Comparison between Azure Front Door and Azure CDN services

Azure Front Door and Azure CDN are both Azure services that offer global content delivery with intelligent routing and caching capabilities at the application layer. Both services can be used to optimize and accelerate your applications by providing a globally distributed network of points of presence (POP) close to your users. Both services also offer a variety of features to help you secure your applications from malicious attacks and to help you monitor your application's health and performance.

Diagram of Azure Front Door architecture.

Note

To switch between tiers, you will need to recreate the Azure Front Door profile. You can use the migration capability to move your existing Azure Front Door profile to the new tier. For more information about upgrading from Standard to Premium, see upgrade capability.

Service comparison

The following table provides a comparison between Azure Front Door and Azure CDN services.

Features and optimizations Front Door Standard Front Door Premium Front Door Classic Azure CDN Standard Microsoft Azure CDN Standard Edgio Azure CDN Premium Edgio
Delivery and acceleration
Static file delivery
Dynamic site delivery
Domains and Certs
Custom domains ✓ - DNS TXT record based domain validation ✓ - DNS TXT record based domain validation ✓ - CNAME based validation ✓ - CNAME based validation ✓ - CNAME based validation ✓ - CNAME based validation
Prevalidated domain integration with Azure PaaS Service
HTTPS support
Custom domain HTTPS
Bring your own certificate
Supported TLS Versions TLS1.3, TLS1.2, TLS1.0 TLS1.3 TLS1.2, TLS1.0 TLS1.3, TLS1.2, TLS1.0 TLS1.3, TLS 1.2, TLS 1.0/1.1 TLS 1.2, TLS 1.3 TLS 1.2, TLS 1.3
Caching
Query string caching
Cache manage (purge, rules, and compression)
Fast purge
Asset pre-loading
Cache behavior settings ✓ - using standard rules engine ✓ - using standard rules engine ✓ - using standard rules engine ✓ - using standard rules engine
Routing
Origin load balancing
Path based routing
Rules engine
Server variable
Regular expression in rules engine
URL redirect/rewrite
IPv4/IPv6 dual-stack
HTTP/2 support
Routing preference unmetered Not required as Data transfer from Azure origin to AFD is free and path is directly connected Not required as Data transfer from Azure origin to AFD is free and path is directly connected Not required as Data transfer from Azure origin to AFD is free and path is directly connected Not required as Data transfer from Azure origin to CDN is free and path is directly connected
Origin Port All TCP ports All TCP ports All TCP ports All TCP ports All TCP ports All TCP ports
Customizable, rules based content delivery engine ✓ using Standard rules engine ✓ using Premium rules engine
Mobile device rules ✓ using Standard rules engine ✓ using Premium rules engine
Security
Custom Web Application Firewall (WAF) rules
Microsoft managed rule set ✓ - Only default rule set 1.1 or below
Bot protection ✓ - Only bot manager rule set 1.0
Private link connection to origin
Geo-filtering
Token authentication
DDOS protection
DDOS protection
Domain Fronting Block
Analytics and reporting
Monitoring Metrics ✓ (more metrics than Classic) ✓ (more metrics than Classic)
Advanced analytics/built-in reports ✓ - includes WAF report
Raw logs - access logs and WAF logs
Health probe log
Ease of use
Easy integration with Azure services, such as Storage and Web Apps
Management via REST API, .NET, de.js, or PowerShell
Compression MIME types Configurable Configurable Configurable Configurable Configurable Configurable
Compression encodings gzip, brotli gzip, brotli gzip, brotli gzip, brotli gzip, deflate, bzip2 gzip, deflate, bzip2, brotli
Azure Policy integration
Azure Advisory integration
Managed Identities with Azure Key Vault
Pricing
Simplified pricing

Next steps