It is a service that protects web-application communication on the application layer (Layer 7) by analyzing incoming HTTP requests
WAFs can be attacked to Azure Application Gateway (Load Balancer), Azure Front Door (CDN) and Azure Content Delivery Network (CDN)
Uses Core Rules Set (CRS) by OWASP to provide protection