Azure Function Linked server feature

Question

Azure Function Linked server feature

Nandan Hegde 36,146 MVP Volunteer Moderator

Hello,
I need to understand the significance of the Managed Identity Authentication method in Azure function linked server:

isnt the concept of Managed identity to avoid usage of keys or creds.
So in MI auth , ADF is still asking for the function key.

So what was the significance of adding MI auth method and how is it different with anonomys auth

KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2021-07-29T08:14:41.517+00:00

Hi @Nandan Hegde ,

Thanks for your query and using Microsoft Q&A forum.
This is a great ask and as per my conversation with internal folks, If the function is setup with function level authentication, it would still need Function Key while using Managed Identity. I suspect that could be the reason the Function key is enabled even when using MI auth.

But to double confirm if this is intended behavior or a possible UI bug, I am reaching out to product team and will get back to you as soon as I have an update.

Thank you for your patience.
Nandan Hegde 36,146 Reputation points MVP Volunteer Moderator

2021-07-29T08:35:58.677+00:00

Thank you Kranthi.
Because I didnt see any documentation pertaining to this feature of AZ func linked service and according to me leveraging the function key with MI beats the concept of MI. (creating no diff between anonymous auth and MI auth).
Would be awaiting your response :)
KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2021-07-29T21:51:41.617+00:00

Hi @Nandan Hegde , I totally agree with your comment.

I'm still awaiting response from the team. Will get back to you as soon as I have an update.

Thank you for your patience.

Accepted answer

0 additional answers

Your answer

KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2021-07-29T08:14:41.517+00:00

Hi @Nandan Hegde ,

Thanks for your query and using Microsoft Q&A forum.
This is a great ask and as per my conversation with internal folks, If the function is setup with function level authentication, it would still need Function Key while using Managed Identity. I suspect that could be the reason the Function key is enabled even when using MI auth.

But to double confirm if this is intended behavior or a possible UI bug, I am reaching out to product team and will get back to you as soon as I have an update.

Thank you for your patience.
Nandan Hegde 36,146 Reputation points MVP Volunteer Moderator

2021-07-29T08:35:58.677+00:00

Thank you Kranthi.
Because I didnt see any documentation pertaining to this feature of AZ func linked service and according to me leveraging the function key with MI beats the concept of MI. (creating no diff between anonymous auth and MI auth).
Would be awaiting your response :)
KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2021-07-29T21:51:41.617+00:00

Hi @Nandan Hegde , I totally agree with your comment.

I'm still awaiting response from the team. Will get back to you as soon as I have an update.

Thank you for your patience.

Answer 1

KranthiPakala-MSFT 46,642 Microsoft Employee Moderator

Hi @Nandan Hegde ,

After additional research and having conversation with internal team, below are the findings:

Function Key provides secure access to function name with each one having separate unique keys or master key within a function app. Managed identity provides secure access to the entire function app.

User is free to provide no key and/or MI to access function name. Please refer to this function documentation for more details about access key: https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook-trigger?tabs=csharp#configuration

Managed identity provides secure access to the entire function app and be able access any function name. So, any anonymous function name could be accessed without a key. Or an additional key(access level - Function or Admin) could be provided to secure function name level access.

Hope this clarifies.

----------

Please don’t forget to Accept Answer and Up-Vote wherever the information provided helps you, this can be beneficial to other community members.

KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2021-08-02T22:12:24.133+00:00

Hi @Nandan Hegde ,

Just checking in to see if the above information was helpful. If it answers your query, please do click “Accept Answer” and/or Up-Vote, as it might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2021-08-04T06:39:34.347+00:00

Hi @Nandan Hegde ,

We still have not heard back from you. Just wanted to check if the above info was helpful? If it answers your query, please do click “Accept Answer” and/or Up-Vote, as it might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Nandan Hegde 36,146 Reputation points MVP Volunteer Moderator

2021-08-05T03:47:17.753+00:00

Hey, sorry to have missed out on this conversation.

User is free to provide no key and/or MI to access function name :::::::::
So you mean to say that in case of MI auth, we need not provide the function key? because based on the UI, it seems that it is a needed field.
KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2021-08-10T10:15:56.557+00:00

Hi @Nandan Hegde ,

Sorry for the delayed response and thanks for getting back. Yes, you are correct, when function key optional with MI auth then UI should be reflected accordingly. I have escalated this to product team and awaiting response from them. Will let you know once I have more info about the same.

Thank you
KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator

2021-08-24T02:42:46.757+00:00

Hi @Nandan Hegde ,

Just wanted to let you know that I'm still working with product team to make changes to public document as well as UI to have the correct information.

Thanks

Share via

Azure Function Linked server feature

0 additional answers

Your answer