Merge pull request #198681 from johndowns/front-door-endpoint

Add article describing Front Door endpoints

Author: GitHubber17

articles/frontdoor/TOC.yml

@@ -128,6 +128,8 @@
           href: routing-methods.md
         - name: Routing limits
           href: front-door-routing-limits.md
+      - name: Endpoint
+        href: endpoint.md
       - name: Origin
         href: origin.md?pivots=front-door-standard-premium
       - name: Wildcard domain

articles/frontdoor/endpoint.md

@@ -0,0 +1,99 @@
+---
+title: 'Endpoints in Azure Front Door'
+description: Learn about endpoints when using Azure Front Door.
+services: frontdoor
+author: johndowns
+ms.service: frontdoor
+ms.topic: article
+ms.workload: infrastructure-services
+ms.date: 06/22/2022
+ms.author: jodowns
+---
+
+# Endpoints in Azure Front Door
+
+In Azure Front Door Standard/Premium, an *endpoint* is a logical grouping of one or more routes that are associated with domain names. Each endpoint is [assigned a domain name](#endpoint-domain-names) by Front Door, and you can associate your own custom domains by using routes.
+
+## How many endpoints should I create?
+
+A Front Door profile can contain multiple endpoints. However, in many situations you might only need a single endpoint.
+
+When you're planning the endpoints to create, consider the following factors:
+
+- If all of your domains use the same or similar route paths, it's probably best to combine them into a single endpoint.
+- If you use different routes and route paths for each domain, consider using separate endpoints, such as by having an endpoint for each custom domain.
+- If you need to enable or disable all of your domains together, consider using a single endpoint. An entire endpoint can be enabled or disabled together.
+
+## Endpoint domain names
+
+Endpoint domain names are automatically generated when you create a new endpoint. Front Door generates a unique domain name based on several components, including:
+
+- The endpoint's name.
+- A pseudorandom hash value, which is determined by Front Door. By using hash values as part of the domain name, Front Door helps to protect against [subdomain takeover](../security/fundamentals/subdomain-takeover.md) attacks.
+- The base domain name for your Front Door environment. This is generally `z01.azurefd.net`.
+
+For example, suppose you have created an endpoint named `myendpoint`. The endpoint domain name might be `myendpoint-mdjf2jfgjf82mnzx.z01.azurefd.net`.
+
+The endpoint domain is accessible when you associate it with a route.
+
+### Reuse of an endpoint domain name
+
+When you delete and redeploy an endpoint, you might expect to get the same pseudorandom hash value, and therefore the same endpoint domain name. Front Door enables you to control how the pseudorandom hash values are reused on an endpoint-by-endpoint basis.
+
+An endpoint's domain can be reused within the same tenant, subscription, or resource group scope level. You can also choose to not allow the reuse of an endpoint domain. By default, your allow reuse of the endpoint domain within the same Azure Active Directory tenant.
+
+You can use Bicep, an Azure Resource Manager template (ARM template), the Azure CLI, or Azure PowerShell to configure the scope level of the endpoint's domain reuse behavior. You can also configure it for all Front Door endpoints in your whole organization by using Azure Policy. The Azure portal uses the scope level you define through the command line once it has been changed.
+
+The following table lists the allowable values for the endpoint's domain reuse behavior:
+
+| Value | Description |
+|--|--|
+| `TenantReuse` | This is the default value. Endpoints with the same name in the same Azure Active Directory tenant receive the same domain label. |
+| `SubscriptionReuse` | Endpoints with the same name in the same Azure subscription receive the same domain label. |
+| `ResourceGroupReuse` | Endpoints with the same name in the same resource group will receive the same domain label. |
+| `NoReuse` | Endpoints will always receive a new domain label. |
+
+> [!NOTE]
+> You can't modify the reuse behavior of an existing Front Door endpoint. The reuse behavior only applies to newly created endpoints.
+
+The following example shows how to create a new Front Door endpoint with a reuse scope of `SubscriptionReuse`:
+
+# [Azure CLI](#tab/azurecli)
+
+```azurecli
+az afd endpoint create \
+  --resource-group MyResourceGroup \
+  --profile-name MyProfile \
+  --endpoint-name myendpoint \
+  --name-reuse-scope SubscriptionReuse
+```
+
+# [Azure PowerShell](#tab/azurepowershell)
+
+```azurepowershell
+New-AzFrontDoorCdnEndpoint `
+   -ResourceGroupName MyResourceGroup `
+   -ProfileName MyProfile `
+   -EndpointName myendpoint `
+   -Location global `
+   -AutoGeneratedDomainNameLabelScope SubscriptionReuse
+```
+
+# [Bicep](#tab/bicep)
+
+```bicep
+resource endpoint 'Microsoft.Cdn/profiles/afdEndpoints@2021-06-01' = {
+  name: endpointName
+  parent: profile
+  location: 'global'
+  properties: {
+    autoGeneratedDomainNameLabelScope: 'SubscriptionReuse'
+  }
+}
+```
+
+---
+
+## Next steps
+
+* [Configure an origin](origin.md) for Azure Front Door.

