Secure your website with Web Application Firewall for Power Pages

We are excited to announce our public preview of Web Application Firewall (WAF) for Power Pages website. By combining content delivery network (CDN) with natively integrated WAF engine you can secure Power Pages sites quickly.

WAF is available for CDN-enabled websites combining Azure Front Door services with scale of and deep security, designed to protect your website from multiple attack vectors. It inspects each incoming request at edge server, stops unwanted traffic before they enter backend servers, and offers protection at scale without sacrificing on performance.


A WAF policy is the building unit of WAF which defines the security postures of website. Power Pages provides subset of Azure managed Default Rule Set (DRS 2.0), updated by the platform to adapt new attack signatures.

Enable Web Application Firewall

You need to be a Power Pages administrator to enable WAF for CDN-enabled websites. WAF feature is available as a turnkey offering at Power Platform Admin Center under portals section.

testing testing

As we continue to enhance the Power Pages WAF offering, would love to hear your feedback.  For more information, visit the detailed documentation for Web Application Firewall