Hello @Dean
There are multiple options to achieve your goal(All of them relates to your Function and WebApp Pricing Plan) - restrict access to Function from Internet and allow access only from WebApp.
If you are using Azure Function Consumption plan:
- Connect WebApp into Virtual Network
- Configure access restrictions on Azure Function. Add Access Restriction - provide a Name, Priority, and Description for the new rule. Select Virtual Network, and then select the subnet with integrated WebApp.
https://learn.microsoft.com/en-us/azure/azure-functions/functions-create-private-site-access
https://learn.microsoft.com/en-us/azure/app-service/networking-features#gateway-required-vnet-integration
If you are using Azure Function Premium plan:
- Virtual network integration allows your Azure WebApp to access Function inside a virtual network.
https://learn.microsoft.com/en-us/azure/azure-functions/functions-networking-options#virtual-network-integration
If you are using Azure Function ACE pricing Plan:
- With an ASE, resources are already in virtual network, so all communication occurs without Internet access.
https://learn.microsoft.com/en-us/azure/app-service/networking-features#app-service-environment
https://learn.microsoft.com/en-us/azure/azure-functions/functions-create-private-site-access