Securely Routing Graph Events to Azure Function via Event Grid
I have a partner topic for receiving Graph events. Currently, there is an Azure Function endpoint set to handle these events that is open to all networks. However, the goal is to restrict traffic to only within a VNET and from Graph events. If the Azure Function is moved to a dedicated VNET, can these events still route through to the Azure Function? Is it possible to use a service tag or similar to allow Event Grid to reach the Azure Function even though it's VNET-enabled? I understand that the endpoint should remain publicly accessible. Additionally, I noticed that there's an option to include a managed identity. Does this mean that only authorized connections from this identity can access the function if it is moved to the VNET?
Thanks,
Antony