Table of Contents
What is Azure CDN?
Azure Content Delivery Network (CDN) is Microsoft's global distributed network that caches content at strategically placed edge locations (Points of Presence or POPs) around the world. By serving content from servers closest to end users, Azure CDN dramatically reduces latency, improves load times, and offloads traffic from your origin servers.
Azure CDN supports both static content (images, CSS, JavaScript, videos) and dynamic content through Dynamic Site Acceleration (DSA). With over 200 global POPs, Azure CDN ensures your content reaches users with minimal latency regardless of their geographic location.
How Azure CDN Works
- User Request: A user requests content from your website or application
- DNS Routing: Azure CDN's DNS routes the request to the nearest POP (edge server)
- Cache Check: The edge server checks if the content is cached and valid (not expired)
- Cache Hit: If cached, content is served directly from the edge (fastest response)
- Cache Miss: If not cached, the edge fetches content from your origin, caches it, and serves it
- Subsequent Requests: Future requests for the same content are served from cache
The result: up to 50% reduction in latency, 70% reduction in origin bandwidth, and significantly improved user experience for global audiences.
Azure CDN Tier Comparison
Choose from four CDN offerings, each powered by different providers with unique strengths.
Azure CDN Standard from Microsoft
Provider: Microsoft
Native Azure integration with basic CDN features. Ideal for most web applications.
Key Features:
Best For: General web applications, Azure-native workloads
Limitations: No WAF, limited rules engine
Azure CDN Standard from Verizon
Provider: Verizon
Powered by Verizon Edgecast network with advanced analytics.
Key Features:
Best For: Media streaming, large file downloads
Limitations: No advanced rules engine in Standard tier
Azure CDN Premium from Verizon
Provider: Verizon Premium
Enterprise-grade CDN with advanced rules engine and security features.
Key Features:
Best For: Enterprise applications, complex routing, security-critical workloads
Limitations: Higher cost than Standard tiers
Azure CDN Standard from Akamai
Provider: Akamai
Leverages Akamai's massive global network with 300,000+ servers.
Key Features:
Best For: Global enterprises, maximum geographic coverage
Limitations: Being retired - migrate to Azure Front Door
Important Notice: Akamai CDN Retirement
Microsoft is retiring Azure CDN Standard from Akamai. Existing Akamai profiles will continue to work, but no new Akamai profiles can be created. Microsoft recommends migrating to Azure Front Door Standard or Premium, which offers equivalent features plus additional capabilities like WAF and global load balancing.
Azure CDN Pricing Breakdown
Pay-as-you-go pricing based on data transfer and requests. No upfront costs.
| Tier | Zone 1 (NA, Europe) | Zone 2 (APAC excl. Japan) | Zone 3 (S. America) | HTTPS Requests |
|---|---|---|---|---|
| Standard from Microsoft | $0.081/GB | $0.125/GB | $0.170/GB | $0.0075 per 10K |
| Standard from Verizon | $0.081/GB | $0.125/GB | $0.170/GB | Included |
| Premium from Verizon | $0.162/GB | $0.238/GB | $0.313/GB | Included |
Small Website
100 GB/month, Zone 1
~$8-10/mo
Medium Business
1 TB/month, Zone 1
~$80-100/mo
Enterprise
10 TB/month, Premium
~$1,500-2,000/mo
* Prices are approximate and vary by region. Check the Azure CDN pricing page for current rates.
Azure CDN vs Azure Front Door
Understanding when to use CDN versus Front Door for your application.
| Feature | Azure CDN | Azure Front Door |
|---|---|---|
| Layer | Layer 7 (HTTP/HTTPS) | Layer 7 (HTTP/HTTPS) |
| Global Load Balancing | Limited (geo-routing only) | Yes - advanced routing |
| Web Application Firewall | Premium Verizon only | Built-in (Standard/Premium) |
| Private Link Support | No | Yes (Premium tier) |
| SSL Offloading | Yes | Yes |
| URL Rewrite/Redirect | Yes | Yes - more advanced |
| Caching | Yes - primary focus | Yes - integrated |
| Session Affinity | No | Yes |
| Health Probes | Basic | Advanced with failover |
| Best For | Static content caching | Dynamic apps, global LB |
Choose Azure CDN When:
- Primary goal is caching static content (images, CSS, JS, videos)
- Single origin server without need for global load balancing
- Cost-sensitive workloads with predictable traffic patterns
- Simple URL rewrite/redirect requirements
Choose Azure Front Door When:
- Need global load balancing across multiple origins
- Require Web Application Firewall (WAF) protection
- Dynamic applications with session affinity needs
- Private Link integration for secure origin connectivity
Key Azure CDN Features
Essential capabilities that make Azure CDN a powerful content delivery solution.
