Front Door health probes help detect unavailable or unhealthy origins, directing traffic to alternate origins if needed.

Potential Benefits:

Reduces unnecessary origin traffic
Learn More:
Health probes

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Disable health probes when there is only one origin in an origin group
cdnresources
| where type =~ "microsoft.cdn/profiles/origingroups"
| extend healthprobe=tostring(properties.healthProbeSettings)
| project origingroupname=name, id, tags, resourceGroup, subscriptionId, healthprobe
| join (
    cdnresources
    | where type =~ "microsoft.cdn/profiles/origingroups/Origins"
    | extend origingroupname = tostring(properties.originGroupName)
    )
    on origingroupname
| summarize origincount=count(), enabledhealthprobecount=countif(healthprobe != "") by origingroupname, id, tostring(tags), resourceGroup, subscriptionId
| where origincount == 1 and enabledhealthprobecount != 0
| project
    recommendationId = "38f3d542-6de6-a44b-86c6-97e3be690281",
    name=origingroupname,
    id,
    todynamic(tags),
    param1 = strcat("origincount:", origincount),
    param2 = strcat("enabledhealthprobecount:", enabledhealthprobecount)

Select good health probe endpoints

Impact:  Medium Category:  High Availability

APRL GUID:  5225bba3-28ec-1e43-8986-7eedfd466d65

Description:

Consider selecting a webpage or location specifically designed for health monitoring as the endpoint for Azure Front Door's health probes. This should encompass the status of critical components like application servers, databases, and caches to serve production traffic efficiently.

Potential Benefits:

Improves traffic routing and uptime
Learn More:
Health Endpoint Monitoring pattern

ARG Query:

Click the Azure Resource Graph tab to view the query

// under-development

Use HEAD health probes

Impact:  Medium Category:  Scalability

APRL GUID:  5783defe-b49e-d947-84f7-d8677593f324

Description:

Health probes in Azure Front Door can use GET or HEAD HTTP methods. Using the HEAD method for health probes is a recommended practice because it reduces the traffic load on your origins, being less resource-intensive.

Potential Benefits:

Reduces traffic load on origins
Learn More:
Supported HTTP methods for health probes

ARG Query:

Click the Azure Resource Graph tab to view the query

// under-development

Avoid using Classic Azure Front Door

Impact:  High Category:  Service Upgrade and Retirement

APRL GUID:  82fa3cff-74bd-4063-b726-834f160592fa

Description:

Azure Front Door standard is ~45% cheaper then AFD classic and has many additional benefits. Classic is also scheduled to be retired on March 31, 2027.

Potential Benefits:

Costs savings and additional supported features
Learn More:
Compare pricing between Azure Front Door tiers

ARG Query:

Click the Azure Resource Graph tab to view the query

//under-development