Hi @skdev - It looks like you're not setting the Bearer token, which can be extracted from Context variable when output-token-variable-name="msi-access-token" is set in your <authentication-managed-identity ..>
policy, in the header using the <set-header ...>
policy.
Here's the blog post with step-by-step instructions on how to set this up: Azure API Management – Call Azure Functions with Managed Identity
UPDATE: Sorry for the late update here but if you're getting the 401 Unauthorized error after following the steps in the blog post I referenced, it's likely your Functions endpoints are secured by the Access keys feature which, typically, is enabled by default during the creation of functions. If that was indeed the case for you, you'll want to implement an additional APIM policy and make sure the request to Functions is including the access keys as well, otherwise, you'll still get the 401 error.