Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,157 questions
Securely Routing Graph Events to Azure Function via Event Grid
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 9%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBA%3C/text%3E%3C/svg%3E)
Beetus A.S. (Antony)
0
Reputation points
I have a partner topic for receiving Graph events. Currently, there is an Azure Function endpoint set to handle these events that is open to all networks. However, the goal is to restrict traffic to only within a VNET and from Graph events. If the Azure Function is moved to a dedicated VNET, can these events still route through to the Azure Function? Is it possible to use a service tag or similar to allow Event Grid to reach the Azure Function even though it's VNET-enabled? I understand that the endpoint should remain publicly accessible. Additionally, I noticed that there's an option to include a managed identity. Does this mean that only authorized connections from this identity can access the function if it is moved to the VNET?
Thanks,
Antony
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 59%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
JananiRamesh-MSFT 28,326 Reputation points2024-11-11T13:56:49.94+00:00 @Beetus A.S. (Antony) Thanks for reaching out. As you mentioned for Azure Event Grid, the endpoint needs to be publicly accessible.
there are two ways here:
one using Azure Relay to deliver to a private webhook, by changing the EventGridTrigger to an HTTPTrigger. For more information please refer: Send events to webhooks hosted in private destinations - Azure Event Grid | Microsoft Learn.
Or Forward the events from the partner topic to a namespace and use pull delivery to consume the events directly from the VNET and removing the Azure Function.
Hope this helps! Please let me know incase of further queries, I would be happy to assist you.
-
JananiRamesh-MSFT 28,326 Reputation points
2024-11-13T17:10:11.8466667+00:00 @Beetus A.S. (Antony) Just checking to see if you have chance to see previous response and helped. Please let us know if you have further queries.
-
JananiRamesh-MSFT 28,326 Reputation points
2024-11-14T07:00:59.51+00:00 @Beetus A.S. (Antony) We haven't heard back from you. Please reply if you have any questions in this matter and we will gladly continue the discussion.
Sign in to comment
Sign in to answer