Overview
Scrunch’s Agent Traffic shows how LLM bots hit your site (e.g., ChatGPT, Perplexity, Gemini, Grok)—including volume over time, top pages, and recent requests. If your site is proxied by Azure Front Door, you can use Azure Front Door + Azure Storage to empower Scrunch to pull your HTTP logs and show AI traffic metrics and insights
Prerequisites
An active Scrunch account
A website running behind Azure Front Door (Standard or Premium)
An Azure Storage Account
Azure permissions to manage:
Front Door Diagnostic Settings
Storage Containers
Storage Lifecycle Rules
Microsoft.Insights is enabled for your subscription
ℹ️ This is an early access feature. If you would like to get access to Azure Front Door CDN for Agent Traffic metrics, don't hesitate to get in touch with your Scrunch account manager.
Step 1 — Create Your Website in Scrunch
Log in to Scrunch
Go to Websites
Click Add Website
Enter your domain
Select Azure Front Door
Click Continue
You will be guided to the Azure setup instructions.
Step 2 — Enable Azure Front Door Access Logs
Open the Azure Portal
Navigate to Azure Front Door
Select your Front Door profile
Go to Diagnostic settings
Create a new diagnostic setting pointing only
FrontDoor Access LogSelect your Azure Storage Account
Save the configuration
⚠️ Logs start flowing only after the diagnostic setting is created (no historical backfill). It may take 30 minutes to start seeing new logs.
Step 3 — Configure Automatic Log Deletion (Required)
Scrunch does not manage retention. You control how long logs are kept.
Open your Storage Account
Go to Lifecycle management
Create a new rule:
Scope: Blob
Condition: Age since last modification
Action: Delete blob
Choose a retention period:
7, 14, or 30 days (14 days recommended)
Apply the rule to the Front Door logs containe
Save
Step 4 — Generate a Read-Only SAS URL
⚠️ Important: Use a Service SAS (signed with the Storage Account key).
Do not use a User Delegation (Entra ID) SAS.
In the Storage Account, go to Containers
Open the
insights-logs-frontdooraccesslogcontainerClick Generate SAS
Configure the SAS:
Permissions:
✅ Read
✅ List
❌ Write
❌ Delete
Start time: Now
Expiry time: Now + 90 days or more
Allowed protocols: HTTPS only
Generate the SAS
Copy the Blob SAS URL
This URL provides read-only, time-bound access to your logs.
⚠️ Friendly reminder: You are responsible for keeping this URL up to date. Scrunch App will allow you to rotate your URL, but we cannot generate new URLs on the partners' behalf
Step 5 — Add the SAS URL and Profile to Scrunch
Return to Scrunch
Open your website
Go to Traffic Sources → Azure Front Door
Paste the SAS URL
Save
Scrunch will begin pulling logs automatically.
Step 6 — Wait for Data to Appear
Initial log delivery can take 5–30 minutes
Data is pulled incrementally and safely
No changes are made to your Azure resources after setup
Once data starts flowing, you’ll see:
Agent traffic
Bot behavior
Request patterns by domain and path
Security & Data Ownership
Scrunch has read-only access
No Azure credentials or account keys are shared
Access is time-bound and revocable
You fully control log retention and deletion
Scrunch never deletes or modifies your data
Common Questions
Do I need to generate a SAS every day?
No. One SAS URL is sufficient for the entire validity period (e.g. 90 days).
Can I revoke access at any time?
Yes. Regenerating the SAS or rotating the storage account keys immediately revokes access.
Are logs limited to one domain?
Azure logs may include multiple domains served by the same Front Door. Scrunch automatically filters and processes only the domains you configure.
I can have the same website in multiple Front Door profiles. Won't that produce duplicated logs?
It's indeed possible to add the same website to different Front Door profiles, but only one at a time can serve production traffic, which means no duplicated access logs are being saved on Storage, nor on Scrunch Agent Traffic.