Azure WAF AllowFrontDoor stuck at "pending"

Question

Azure WAF AllowFrontDoor stuck at "pending"

Thomas 25

Hello Azure Support,

I hope all is well.

We are unable to create an Azure Front Door WAF policy in our subscription. The subscription feature Microsoft.Network/AllowFrontdoor remains in Pending for >36 hours, and WAF policy creation fails with a platform validation error across CLI and ARM.

Error: WebApplicationFirewallPolicy validation failed. More information "Policy ArmResourceId has incorrect formatting"

This occurs even with a minimal payload and no managed rules.

The command:

az feature show --namespace Microsoft.Network --name AllowFrontdoor --query properties.state -o tsv

returns: Pending

Thank you for your support.

Vallepu Venkateswarlu 6,045 Reputation points Microsoft External Staff Moderator

2026-01-29T13:03:59.3533333+00:00
Hi @ Thomas,

Welcome to Microsoft Q&A Platform.

The WAF policy creation is failing because the subscription feature Microsoft.Network/AllowFrontdoor is still in a Pending state.

You can try with below command.

az feature registration create --namespace Microsoft.Network --name AllowFrontdoor

I have tested the same provider in my subscription. Even though it shows "approvalType": "ApprovalRequired", I am able to create the Azure WAF Policy without any issues.

Please try creating the resource using the commands below:

To manage Azure Front Door Standard/Premium resource, use az afd CLI command.

To manage Classic Azure Front Door resource, use az network front-door CLI command.

Please "upvote" if the information helped you. This will help us and others in the community as well.
Thomas 25 Reputation points

2026-01-29T13:58:30.23+00:00

Hi @Vallepu Venkateswarlu ,

Thank you for your reply.

When we use that command, the state remains "pending" persistently - and the command reply includes the following:

"approvalType": "ApprovalRequired"

Does this mean Microsoft has to manually approve the feature for our subscription? Thank you very much.

Best wishes,

Thomas
Thomas 25 Reputation points

2026-01-29T16:48:22.51+00:00

Hi @Vallepu Venkateswarlu ,

Thank you for checking.

We are using Azure Front Door Standard/Premium (Microsoft.Cdn/profiles/afdEndpoints), not classic Front Door or App Gateway.

We already attempted the AFD WAF policy creation via the CLI command and it fails with:

az network front-door waf-policy create -g [redacted] -n [redacted] --location global --sku Standard_AzureFrontDoor --mode Prevention

=> WebApplicationFirewallPolicy validation failed. "Policy ArmResourceId has incorrect formatting"

Feature state is still:

az feature show --namespace Microsoft.Network --name AllowFrontdoor --query properties.state -o tsv

=> Pending (ApprovalRequired)

I am wondering if there is a way of approving/enabling Microsoft.Network/AllowFrontdoor for our subscription?

Thank you very much.

Best wishes,

Thomas
Vallepu Venkateswarlu 6,045 Reputation points Microsoft External Staff Moderator

2026-01-30T08:19:29.6766667+00:00

Hi @ Thomas,

Thanks for your replay.

To manage Azure Front Door Standard/Premium resource, use az afd CLI command.

To manage Classic Azure Front Door resource, use az network front-door CLI command.

Can you please try to create the same from portal and share the result.

Can you please share the requested details in private message for further troubleshoot.
David Diviny 0 Reputation points

2026-02-17T00:06:22.92+00:00

I am having the same issue @Vallepu Venkateswarlu
Vallepu Venkateswarlu 6,045 Reputation points Microsoft External Staff Moderator

2026-02-17T13:10:21.5233333+00:00

Hi @ **David Diviny,

**Can you please provide the error details in Github: https://github.com/Azure/azure-cli-extensions/issues/5625 and Team will help you resolve the issue.

1 answer

Your answer

Vallepu Venkateswarlu 6,045 Reputation points Microsoft External Staff Moderator

2026-01-29T13:03:59.3533333+00:00

Hi @ Thomas,

Welcome to Microsoft Q&A Platform.

