I have created an Azure B2C and we have a few user flows. These user flows use the default domain of b2cinstance.b2clogin.com. This domain doesn't go through a WAF so I decided to create an Azure Front Door with WAF Policy to set up a custom domain for my Azure B2C instance.
I have set this all up and it is working as expected. We now have the domain login.mywebsite.com, which forwards to origin b2cinstance.b2clogin.com. for our user flows which is working as expected and can see the requests in the Azure Front Door.
My question if I try to use the domain b2cinstance.b2clogin.com, the user flow still works. How do I restrict use of this domain
