Azure Firewall microsoft.network/azurefirewalls Azure Resource type

Azure Firewall - Microsoft Azure Resource type
microsoft.network/azurefirewalls

Resource provider (RP) - Microsoft Network [Microsoft.Network]
RP	Microsoft.Network
RP display name	Microsoft Network
RP Resource types	Resource types: 428
RP aliases	RP aliases: 19503
RP Azure Policy	Azure Policy definitions: 427 • if: 379 • then.deployment: 180 • then.details: 2 • then.existenceCondition: 57 • then.operations: 0
RP RBAC operations	RP RBAC operations: 1014 • RP RBAC operationType action: 265 • RP RBAC operationType delete: 183 • RP RBAC operationType read: 361 • RP RBAC operationType write: 205
RP RBAC Roles & Operation actions	Unique RBAC Roles: 72 • RBAC Roles with action operationType: 40 • RBAC Roles with delete operationType: 23 • RBAC Roles with read operationType: 65 • RBAC Roles with write operationType: 40
RP related 1st party Service Principals	RP related 1st party Service Principals: 15 • NFV Resource Provider (appId: 328fd23b-de6e-462c-9433-e207470a5727) [ JSON;CSV] • NetworkVerifier (Microsoft Azure Vnet Verifier) (appId: 6e02f8e9-db9b-4eb5-aa5a-7c8968375f68) [ JSON;CSV] • NetworkTrafficAnalyticsService (appId: 1e3e4475-288f-4018-a376-df66fd7fac5f) [ JSON;CSV] • Networking-MNC (AzureVirtualNetworkManager) (appId: 6d057c82-a784-47ae-8d12-ca7b38cf06b4) [ JSON;CSV] • networkcopilotRP (appId: d66e9e8e-53a4-420c-866d-5bb39aaea675) [ JSON;CSV] • Network Watcher (appId: 7c33bfcb-8d33-48d6-8e60-dc6404003489) [ JSON;CSV] • Microsoft Azure Network Copilot (appId: 40c49ff3-c6ae-436d-b28e-b8e268841980) [ JSON;CSV] • IpAddressManager (Microsoft Azure IPAM) (appId: 60b2e7d5-a27f-426d-a6b1-acced0846fdf) [ JSON;CSV] • GatewayRP (appId: 486c78bf-a0f7-45f1-92fd-37215929e116) [ JSON;CSV] • AzureDnsFrontendApp (appId: a0be0c72-870e-46f0-9c49-c98333a996f7) [ JSON;CSV] • Azure Traffic Manager and DNS (appId: 2cf9eb86-36b5-49dc-86ae-9a63135dfa8c) [ JSON;CSV] • Azure Support - Network Watcher (appId: 341b7f3d-69b3-47f9-9ce7-5b7f4945fdbd) [ JSON;CSV] • Azure DNS Managed Resolver (appId: b4ca0290-4e73-4e31-ade0-c82ecfaabf6a) [ JSON;CSV] • Azure DNS (appId: 19947cfd-0303-466c-ac3c-fcc19a7a1570) [ JSON;CSV] • Azure Bastion (appId: 79d7fb34-4bef-4417-8184-ff713af7a679) [ JSON;CSV]
All Azure RPs	• Microsoft Learn • AzResourceTypesAdvertizer (Microsoft only)

Resource provider (RP) - Microsoft Network [Microsoft.Network]

Microsoft.Network

RP display name

Microsoft Network

RP Resource types

Resource types: 428

RP aliases

RP aliases: 19503

RP Azure Policy

Azure Policy definitions: 427
• if: 379
• then.deployment: 180
• then.details: 2
• then.existenceCondition: 57
• then.operations: 0

RP RBAC operations

RP RBAC operations: 1014
• RP RBAC operationType action: 265
• RP RBAC operationType delete: 183
• RP RBAC operationType read: 361
• RP RBAC operationType write: 205

RP RBAC Roles & Operation actions

Unique RBAC Roles: 72
• RBAC Roles with action operationType: 40
• RBAC Roles with delete operationType: 23
• RBAC Roles with read operationType: 65
• RBAC Roles with write operationType: 40

