Enable Threat Intelligence based filtering in Azure Firewall Policy
Implementation Effort: Medium
User Impact: Low
Overview
In your Azure Firewall Policy, enable Threat Intelligence–based filtering to leverage Microsoft’s global threat intel feed for automatic alerting and blocking of traffic to and from known malicious IP addresses, domains, and URLs.
This feature is evaluated before any configured network, application, or NAT rules, ensuring that high-confidence threats are caught at the highest priority. You can choose Alert only mode to log incidents and generate alerts, or Alert and deny mode to actively block malicious flows. Optionally, maintain an allowlist of trusted IP ranges. Configure these settings in the Azure portal or via ARM/CLI under your Firewall Policy’s Threat Intelligence settings.