The WAF policy creation is failing because the subscription feature Microsoft.Network/AllowFrontdoor is still in a Pending state.

You can try with below command.

az feature registration create --namespace Microsoft.Network --name AllowFrontdoor

I have tested the same provider in my subscription. Even though it shows "approvalType": "ApprovalRequired", I am able to create the Azure WAF Policy without any issues.

Please try creating the resource using the commands below:

To manage Azure Front Door Standard/Premium resource, use az afd CLI command.

To manage Classic Azure Front Door resource, use az network front-door CLI command.

Please "upvote" if the information helped you. This will help us and others in the community as well.
Thomas 25 Reputation points

2026-01-29T13:58:30.23+00:00

Hi @Vallepu Venkateswarlu ,

Thank you for your reply.

When we use that command, the state remains "pending" persistently - and the command reply includes the following:

"approvalType": "ApprovalRequired"

Does this mean Microsoft has to manually approve the feature for our subscription? Thank you very much.

Best wishes,

Thomas
Thomas 25 Reputation points

2026-01-29T16:48:22.51+00:00

Hi @Vallepu Venkateswarlu ,

Thank you for checking.

We are using Azure Front Door Standard/Premium (Microsoft.Cdn/profiles/afdEndpoints), not classic Front Door or App Gateway.

We already attempted the AFD WAF policy creation via the CLI command and it fails with:

az network front-door waf-policy create -g [redacted] -n [redacted] --location global --sku Standard_AzureFrontDoor --mode Prevention

=> WebApplicationFirewallPolicy validation failed. "Policy ArmResourceId has incorrect formatting"

Feature state is still:

az feature show --namespace Microsoft.Network --name AllowFrontdoor --query properties.state -o tsv

=> Pending (ApprovalRequired)

I am wondering if there is a way of approving/enabling Microsoft.Network/AllowFrontdoor for our subscription?

Thank you very much.

Best wishes,

Thomas
Vallepu Venkateswarlu 6,045 Reputation points Microsoft External Staff Moderator

2026-01-30T08:19:29.6766667+00:00

Hi @ Thomas,

Thanks for your replay.

To manage Azure Front Door Standard/Premium resource, use az afd CLI command.

To manage Classic Azure Front Door resource, use az network front-door CLI command.

Can you please try to create the same from portal and share the result.

Can you please share the requested details in private message for further troubleshoot.
David Diviny 0 Reputation points

2026-02-17T00:06:22.92+00:00

I am having the same issue @Vallepu Venkateswarlu
Vallepu Venkateswarlu 6,045 Reputation points Microsoft External Staff Moderator

2026-02-17T13:10:21.5233333+00:00

Hi @ **David Diviny,

**Can you please provide the error details in Github: https://github.com/Azure/azure-cli-extensions/issues/5625 and Team will help you resolve the issue.

Answer 1

Hi @ Thomas,

I have just verified this in my environment. The provider AllowFrontdoor is in an ApprovalRequired state, but I am still able to create a WAF policy without any issues.

"approvalType": "ApprovalRequired"

Could you please try creating the WAF policy using the Azure CLI as shown below?

WAF policy for App Gateway:

az network application-gateway waf-policy create --name waf-pol --resource-group myResourceGroupAG --type OWASP --version 3.2

WAF policy for FrontDoor:

New-AzFrontDoorWafPolicy -Name $policyName -ResourceGroupName $resourceGroupName -Customrule $customRule1,$customRule2 -ManagedRule $managedRule1 -EnabledState Enabled -Mode Prevention -RedirectUrl "https://www.bing.com/" -CustomBlockResponseStatusCode 405 -CustomBlockResponseBody "<html><head><title>You are blocked!</title></head><body></body></html>"

If you are still facing the issue, please check the GitHub case below. There is already a case open for the same issue, and the team is actively working on it. Feel free to provide your details there.

GitHub: https://github.com/Azure/azure-cli-extensions/issues/5625

Pleaseand “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Share via

Azure WAF AllowFrontDoor stuck at "pending"

1 answer

Your answer