What are values that are considered confidential and what are the values which are considered public when authnticating our Azure Function with Azure Active Directory App

john john 926 Reputation points

We have created an Azure Function which integrate with Active Directory App.

Here is our active directory App which have a self-signed certificate:-

User's image

now inside our Azure function we are passing those values to authenticate the Azure function with Azure Active Directory App:-

  1. Client Id
  2. Tenant ID
  3. Certificate Thumbprint

so i think all those 3 values are considered as public , and none of them are actually confidential (similar to secrets or passwords which should not be exposed) am i correct? and if this is the case, then where is the security in passing those 3 values? in other words, how we can be sure that only our Azure function is calling the Azure Ad APP? i am not sure if it is done using the certificate password which we have applied when creating the certificate?


Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,365 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 27,141 Reputation points Microsoft Employee

    Hi @john john ,

    Thanks for reaching out.

    I understand you are trying to authenticate using Azure AD within Azure function and want to secure application parameters to exposed.

    The security of the client ID and tenant ID is maintained by Azure Active Directory. When you pass the client ID and tenant ID to your application, they are used to authenticate the application with Azure Active Directory. Azure Active Directory provides secure storage for the client ID and tenant ID and ensures that only authorized applications can access them.

    The certificate thumbprint is encrypted and stored securely in the Azure Active Directory App. The certificate thumbprint is used to verify the identity of the Azure function and ensure that only the Azure function can access the Azure Active Directory App.

    You can also use Azure Key Vault to store the client ID and tenant ID. Azure Key Vault provides secure storage for secrets and ensures that they are stored securely and are not exposed in your code.

    Reference: https://learn.microsoft.com/en-us/azure/key-vault/general/basic-concepts

    Hope this will help.



    Please remember to "Accept Answer" if answer helped you.

    0 comments No comments