I have a use case where my application is deployed in two different regions, each has an application gateway in front exposing 2 services: blue and red.
I would like to loadbalance globally and tolerate regional failures, however the incoming requests are not publicly facing. In other words, the services blue and red are accessible internally only by customers tenants in other subscriptions.
What should I use? Since frontdoor seems to work for when the application is serving public requests, I am not sure if it is a good idea here unless there are no other options.
This feature is currently (as of February 2022) in public preview, but you can enable Private Link in Azure Front Door, which would offer you control over originating requests. https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/concept-private-link