Dynamic Site Acceleration
Optimize delivery of dynamic content through route optimization, TCP optimization, and connection pooling. Reduces latency for API calls and personalized content.
Intelligent Caching
Configure caching rules based on query strings, file types, paths, and custom headers. Control cache duration with TTL settings from seconds to years.
HTTPS & SSL/TLS
Free managed SSL certificates for custom domains. Support for TLS 1.2 and 1.3, HTTPS-only enforcement, and bring-your-own-certificate options.
Rules Engine
Create complex rules for URL rewrites, redirects, header modifications, and request routing. Premium Verizon offers 100+ match conditions.
Compression
Automatic Gzip and Brotli compression for text-based content. Reduces bandwidth by 60-80% for HTML, CSS, JavaScript, and JSON files.
Real-Time Analytics
Monitor bandwidth, requests, cache hit ratio, and error rates. Integrate with Azure Monitor and Log Analytics for advanced insights.
Azure Service Integrations
Azure CDN integrates seamlessly with other Azure services for complete solutions.
Azure Blob Storage
Serve static websites and files directly from Blob Storage. Enable static website hosting and point CDN endpoint to $web container.
Azure App Service
Accelerate web applications hosted on App Service. Offload static assets and enable dynamic site acceleration for APIs.
Azure Media Services
Stream video content globally with optimized delivery. Supports HLS, DASH, and Smooth Streaming with DRM protection.
Azure Virtual Machines
Distribute load and cache content from VM-hosted applications. Combine with Load Balancer for high availability.
Azure Functions
Accelerate serverless API responses with CDN caching. Reduce cold start latency for frequently accessed endpoints.
Azure Front Door
Combine CDN caching with global load balancing and WAF. Migrate from classic CDN to Azure Front Door Standard/Premium.
Performance Optimization Tips
Best practices to maximize Azure CDN performance and cache efficiency.
1. Optimize Cache TTL Settings
Configure appropriate cache expiration times based on content type:
Static Assets (Long TTL)
- Images, videos: 1 year (31536000 seconds)
- CSS, JavaScript: 1 year with versioned URLs
- Fonts: 1 year
Dynamic Content (Short TTL)
- HTML pages: 1-5 minutes
- API responses: 30 seconds - 5 minutes
- User-specific content: No cache
2. Enable Compression
Enable Gzip and Brotli compression for text-based content to reduce bandwidth by 60-80%:
Supported MIME types: text/html, text/css, text/javascript, application/json, application/javascript, text/xml, application/xml, text/plain3. Use Query String Caching Wisely
Configure query string handling to prevent cache fragmentation:
- Ignore query strings: Best for static content that doesn't change based on parameters
- Cache every unique URL: For content that varies by query parameters
- Bypass cache for specific parameters: Use rules to exclude tracking parameters (utm_*, fbclid, etc.)
4. Implement Versioned URLs
Use cache-busting techniques for instant updates without purging:
/assets/style.css?v=1.2.3
/assets/app.abc123.js
/images/logo-2025.png
5. Monitor Cache Hit Ratio
Track cache efficiency in Azure Portal and aim for 85%+ cache hit ratio:
- Enable Azure CDN analytics or integrate with Log Analytics
- Identify frequently-missed content and adjust caching rules
- Monitor origin bandwidth to ensure CDN is offloading traffic effectively
Security Features
Protect your content and applications with Azure CDN security capabilities.
DDoS Protection
Azure CDN inherently protects against volumetric DDoS attacks by distributing traffic across global POPs. Combine with Azure DDoS Protection Standard for enhanced protection including network-layer attacks, real-time attack metrics, and cost protection guarantees.
- Automatic mitigation of layer 3/4 attacks
- Scrubbing centers absorb attack traffic
- No configuration required for basic protection
- Integration with Azure DDoS Standard for advanced threats
Web Application Firewall (WAF)
Available with Premium from Verizon or Azure Front Door Premium. Protects against OWASP Top 10 vulnerabilities including SQL injection, XSS, and request smuggling.
- Managed rule sets (OWASP 3.2 CRS)
- Custom rules for application-specific threats
- Bot protection and rate limiting
- Real-time threat intelligence
Token Authentication
Restrict access to CDN content using signed URLs with expiration times. Prevents unauthorized hotlinking and protects premium content.
- Time-based token expiration
- IP-based restrictions
- Country/region blocking
- Referrer restrictions
Azure CDN Use Cases
Real-world applications for Azure CDN across different industries and scenarios.
Static Website Hosting
Host static websites with global delivery, HTTPS, and custom domains. Combine Azure Blob Storage static hosting with CDN for cost-effective, high-performance websites.
Examples: Marketing sites, documentation, single-page applications (SPAs)
Video Streaming
Deliver live and on-demand video content with optimized protocols. Support for HLS, DASH, and progressive download with bitrate switching.
