What is the best way to secure an Azure Function that is receiving a payload from a Microsoft Graph subscription? I only want to authorize Graph to send HTTP requests to it. Is there an IP range? It seems like the only way to get an Azure Function to work with Graph subscriptions is to set the authorization level to anonymous.
None of the other authorization levels seem to work - the function does not respond with an HTTP 200 when Graph sends a request.
None of the other authorization levels seem to work - the function does not respond with an HTTP 200 when Graph sends a request.
For other authorization levels, you need to append the relevant host key along with your endpoint for notificationUrl:
https://<your-functionapp-name>.azurewebsites.net/api/HttpTriggerCSharp1?code=cMpvyGxxxxxxxxGI4QcA==
For a simple way to retrieve the function URL with host key, you could click your function, then click Get function URL as follows:
Or you could click your function app, click "Overview > Configured features > Function app settings" to retrieve the host key.
TEST for creating subscription:
C# HttpTrigger:
I only want to authorize Graph to send HTTP requests to it. Is there an IP range?
Per my understanding, the function level authorization is enough for your scenario. Moreover, I logged the current client IP when handling subscription validation is 100.116.250.49. If you want to limit the source request IP, you may need to collect them, then add your logic for checking. For retrieving the client IPs under your function, you could follow this similar issue.
