Whitelist Azure Function App using the IP Address

Sumeetha Mogasati 126 Reputation points


our Azure app utilises our public API and communicates with a 3rd party application (where some billing data is processed and returned) that is also hosted in the Azure.

The 3rd party app is Azure Function app and do not have an IP address for us to Whitelist, as there is no specific IP address. It is mandatory to whitelist the 3rd party Azure Function App from our azure app. Unfortunately, no changes are feasible from the 3rd party due to the time constraint.

Going through this MS page https://learn.microsoft.com/en-us/azure/azure-functions/ip-addresses?tabs=portal appears to be a security risk to whitelist the data center IP addresses. 

Not certain, if the API Management can address the above requirement. Because our Public API is already published and no changes are intended at this point.

Help appreciated with a secured solution to address the above requirements.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,875 questions
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,509 questions
0 comments No comments
{count} votes

Accepted answer
  1. MughundhanRaveendran-MSFT 12,446 Reputation points

    Hi @Sumeetha Mogasati ,

    Thanks for posting your question in Q&A forum.

    If the 3rd party Function app is running on Consumption or Premium SKU, then the outbound IP address of the function app would keep changing and there is no other way apart from whitelisting the entire data center Ip addresses at the Azure app. If the 3rd party function app is moved to Dedicated app service plan SKU, then there would be static outbound IP addresses which would solve your problem.

    Azure APIM will not be helpful in this scenario as you can restrict IP addresses using policy in APIM but not whitelisting. Maybe you can have a load balancer such as Azure front door in front of Azure app however you will still have to whitelist the function's data center IP addresses in the Azure front door and then send request to the Azure app.

    So either you will have to whitelist the data center IP addresses or move the 3rd party function app to dedicated app service plan. It is unfortunate.

    Hope this helps! Feel free to reach out to me if you have any queries or concerns.

    Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

0 additional answers

Sort by: Most helpful