There are various inbound policies that can be set when setting up the API Management Service on Microsoft Azure. Having these policies will help rejecting the requests arrive at your endpoints even before they hit the endpoint's internal security logics. In another aspect, you might get your web traffic overloaded due to many reasons. In such scenarios, you can limit them with the inbuilt policies in API Management Service.
In order to explain them in this article, I am picking the default Echo API. When you go to All Operations, you can see similar to the image below.
Then click on 'Add Policy' link to add a new policy.