Public Preview: JWT Validation in Azure Application Gateway

Announcing the preview of JSON Web Token (JWT) validation in Azure Application Gateway — enabling authentication and token validation right at the Application gateway before traffic reaches your backend applications or APIs. ### Why It matters * Protect at the perimeter: Block requests with missing or invalid tokens (401/403) at the edge, ensuring only trusted traffic reaches your services. * Boost performance: Offload token validation from your microservices or web apps to improve scalability and response times. * Simplify operations: Apply consistent authentication policies centrally across multiple applications and routes. ### What’s included in the preview * Issuer (iss) validation * Audience (aud) matching - supports Client ID and/or custom App ID URIs * Expiration (exp) enforcement * Signature verification using JWKS [Learn more](https://learn.microsoft.com/en-us/azure/application-gateway/json-web-token-overview).