RP related 1st party Service Principals

RP related 1st party Service Principals: 15

• NFV Resource Provider (appId: 328fd23b-de6e-462c-9433-e207470a5727) [ JSON;CSV]
• NetworkVerifier (Microsoft Azure Vnet Verifier) (appId: 6e02f8e9-db9b-4eb5-aa5a-7c8968375f68) [ JSON;CSV]
• NetworkTrafficAnalyticsService (appId: 1e3e4475-288f-4018-a376-df66fd7fac5f) [ JSON;CSV]
• Networking-MNC (AzureVirtualNetworkManager) (appId: 6d057c82-a784-47ae-8d12-ca7b38cf06b4) [ JSON;CSV]
• networkcopilotRP (appId: d66e9e8e-53a4-420c-866d-5bb39aaea675) [ JSON;CSV]
• Network Watcher (appId: 7c33bfcb-8d33-48d6-8e60-dc6404003489) [ JSON;CSV]
• Microsoft Azure Network Copilot (appId: 40c49ff3-c6ae-436d-b28e-b8e268841980) [ JSON;CSV]
• IpAddressManager (Microsoft Azure IPAM) (appId: 60b2e7d5-a27f-426d-a6b1-acced0846fdf) [ JSON;CSV]
• GatewayRP (appId: 486c78bf-a0f7-45f1-92fd-37215929e116) [ JSON;CSV]
• AzureDnsFrontendApp (appId: a0be0c72-870e-46f0-9c49-c98333a996f7) [ JSON;CSV]
• Azure Traffic Manager and DNS (appId: 2cf9eb86-36b5-49dc-86ae-9a63135dfa8c) [ JSON;CSV]
• Azure Support - Network Watcher (appId: 341b7f3d-69b3-47f9-9ce7-5b7f4945fdbd) [ JSON;CSV]
• Azure DNS Managed Resolver (appId: b4ca0290-4e73-4e31-ade0-c82ecfaabf6a) [ JSON;CSV]
• Azure DNS (appId: 19947cfd-0303-466c-ac3c-fcc19a7a1570) [ JSON;CSV]
• Azure Bastion (appId: 79d7fb34-4bef-4417-8184-ff713af7a679) [ JSON;CSV]

All Azure RPs

• Microsoft Learn
• AzResourceTypesAdvertizer (Microsoft only)

RT information

microsoft.network/azurefirewalls

RT display name

Azure Firewall

RT type only
(without RP)

azureFirewalls

RT sub- Resource types

sub-Resource types: 6

RT schema

RT schema API versions: 40

• 2024-05-01
• 2024-03-01
• 2024-01-01
• 2023-11-01
• 2023-09-01
• 2023-06-01
• 2023-05-01
• 2023-04-01
• 2023-02-01
• 2022-11-01
• 2022-09-01
• 2022-07-01
• 2022-05-01
• 2022-01-01
• 2021-08-01
• 2021-05-01
• 2021-03-01
• 2021-02-01
• 2020-11-01
• 2020-08-01
• 2020-07-01
• 2020-06-01
• 2020-05-01
• 2020-04-01
• 2020-03-01
• 2019-12-01
• 2019-11-01
• 2019-09-01
• 2019-08-01
• 2019-07-01
• 2019-06-01
• 2019-04-01
• 2019-02-01
• 2018-12-01
• 2018-11-01
• 2018-10-01
• 2018-08-01
• 2018-07-01
• 2018-06-01
• 2018-04-01

All Microsoft Azure RTs

AzResourceTypesAdvertizer

Aliases and Azure Policy

Aliases

aliases: 134

Azure Policy

Azure Policy definitions: 15
• if: 15
• then.deployment: 2
• then.details: 0
• then.existenceCondition: 2
• then.operations: 0

RBAC Operations and Roles & Roles related operation actions

RBAC operations

RBAC operations: 5
• RBAC operationType action: 2
• RBAC operationType delete: 1
• RBAC operationType read: 1
• RBAC operationType write: 1

RBAC Roles & Operation actions

Unique RBAC Roles: 21
• RBAC Roles with action operationType: 5
• RBAC Roles with delete operationType: 5
• RBAC Roles with read operationType: 21
• RBAC Roles with write operationType: 5

Capabilities & Locations

Diagnostic logs

True
log-categories

Azure Resource Diagnostic settings metrics

Diagnostic metrics

True
metrics

Customer-managed key (CMK) [experimental]

Unknown
• Enforce Encryption with a customer-managed key (CMK) at scale

System-Assigned-Resource-Identity

False

Cross-ResourceGroup-Resource-Move

False

Cross-Subscription-Resource-Move

False

Tags

True

Extension

False

Private-Endpoint

False

Supported Locations for Private-Endpoint

n/a

Non supported Locations for Private-Endpoint

n/a

Location

True

Locations

Locations: 43
australiacentral, australiaeast, australiasoutheast, brazilsouth, canadacentral, canadaeast, centralindia, centralus, eastasia, eastus, eastus2, francecentral, germanywestcentral, indonesiacentral, israelcentral, italynorth, japaneast, japanwest, koreacentral, koreasouth, mexicocentral, newzealandnorth, northcentralus, northeurope, norwayeast, polandcentral, qatarcentral, southafricanorth, southcentralus, southeastasia, southindia, spaincentral, swedencentral, switzerlandnorth, uaenorth, uksouth, ukwest, westcentralus, westeurope, westindia, westus, westus2, westus3

