This is our setup so far.
1)On production, we are hosting static web pages through Azure storage account, we have configured it on Frontdoor with a custom DNS. We have a requirement such that few of the static web page urls should ask for basic authentication on the browser.
We have configured this on Frontdoor rulesetup based on url pattern.
So far, this works fine.
2)Now, the main issue is with replicating the same setup for UAT purpose. Since its UAT, we cannot expose it globally. It should be accessible to only the people connected to office network, either directly or through vpn.
If we configure it in Frontdoor, we have the risk of exposure. If we do not configure it in Frontdoor, we can't have basic auth setup feature which we setup through Frontdoor Ruleset.
We have explored WAF(security) policy on Frontdoor, but we do not have a specific range of IP addresses that can be configured in WAF custom ruleset.
• To block the frontdoor URL for office network without blocking the basic authentication setup feature for a few web pages on the static website URL, you should configure the conditional access policy for this purpose.
To configure the conditional access policy for all the Azure AD users connecting in your office network, you will have to ensure that you have Azure AD Premium P2 licenses available and the devices through which users are connecting to the office network are joined/registered with Azure AD.
Please refer to the below snapshots explaining the configuration of Azure AD conditional access policy for this purpose: -
Thus, in the above way, you can block the front door URL from being accessed by people in the office network. You can configure the named locations also in this policy accordingly to block the access from these locations based on trusted IP ranges, added layer of authentication and country based locations too as shown above.
For more information, kindly refer to the below link: -
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-location