![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 83%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECC%3C/text%3E%3C/svg%3E)
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,300 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 68%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Hello @Chavv caldwell ,
I would recommend you to consider using service tags : https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview#available-service-tags
However, I believe you have downloaded the JSON file from the following URL: https://www.microsoft.com/en-us/download/details.aspx?id=56519
The IPs published under AppService.WestEurope are IPs with AppService tagged. All AppService inbound are tagged IP to allow App Service to limit its access to (say) from VNET. Unlike inbound, not all AppService outbound are tagged with AppService.
Now regarding outbound IP:
Each function app has a set of available outbound IP addresses. Any outbound connection from a function, such as to a back-end database, uses one of the available outbound IP addresses as the origin IP address. But we don't know which IP would be consumed for the connection.
For this reason, your back-end service must open its firewall to all of the function app's outbound IP addresses.
Where to find the Outbound IP:
- Sign in to the Azure Resource Explorer.
Select subscriptions > {your subscription} > providers > Microsoft.Web > sites. - In the JSON panel, find the site with an id property that ends in the name of your function app.
- See outboundIpAddresses and possibleOutboundIpAddresses.
The set of outboundIpAddresses is currently available to the function app. The set of possibleOutboundIpAddresses includes IP addresses that will be available only if the function app scales to other pricing tiers.
The set of available outbound IP addresses for a function app might change when you:
• Take any action that can change the inbound IP address.
• Change your App Service plan pricing tier. The list of all possible outbound IP addresses your app can use, for all pricing tiers, is in the possibleOutboundIPAddresses property.
When your function app runs in a Consumption plan, the outbound IP address might also change even when you haven't taken any actions such as the ones listed above.
Now when function app is running on Consumption plan , we better need to whitelist the entire datacenter( Azure region) IP range to use the outbound Ips.
Here is how to do so:
https://learn.microsoft.com/en-us/azure/azure-functions/ip-addresses#data-center-outbound-ip-addresses ( which you have already done)
If you need static, dedicated IP addresses, we recommend App Service Environments (the Isolated tier of App Service plans).
https://learn.microsoft.com/en-us/azure/azure-functions/ip-addresses#dedicated-ip-addresses
Please let me know if this helps. If yes , please "Accept the answer" and "Up-vote" so that it helps others in the community.