This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 55.00000000000001%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Hi,
Is there a way to restrict which resources (particularly APIM instances) using managed identity can integrate with an Azure Function protected by Azure AD authentication?
Basically we've performed the following steps to integrate the APIM with the Azure Function:
However it's not clear how to disable any other API Management resource follow step 2 and integrate with the function?
Thank you,
Cosmin
@Cosmin Stirbu This is a service-to-service call and can be authorized via app roles. This section of the docs describes the steps required. This would need validation in your function app.
Does this mean that we should/can drop the Managed Identity integration between API Management and the Azure Function?
Currently we don't perform token / claims validation at the function level.
We perform the token / claims validation at the API Management level using validate-jwt policy, and then we use authentication-managed-identity to allow API Management to access the Azure Function.
@Cosmin Stirbu If all requests go through APIM, then you could skip it at the function app level and just protect your function app with IP Restrictions instead to allow requests to only come from APIM.
We'll use IP restrictions then to allow requests to only come from APIM. Thank you.