Update:
Thank you @Mark Fisher for providing more context on the issue and appreciate your time. The initial set up was done with A record as per docs: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway#create-dns-records-to-access-api-management-endpoints-from-the-internet and the probes were healthy. Later you changed it to CNAME record to fix a different issue but didn't restart the application gateway (as suggested in https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-backend-health-troubleshooting#updates-to-the-dns-entries-of-the-backend-pool).
Then disabling WAF rules broke the probes which appears to be due to DNS changes. However, you were able to fix the probes by changing back to A record and restarting the application gateway. Please feel free to add if any.