Azure Front Door migration with zero downtime is now available in preview

Microsoft announced the general release of two new Azure Front Door tiers in March of this year. Our native, cutting-edge cloud content-distribution network (CDN), Azure Front Door Standard and Premium, supports both dynamic and static content delivery acceleration with built-in turnkey security and a straightforward, predictable price structure. Many of our clients have already used it to a large extent. A zero-downtime migration tool from Azure Front Door (traditional) and Azure CDN from Microsoft (classic) to the new Azure Front Door tier was another promise we made.

We are pleased to introduce the preview of the Azure Front Door tier migration capability as well as a few new additional features as the next stage in that journey. Azure CDN from Microsoft (traditional) will soon have the option to migrate.

Following its release, the new Front Door has gained new features and capabilities.

To give you a better cloud CDN solution and a more integrated Azure cloud experience, we introduced more capabilities and integrations to the new Front Door tiers in addition to the migration functionality.

Preview: Upgrade without downtime from Standard to Premium tier: See Azure Front Door Tier Upgrade for additional information on upgrading to the Premium tier. The transition from Azure Front Door (traditional) to the new Front Door tier is also enabled for this feature.

Preview—Managed identities integration Azure Front Door now supports Managed Identities produced by Azure Active Directory, enabling Front Door to quickly and securely access additional Azure AD-protected resources like Azure Key Vault. Preview—Managed identities integration In addition to the currently supported AAD Application access to Key Vault, this feature is available. Please read Set up managed identity with Front Door for more information on how to enable managed identities on Azure Front Door Standard and Premium.

Syncing with the App Service: With only a few clicks, Front Door can now be instantly deployed from the App Service resource. Only Azure Front Door (traditional) and Azure CDN were supported by the old deployment methodology.

Integration of a pre-validated domain with Static Web Apps: Customers of static web apps (SWAs) who have already verified custom domains at the SWA level are no longer required to do so while using Azure Front Door.

Terraform: support for Azure Front Door Standard and Premium, making it possible for Terraform to be used to automate Azure Front Door Standard and Premium provisioning.

The Azure Advisor integration makes recommendations for best practises and setups, such as using the most recent “secret” version of certificates that are about to expire, expired, or have failed to rotate automatically for managed certificates.

Overview of migration

With just three easy actions, Azure Front Door gives you the ability to migrate from Azure Front Door (traditional) to Azure Front Door Standard or Premium with zero downtime. Depending on the complexity of your Azure Front Door (traditional) instance, including the quantity of domains, backend pools, routes, and other configurations, the conversion will take a few minutes to complete.

Screenshot of the form used to initiate migration from classic Front Door to a Front Door Standard or Premium profile.


There will be two more steps to activate managed identities and provide managed identity to a key vault for the new Azure Front Door profile if your Azure Front Door (classic) instance has custom domains with your own certificates.

Screen shot of the two added steps needed to enable merged identities and grant managed identity to a key vault for the new Azure Front Door profile.


The Azure Front Door (classic) WAF parameters will determine whether the classic instance is by default migrated to the Standard or Premium tier. During the migration, upgrading from the Standard tier to Premium is also supported. Your Azure Front Door (classic) instances will be moved to a Premium profile if they are eligible to migrate to Azure Front Door Standard but have more resources than the standard quota allows.

The migration procedure will make copies of your Web Application Firewall (WAF) policies and configurations for the new Front Door profile tier if you have WAF policies linked to the Front Door profile. A current WAF policy that is appropriate for the tier to which you are moving may also be used.

The Azure portal supports tier migration for Azure Front Door. Support for Azure PowerShell, Azure CLI, SDK, and Rest API will be added shortly.

As soon as the migration is finished, you’ll be charged the Azure Front Door Standard and Premium base price. Transferring data from an edge location to a client Transfer of Outbound Data from the Edge to the Origin, After the migration, requests will be billed based on traffic flow.

Notable modifications upon migration

DevOps: While Azure Front Door (traditional) utilises Microsoft.Network, Azure Front Door Standard and Premium uses a distinct resource provider namespace called Microsoft.Cdn. You must update your Dev-Ops scripts and infrastructure code to use the new namespace and updated ARM template, Bicep, PowerShell Module, Terraform, CLI commands, and API after migrating from the Classic to the Standard or Premium tier.

Endpoint: To avoid domain takeover, the new Front Door endpoint is generated using a hash value in the type After migration, the Azure Front Door (traditional) endpoint name will still function. However, for Azure Front Door Standard and Premium, we advise replacing it with the recently formed endpoint.

Metrics and diagnostic logs won’t be moved. After migration, we advise you to enable diagnostic logs and monitoring metrics in your Azure Front Door Standard or Premium profile. Additionally, built-in reports and health probe logs are provided by Azure Front Door’s Standard and Premium tiers.

For more information, contact Professional Labs, the Best Cloud Managed Services Provider Oman

Contact Us | Professional labs (