Connect Azure Front Door Premium to a Web App origin with Private Link

This article will guide you through how to configure Azure Front Door Premium SKU to connect to your Web App privately using the Azure Private Link service.

Prerequisites

Note

Private Endpoint is available in public regions for PremiumV2-tier, PremiumV3-tier Windows web apps, Linux web apps, and the Azure Functions Premium plan (sometimes referred to as the Elastic Premium plan).

Sign in to Azure

Sign in to the Azure portal.

In this section, you'll map the Private Link service to a private endpoint created in Azure Front Door's private network.

  1. Within your Azure Front Door Premium profile, under Settings, select Origin groups.

  2. Select the origin group that contains the Web App origin you want to enable Private Link for.

  3. Select + Add an origin to add a new web app origin or select a previously created web app origin from the list.

    Screenshot of enabling private link to a Web App.

  4. For Select an Azure resource, select In my directory. Select or enter the following settings to configure the site you want Azure Front Door Premium to connect with privately.

    Setting Value
    Region Select the region that is the same or closest to your origin.
    Resource type Select Microsoft.Web/sites.
    Resource Select myPrivateLinkService.
    Target sub resource sites
    Request message Customize message or choose the default.
  5. Then select Add to save your configuration.

Approve Azure Front Door Premium private endpoint connection from Web App

  1. Go to the Web App you configure Private Link for in the last section. Select Networking under Settings.

  2. In Networking, select Configure your private endpoint connections.

    Screenshot of networking settings in a Web App.

  3. Select the pending private endpoint request from Azure Front Door Premium then select Approve.

    Screenshot of pending private endpoint request.

  4. Once approved, it should look like the screenshot below. It will take a few minutes for the connection to fully establish. You can now access your web app from Azure Front Door Premium. Direct access to the Web App from the public internet gets disabled after private endpoint gets enabled.

    Screenshot of approved endpoint request.

Next steps

Learn about Private Link service with Azure Web App.