@Anirban Goswami , I am not much aware of Envoy but on doing research found that it works like Azure API management service. But Application Gateway and Azure Front Door are used as loadbalancing solutions Azure. You can deploy APPGW with API management to selectively expose some API’s externally whilst keeping all other API’s internal. So, to secure your internet facing API’s and to load balance the traffic across those subset API’s you need to deploy APPGW with WAF before the APIM.
----------
Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.