Not locations

Not locations: 54
asia, asiapacific, australia, australiacentral2, brazil, brazilsoutheast, brazilus, canada, centraluseuap, centralusstage, eastasiastage, eastus2euap, eastus2stage, eastusstage, eastusstg, europe, france, francesouth, germany, germanynorth, global, india, indonesia, israel, italy, japan, jioindiacentral, jioindiawest, korea, mexico, newzealand, northcentralusstage, norway, norwaywest, poland, qatar, singapore, southafrica, southafricawest, southcentralusstage, southcentralusstg, southeastasiastage, spain, sweden, switzerland, switzerlandwest, taiwan, uae, uaecentral, uk, unitedstates, unitedstateseuap, westus2stage, westusstage

Assessment tooling

Azure Advisor

n/a

Azure Proactive Resilience Library v2 (APRLv2)

Azure Proactive Resilience Library v2 recommendations: 4
• HighAvailability [High] Deploy Azure Firewall across multiple availability zones
• HighAvailability [Medium] Configure 2-4 PIPs for SNAT Port utilization
• MonitoringAndAlerting [High] Monitor Azure Firewall metrics
• MonitoringAndAlerting [High] Monitor "AZFW Latency Probe" metric

PSRule for Azure

PSRule for Azure rules: 3
• Operational Excellence [Awareness] Use valid Firewall names
• Reliability [Important] Deploy firewall instances using availability zones
• Security [Critical] Configure deny on threat intel for classic managed Azure Firewalls

Azure Quick Review (AZQR)

Azure Quick Review (AZQR) recommendations: 7
• Governance [Low] Azure Firewall Name should comply with naming conventions
• Governance [Low] Azure Firewall should have tags
• HighAvailability [High] Azure Firewall SLA
• HighAvailability [High] Deploy Azure Firewall across multiple availability zones
• MonitoringAndAlerting [High] Monitor Azure Firewall metrics
• MonitoringAndAlerting [Low] Azure Firewall should have diagnostic settings enabled
• Security [High] Configure DDoS Protection on the Azure Firewall VNet

Infrastructure as Code (IaC)

ARM (Azure Resource Manager) templates

ARM (Azure Resource Manager) template API versions: 40
• latest

Bicep templates

Bicep template API versions: 40
• latest

Terraform provider

Terraform providers: 1
• firewall

AzAPI Terraform templates

AzAPI Terraform template API versions: 40
• latest

Pulumi provider

Pulumi providers: 1
• network/azurefirewall

OpenTofu provider

OpenTofu TF providers: 1
• firewall

Azure Verified Modules (AVM) Bicep

Azure Firewall

Azure Verified Modules (AVM) Terraform

• GitHub: Azure Firewall
• Terraform registry: Azure Firewall

REST-API (Representational State Transfer - Application Programming Interface)

REST-API versions

REST-API versions: 47

• 2024-07-01
• 2024-05-01
• 2024-03-01
• 2024-01-01
• 2023-11-01
• 2023-09-01
• 2023-06-01
• 2023-05-01
• 2023-04-01
• 2023-02-01
• 2022-11-01
• 2022-09-01
• 2022-07-01
• 2022-05-01
• 2022-01-01
• 2021-12-01
• 2021-08-01
• 2021-06-01
• 2021-05-01
• 2021-04-01
• 2021-03-01
• 2021-02-01
• 2021-01-01
• 2020-11-01
• 2020-08-01
• 2020-07-01
• 2020-06-01
• 2020-05-01
• 2020-04-01
• 2020-03-01
• 2020-01-01
• 2019-12-01
• 2019-11-01
• 2019-09-01
• 2019-08-01
• 2019-07-01
• 2019-06-01
• 2019-04-01
• 2019-02-01
• 2018-12-01
• 2018-11-01
• 2018-10-01
• 2018-08-01
• 2018-07-01
• 2018-06-01
• 2018-05-01
• 2018-04-01

REST-API version default

2020-03-01

API profiles

n/a

Resource naming

Azure Naming Tool

The Azure Naming Tool was created to help administrators define and manage their naming conventions, while providing a simple interface for users to generate a compliant name.

Resource naming details

{
  "property": "",
  "ShortName": "afw",
  "scope": "resource group",
  "lengthMin": "1",
  "lengthMax": "80",
  "validText": "Alphanumerics, underscores, periods, and hyphens. Start with alphanumeric. End with alphanumeric or underscore.",
  "invalidText": "",
  "invalidCharacters": "",
  "invalidCharactersStart": "",
  "invalidCharactersEnd": "",
  "invalidCharactersConsecutive": "",
  "regx": "^(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9_\\.-]{0,78}[a-zA-Z0-9_])$",
  "staticValues": ""
}

Azure Firewall - Microsoft Azure Resource typemicrosoft.network/azurefirewalls

Azure Firewall - Microsoft Azure Resource type
microsoft.network/azurefirewalls