![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 81%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 52%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Hi Anubhav Aggarwal (TATA CONSULTANCY SERVICES LTD),
Thanks for reaching out in Microsoft Q&A forum,
Need help in migrating our Front door classic profile to standard sku or BYOC for time being
You can follow this official MS-DOCS,
Migrating your Azure Front Door Classic profile to the Standard SKU or a temporary BYOC setup is a smooth, zero-downtime process via the Azure portal, especially useful now with Classic retirement looming by March 2027. It automatically copies most configs like routes, origins, and WAF policies, though you'll want to validate first and handle BYOC certs separately if testing incrementally.
Steps:
- Check compatibility in the portal's Migration tab (under your Classic profile's Settings) it flags issues like session affinity mismatches or unsupported features in ~2 minutes.
- For BYOC, ensure certificates are in Key Vault; enable system-assigned managed identity on the target profile and grant it "Get" permissions there.
- Back up your config and notify teams, as Classic becomes read-only post-prep.
Migration:
Head to the Azure portal, select your profile > Migration > Validate, fix any errors, then Prepare to spin up a read-only Standard preview for review. Once good, hit Migrate traffic shifts instantly with rollback available if needed. For BYOC interim, deploy a parallel Standard profile, link certs, test with partial traffic (e.g., 10% splits via rules), then cut over fully.
After Migration:
Test endpoints, monitor via Azure Monitor, and tweak any manual WAF rules. Delete the Classic profile only after full verification.
Reference:
Azure Front Door (Classic) To Standard/Premium Tier Migration | Microsoft Learn
Update:
are you saying it would be zero downtime even if the migration is in progress? Would there be delay in generation of certificate or any other thing?
Yes, the migration from Azure Front Door Classic to Standard/Premium SKU is designed for zero downtime traffic shifts instantly via a DNS-based cutover once you confirm the prepared profile. The Classic profile stays live until you hit "Migrate," and rollback is available if issues arise.
No delays from certificate generation: Custom certs (including BYOC from Key Vault) are pre-provisioned during the "Prepare" step, so they're ready before traffic switches. Just ensure your managed identity has "Get" access to the Key Vault beforehand.
For BYOC testing, you can run a parallel Standard profile with traffic splits (e.g., 10% via routing rules) to validate certs and configs without impacting production.****
Kindly let us know if the above helps or you need further assistance on this issue.
Please do not forget to 
and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.