Examples: E-learning platforms, corporate training, entertainment
E-Commerce
Accelerate product images, CSS, and JavaScript for faster page loads. Improve Core Web Vitals (LCP, FID, CLS) and conversion rates.
Examples: Online stores, product catalogs, checkout acceleration
Software Downloads
Distribute software updates, installers, and large files efficiently. Large file optimization reduces download times by up to 70%.
Examples: App updates, game patches, ISO images
API Acceleration
Reduce latency for API responses using dynamic site acceleration. Cache API responses where appropriate, accelerate database-driven content.
Examples: REST APIs, GraphQL endpoints, microservices
Global Applications
Bring content closer to users worldwide with 200+ POPs. Reduce round-trip latency from 200ms+ to under 50ms for global audiences.
Examples: SaaS applications, global portals, multinational enterprises
Frequently Asked Questions
Common questions about Azure CDN implementation and management.
1What is the difference between Azure CDN and Azure Front Door?
Azure CDN is primarily a content caching and delivery service optimized for static content. Azure Front Door is a global load balancer with integrated CDN, WAF, and advanced routing capabilities. For static content caching, CDN is simpler and more cost-effective. For dynamic applications requiring global load balancing, session affinity, or WAF, Azure Front Door is the better choice. Microsoft recommends migrating from classic CDN profiles to Azure Front Door Standard/Premium for new deployments.
2How much does Azure CDN cost?
Azure CDN pricing varies by tier and region. Standard from Microsoft costs approximately $0.081/GB for North America/Europe (Zone 1), with HTTPS requests charged separately at $0.0075 per 10,000 requests. Standard from Verizon has similar data transfer costs but includes HTTPS requests. Premium from Verizon costs roughly 2x Standard pricing but includes advanced features like WAF and rules engine. There are no upfront costs - you pay only for data transferred and requests made.
3Which Azure CDN tier should I choose?
For most web applications, Azure CDN Standard from Microsoft offers the best balance of features and cost with native Azure integration. Choose Standard from Verizon for media streaming or large file delivery with included HTTPS requests. Select Premium from Verizon for enterprise applications requiring WAF, advanced rules engine, or real-time log delivery. Note: Akamai tiers are being retired - migrate existing Akamai profiles to Azure Front Door.
4How do I set up Azure CDN for a static website?
To set up Azure CDN for static website hosting: 1) Create an Azure Storage account with static website hosting enabled, 2) Upload your website files to the $web container, 3) Create an Azure CDN profile and endpoint pointing to your storage account, 4) Configure a custom domain with HTTPS using the free managed certificate, 5) Set caching rules for optimal performance. The entire setup takes 15-30 minutes and costs under $5/month for low-traffic sites.
5Does Azure CDN support HTTPS with custom domains?
Yes, Azure CDN supports HTTPS for custom domains with two options: 1) Free CDN-managed certificates - Azure automatically provisions and renews SSL certificates from DigiCert, 2) Bring your own certificate - upload your own certificate to Azure Key Vault. CDN-managed certificates are recommended for most scenarios. Certificate provisioning takes 10-60 minutes. All CDN tiers support TLS 1.2 and 1.3.
6How do I purge cached content in Azure CDN?
Azure CDN supports multiple purge methods: 1) Azure Portal - purge individual URLs or entire paths, 2) Azure CLI/PowerShell - automate purges in CI/CD pipelines, 3) REST API - programmatic purge for applications, 4) Rules-based cache control - set TTL headers to control cache duration. Purge propagation takes 2-10 minutes depending on the CDN tier. For immediate updates, use versioned URLs (e.g., style.css?v=2) to bypass cache.
7Can Azure CDN protect against DDoS attacks?
Azure CDN provides inherent DDoS protection by distributing traffic across its global network of POPs. Volumetric attacks are absorbed before reaching your origin. For enhanced protection, combine CDN with Azure DDoS Protection Standard for layer 3/4 attack mitigation, real-time metrics, and cost protection guarantees. For application-layer (layer 7) protection, use Azure CDN Premium from Verizon with WAF or Azure Front Door Premium.
8What is the Azure CDN cache hit ratio and how do I improve it?
Cache hit ratio measures the percentage of requests served from CDN cache vs. origin. A healthy cache hit ratio is 85-95%. To improve cache hit ratio: 1) Increase cache TTL for static assets (images, CSS, JS) to 1 year, 2) Use consistent query string handling (ignore or include specific parameters), 3) Normalize URLs to prevent cache fragmentation, 4) Enable compression to serve more content from cache, 5) Monitor cache analytics to identify frequently-missed content.
Need Help Implementing Azure CDN?
Our Azure experts can help you design and deploy the optimal CDN architecture for your applications. Get a free consultation to discuss your content delivery requirements.