Update api-management-howto-integrate-internal-vnet-appgateway.md

dlepow · web-flow · commit 8f8df232028b · 2022-10-13T12:14:18.000-07:00
Noted option to configure WAF in either Detection or Prevention mode
diff --git a/articles/api-management/api-management-howto-integrate-internal-vnet-appgateway.md b/articles/api-management/api-management-howto-integrate-internal-vnet-appgateway.md
@@ -389,7 +389,10 @@ All configuration items must be set up before you create the application gateway
     $sku = New-AzApplicationGatewaySku -Name "WAF_v2" -Tier "WAF_v2" -Capacity 2
     ```
 
-1. Configure WAF to be in "Prevention" mode.
+1. Configure the WAF mode.
+
+    > [!TIP]
+    > For a short period during setup and to test your firewall rules, you might want to configure "Detection" mode, which monitors and logs threat alerts but doesn't block traffic. You can then make any updates to firewall rules before transitioning to "Prevention" mode, which blocks intrusions and attacks that the rules detect.
 
     ```powershell
     $config = New-AzApplicationGatewayWebApplicationFirewallConfiguration -Enabled $true -FirewallMode "Prevention"
