We are using Azure Web APP for for our FrontEnd site. Recently we have discovered DOS attack on our website. When I googled around I got to know solution for Azure Cloud Services. Is there any way, Azure Web APP can be protected with out of box support..

Azure Web Sites enabled the Dynamic IP Restrictions module for IIS8.You can protect your Azure Web App from DDOS Attacks by configuring Dynamic Ip Security under System.WebServer in your App's web.config file as follows.

   <security>
  <dynamicIpSecurity denyAction="NotFound">
  <!--<denyByConcurrentRequests enabled="true" maxConcurrentRequests="20" />-->
    <denyByRequestRate enabled="true" maxRequests="20" requestIntervalInMilliseconds="5000"/>     
  </dynamicIpSecurity>
</security>

Read Reference For More Information https://azure.microsoft.com/fr-fr/blog/confirming-dynamic-ip-address-restrictions-in-windows-azure-web-sites/

As I know, we can configure Static/Dynamic IP Restrictions to protect our Azure web app:

1) For Configuring Dynamic IP Address Restrictions in Windows Azure Web App, please refer to this article.
2) For configure Static IP Address Restrictions in Windows Azure Web App, please refer to this article.

You could also read this video to get started.