Hello @Walter Vos - Thanks for reaching out & posting on the MS Q&A! I think that you're almost there with the steps you've already taken! I'd like to offer the following in addition:
- If you're opting for manually uploading the zip package to a blob container, setting the
WEBSITE_RUN_FROM_PACKAGEapp setting to the Blob URI is the correct step. In addition, you'll also want to enable MSI on the Blob Storage and create the
WEBSITE_RUN_FROM_PACKAGE_BLOB_MI_RESOURCE_IDapp setting with its ID, the steps are documented in greater detail here: Fetch a package from Azure Blob Storage using a managed identity
- Since you're on a Linux ASE SKU with VNET and your Function App and Storage are going to be behind separate subnets, you'll also want to take a look at the WEBSITE_CONTENTOVERVNET app setting and review the following doc: Restrict your storage account to a virtual network
Note that the feature itself is still in preview and we do have an official doc on it which covers how there may be additional RBAC roles and configurations that need to be set depending on the varying bindings you may be using: Connecting to host storage with an identity (Preview)
I hope the above is helpful. If you run into issues, just let me know.