articles/frontdoor/manager.md

@@ -6,7 +6,7 @@ author: duongau
 ms.service: frontdoor
 ms.topic: conceptual
 ms.workload: infrastructure-services
-ms.date: 03/16/2022
+ms.date: 06/13/2022
 ms.author: duau
 ---
 
@@ -18,25 +18,14 @@ The Front Door manager in Azure Front Door Standard and Premium provides an over
 
 ## Routes within an endpoint
 
-An endpoint is a logical grouping of one or more routes that associates with domains. A route contains the origin group configuration and routing rules between domains and origins. An endpoint can have one or more routes. A route can have multiple domains but only one origin group. You need to have at least one configured route in order for traffic to route between your domains and the origin group.
+An [*endpoint*](endpoint.md) is a logical grouping of one or more routes that are associated with domain names. A route contains the origin group configuration and routing rules between domains and origins. An endpoint can have one or more routes. A route can have multiple domains but only one origin group. You need to have at least one configured route in order for traffic to route between your domains and the origin group.
 
 > [!NOTE]
 > * You can *enable* or *disable* an endpoint or a route. 
 > * Traffic will only flow to origins once both the endpoint and route is **enabled**.
 >
 
-Domains configured within a route can either be a custom domain or an endpoint domain. For more information about custom domains, see [create a custom domain](standard-premium/how-to-add-custom-domain.md) with Azure Front Door. Endpoint domains refer to the auto generated domain name when you create a new endpoint. The name is a unique endpoint hostname with a hash value in the format of `endpointname-hash.z01.azurefd.net`. The endpoint domain will be accessible if you associate it with a route. 
-
-### Reuse of an endpoint domain name
-
-An endpoint domain can be reused within the same tenant, subscription, or resource group scope level. You can also choose to not allow the reuse of an endpoint domain. The Azure portal default settings allow tenant level reuse of the endpoint domain. You can use command line to configure the scope level of the endpoint domain reuse. The Azure portal will use the scope level you define through the command line once it has been changed.
-
-| Value | Behavior |
-|--|--|
-| TenantReuse | This is the default value. Object with the same name in the same tenant will receive the same domain label. |
-| SubscriptionReuse | Object with the same name in the same subscription will receive the same domain label. |
-| ResourceGroupReuse | Object with the same name in the same resource group will receive the same domain label. |
-| NoReuse | Object with the same will receive a new domain label for each new instance. |
+Domains configured within a route can either be a custom domain or an endpoint domain. For more information about custom domains, see [create a custom domain](standard-premium/how-to-add-custom-domain.md) with Azure Front Door. Endpoint domains refer to the auto generated domain name when you create a new endpoint. The name is a unique endpoint hostname with a hash value in the format of `endpointname-hash.z01.azurefd.net`. The endpoint domain will be accessible if you associate it with a route.
 
 ## Security policy in an endpoint
 
@@ -55,6 +44,7 @@ In Azure Front Door (classic), the Front Door manager is called Front Door desig
 
 ## Next steps
 
+* Learn about [endpoints](endpoint.md).
 * Learn how to [configure endpoints with Front Door manager](how-to-configure-endpoints.md).
 * Learn about the Azure Front Door [routing architecture](front-door-routing-architecture.md).
 * Learn [how traffic is matched to a route](front-door-routing-architecture.md) in Azure Front Door.

articles/frontdoor/standard-premium/concept-endpoint-manager.md

@@ -15,7 +15,7 @@ ms.author: qixwang
 > [!NOTE]
 > * This documentation is for Azure Front Door Standard/Premium. Looking for information on Azure Front Door? View [Azure Front Door Docs](../front-door-overview.md).
 
-Endpoint Manager provides an overview of endpoints you've configured for your Azure Front Door. An endpoint is a logical grouping of a domains and their associated configurations. Endpoint Manager helps you manage your collection of endpoints for CRUD (create, read, update, and delete) operation. You can manage the following elements for your endpoints through Endpoint Manager:
+Endpoint Manager provides an overview of endpoints you've configured for your Azure Front Door. An endpoint is a logical grouping of domains and their associated configuration. Endpoint Manager helps you manage your collection of endpoints for CRUD (create, read, update, and delete) operation. You can manage the following elements for your endpoints through Endpoint Manager:
 
 * Domains
 * Origin Groups