Thanks for reaching out to Microsoft Q&A.
Since your Azure Function is on a consumption plan and doesn’t directly use the storage account, lets try on how to restrict public access:
Restrict Public Access to Storage Account
- Disable Public Access on Storage Account
- Use Managed Identity for Azure Functions
- Assign MI to Azure Function
- Assign Storage Account Role to MI
Restrict Public Access to Azure KV
Use Virtual Network Service Endpoints or Private Endpoint
- Since your function app is on the Consumption plan, you can't use VNet integration, but you can still restrict access
- Use MI for Azure Functions:
Ensure Azure Function Can Still Access Resources
- After restricting public access, your Azure Function (through its mi) will be able to access the storage account and KV securely. This configuration prevents unauthorized access and secures your resources.
Note:
- Make sure that your MI has the correct roles assigned both for the Storage account and the KV.
The above steps will help you to make sure that only your Azure Function can access the storage account and KV, while blocking public access.
Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.