Azure limitation on private networking for Functions -> Document Intelligence

Question

Azure limitation on private networking for Functions -> Document Intelligence

Dimitrios Bardis 0

Azure Function App calls to Azure AI Document Intelligence over a private endpoint are failing with:

403 Traffic is not from an approved private endpoint.

This question is basically very strong indication for limitations on private networking for document intelligence.
The Function App is on Azure Functions Premium Linux with regional VNet integration, private DNS resolves the Document Intelligence hostname to the approved private endpoint IP, and the private endpoint connection is in Approved state. Despite that, the actual documentModels/prebuilt-read:analyze POST is rejected.

Function plan: Premium Linux (EP1)

Scenario

A Python Azure Function running on Premium plan calls Azure AI Document Intelligence using managed identity and the custom subdomain endpoint:

https://<myservice>.cognitiveservices.azure.com/documentintelligence/documentModels/prebuilt-read:analyze

The Function App is VNet-integrated and should reach the Document Intelligence account through the private endpoint.

Expected Behavior

The request should be accepted over the private endpoint path and the begin_analyze_document call should succeed.

Actual Behavior

The request fails with:

azure.core.exceptions.HttpResponseError: (403) Traffic is not from an approved private endpoint.

Important Evidence Collected

The private endpoint connection is approved.

Command run:

az network private-endpoint-connection list --id $docIntId -o json

Observed result:

privateLinkServiceConnectionState.status = "Approved"
provisioningState = "Succeeded"

The private endpoint NIC IP is the same IP the Function resolves at runtime.

Command run:

$peNicId = az network private-endpoint show `
  --resource-group <myrg> `
  --name <doc int private endpoint> `
  --query "networkInterfaces[0].id" `
  -o tsv

az network nic show --ids $peNicId --query "ipConfigurations[].privateIPAddress" -o tsv

Observed result:

private endpoint NIC IP = 10.50.0.39

The private DNS zone contains the expected A record.

Command run:

az network private-dns record-set a list `
  --resource-group <myrg> `
  --zone-name privatelink.cognitiveservices.azure.com `
  -o table

Observed result:

A record exists for <my doc int service>

The Function App is VNet-integrated with the expected subnet.

Command run:

az functionapp vnet-integration list `
  --resource-group <my rg> `
  --name <my functions app name> `
  -o json

Observed result:

VNet integration exists
Subnet = <myvnet>/subnets/<functions subnet>

Runtime diagnostics from inside the Function show the destination is the private endpoint IP.

Observed runtime log:

Document Intelligence DNS resolution for '<docintelligenseservce>.cognitiveservices.azure.com': [{'ip': '10.50.0.39', 'is_private': True}]

A direct socket diagnostic from inside the Function shows:

DI socket local=('169.254.254.3', 38864) remote=('10.50.0.39', 443)

This indicates the Function worker is connecting to the private endpoint IP as destination. The local address appears to be an internal App Service/Functions platform address rather than a direct subnet IP.

A simple HTTPS probe to the endpoint succeeds, but the Document Intelligence analyze call fails.

Observed runtime log:

Running curl-like HTTPS probe for Document Intelligence endpoint 'https://<docintelligenceservoce>.cognitiveservices.azure.com'.
Document Intelligence HTTPS probe response: status=200 reason=Service Operational

But the actual analyze request fails:

Request URL: 'https://<docintelligenceservice>.cognitiveservices.azure.com/documentintelligence/documentModels/prebuilt-read:analyze?...'
Response status: 403
Message: Traffic is not from an approved private endpoint.

SDK / Runtime Details

From runtime logs:

azsdk-python-ai-documentintelligence/1.0.2
azsdk-python-identity/1.25.3
Python 3.11.13
Functions runtime version ~4

Authentication method:

Managed identity via DefaultAzureCredential
local_auth_enabled = false on the Document Intelligence account

Document Intelligence Network Configuration Tested

We tested both of the following on the Document Intelligence resource:

Hard private-only:

public_network_access_enabled = false

Selected networks mode:

public_network_access_enabled = true
network_acls { default_action = "Deny" }

The same 403 Traffic is not from an approved private endpoint occurs in both configurations.

