If you use Azure Firewall you know you have to create (and then maintain) a Firewall Policy; which can become a tricky operation as policy updates may be required several a week or a day.
In addition, the team in charge of maintaining such policies may not be aware of updates impacting the protected workloads – such as decommissioning, network reassignment or incorrect rules priority.
Ove time, with more and more rules, old/incorrect references, the firewall performance and potentially the security too.
To help maintaining and optimizing Firewall Policies, you can now use the Policy Analytics.
To do so, connect to your Azure portal (https://portal.azure.com/) and search for Firewall policies to access the list of all your policies
Then select the policy you want to analyze to access the Policy Analytics blade under the Monitoring section
There you will already have a high level Insights of your policy and rules health; you can then quickly have an overview of your policies
The insights report duplicate rules (same source/target/protocol, rules utilization… This is already a first level to quickly optimize your policy
Then you need to configure a Log Analytics workspace by hitting the Configure workspace; this will open the workspace configuration blade to let you enable the policy analytics, select the subscription, resource group and Log Analytics workspace you want to use
If you later disable the Policy Analytics, the associated data will be removed from the workspace
Once you have configured the workspace you will get additional insights, such as potential malicious sources
You can also use the Single-rule analysis which then will deeper help you to optimize the rules
After running the analysis, you will get deep insights for this specific rule with recommendations
Pricing: while in preview, the Policy Analytics is provided at no additional cost if the Firewall Policy is associated to more than 1firewall; if associated to only 1 firewall, it will be billed per policy (https://azure.microsoft.com/en-us/pricing/details/firewall-manager/)