You can use a managed identity or access token to allow the Azure Function to connect to Azure SQL Here is an example of how to do it.
Safely giving Azure SQL Access Without Specifying IP Addresses?
I’ve got an azure sql database that my static web app/azure functions are able to access because of the selected networks I’m specifying with IP addresses. This is fine during development, but once it moves to production customers will begin using it whose IP addresses I won’t know and won’t be able to add to the firewall settings to give them access (even if I did this wouldn’t be a sustainable option).
How can I safely give database access to anyone without asking them for their IP address? (To clarify, the web app will be calling the Azure function that will be making calls to the database.)