We are designing a multi-location deployment within Azure that requires users to be sent to their closest origin. At the moment we are using a traffic manager however that is causing us some issues with another layer in the client's infrastructure.
Another option we are investigating is Front Door however that introduces a new challenge - how can we prevent our origins from being publicly available?
For traffic manager, Microsoft publish a list of probe ip's which we can whitelist within our webapps: https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-faqs#what-are-the-ip-addresses-from-which-the-health-checks-originate
Does front-door offer a similar thing? The ideal outcome would be a set of ip address (ala https://azuretrafficmanagerdata.blob.core.windows.net/probes/azure/probe-ip-ranges.json) which we could import into our webapps firewalls.