Current Terraform Configuration

Document Intelligence account:

resource "azurerm_cognitive_account" "document_intelligence" {
  name                          = var.document_intelligence_account_name
  location                      = local.cognitive_location
  resource_group_name           = data.azurerm_resource_group.existing.name
  kind                          = "FormRecognizer"
  sku_name                      = "S0"
  custom_subdomain_name         = var.document_intelligence_custom_subdomain_name
  public_network_access_enabled = true
  local_auth_enabled            = false

  network_acls {
    default_action = "Deny"
  }
}

Function App networking:

Premium Linux plan
regional VNet integration enabled
route-all enabled
Document Intelligence hostname resolves privately inside the Function runtime

Exact Error

azure.core.exceptions.HttpResponseError: (403) Traffic is not from an approved private endpoint.
Code: 403
Message: Traffic is not from an approved private endpoint.

Request to Azure Support

Please confirm whether Azure Functions Premium/App Service VNet integration is officially supported for Azure AI Document Intelligence private endpoint data-plane operations in this exact scenario.

Specifically, we need to know:

Is this architecture supported:
- Azure Functions Premium Linux
- regional VNet integration
- Document Intelligence with private endpoint
- private DNS resolution to the private endpoint
- managed identity authentication
If it is supported, why does the service still reject the analyze POST with Traffic is not from an approved private endpoint even though:
- the private endpoint is approved
- DNS resolves to the private endpoint IP
- the TCP/TLS connection reaches the private endpoint IP
- the Function App is VNet-integrated
If this is a known limitation or product bug, please provide:
- the documented limitation
- the recommended supported workaround
- whether a fix is available or planned

0 comments

1 answer

Your answer

Answer 1

Hi @Dimitrios Bardis ,

Thanks for reaching out to Microsoft Q&A.

Unfortunately, at this time Azure AI Document Intelligence’s data-plane private endpoint integration isn’t compatible with the multi-tenant regional VNet integration used by Premium (Elastic) Linux Function Apps.

In your scenario the function worker actually SNATs outbound traffic through the App Service platform (you saw local=169.254.254.3), not directly from your VNet subnet IP. Document Intelligence expects calls to come from the private endpoint network interface’s IP, so it rejects anything else with “Traffic is not from an approved private endpoint.”

Supported scenarios today:

VMs, AKS, Container Instances, etc., where the process egresses directly on the VNet
App Service Environment (ASE) v3 / Isolated plans, where the worker itself is injected into your VNet

Not supported:

Multi-tenant Premium/Dedicated Linux or Windows Function Apps or Web Apps with regional VNet integration

Why it fails

Outbound traffic from a regional-VNet-integrated Function App is SNATed through a shared platform NAT address, not your PE NIC IP
The service only “approves” traffic sourced from the private endpoint NIC

Migrate your Function to an ASE v3 (App Service Environment) so egress truly originates on your subnet. Host it in a VM/AKS container that lives in the same VNet.

Hope this helps!

If the resolution was helpful, kindly take a moment to click on User's image and click on Yes for was this answer helpful. And, if you have any further query do let us know.

Pravallika KV 16,860 Reputation points Microsoft External Staff Moderator

2026-05-05T08:31:17.8533333+00:00

@Dimitrios Bardis , Following up to see if the provided answer was helpful. If this answers your query, do click Accept Answer =>Yes, and upvote it. If you have any further queries do let us know.
Dimitrios Bardis 0 Reputation points

2026-05-08T09:14:08.26+00:00

Hi! This worked before though and suddenly it does not. I realized the same problem with ai search and azure open ai . Functions cannot call ai search and azure open ai private endpoints anymore due to exactly the same problem. But before it was working!! Why is azure changing these things ? That is breaking existing solutions.. On top of that i tried to use nat gateway and call azure open ai from functions app instead of doing this via vnet integration and i get this:

It complains that public access is disabled but in the json ont he right it is clear that it is ON!!

Share via

Azure limitation on private networking for Functions -> Document Intelligence

1 answer

Your answer