Overview

This article shows how to securely connect to an Azure Function using Azure Active Directory. 

Setup - Create Resource Group

• Navigate to portal.azure.com and login to your Azure instance
• Click on Resource Group in the blade
• Click Add
• Select the correct subscription
• Under Resource Group, enter N52AzureFunctionSecurityDemo
• Under Region, select your region
• Click Review + Create
• Click Create

Setup - Create Function App

• Select on Resource Group in the blade
• Click into N52AzureFunctionSecurityDemo 
  • Note if you can't see it, refresh the listing
• Select Add
• Search for Function App 
• Add the Function App from Microsoft
• Click Create
• Under App name, enter N52AzureFunctionHelloWorld
• Select the subscription you want to use
• Under Resource Group select Use Existing
• Select N52AzureFunctionSecurityDemo
• For Location, select your appropriate location
• Under Storage, create a new one with the name chosen by yourself
• Make a note of the full App name - this will be used as the Resource in the following article describing how to execute the function
  • In this example Resource  =  N52AzureFunctionHelloWorld.azurewebsite.net
     
• Select Create

Setup - Create Function

• Click into your new Function App called N52AzureFunctionHelloWorld
  • You may need to wait a few moments for the Function App to be created, a notification in the top right hand corner will let you know when its done
• Select New Function
• Select In-portal and then Continue
• Select Webhook + API 
• Click Create
• Click Run to test
  • You will see the Output return Hello, Azure
• Click the Get function URL and make note of the URL, this will be used as the function URL in the execute article
  • In this example Function URL =  N52AzureFunctionHelloWorld.azurewebsite.net
    
• Click on N52AzureFunctionHellowWorld to go to its Overview
  
• Click on Platform Features
• Click on Authentication / Authorization
• Change App Service Authentication to be on and click Save
• Select the N52AzureFunctionHelloWorld blade to go back
• Select the Authentication / Authorization again
  • We do this as only one change can be made to these settings at a time, the page needs to be refreshed
• Under Action to take when request is not authenticated select Log in with Azure Active Directory
• Click Save
• Select the N52AzureFunctionHelloWorld blade to go back
• Select the Authentication / Authorization again
  • We do this as only one change can be made to these settings at a time, the page needs to be refreshed
• Click on Azure Active Directory
• Choose Express
• Click OK
• Select Save
• Select the N52AzureFunctionHelloWorld blade to go back
• Select the Authentication / Authorization again
  • We do this as only one change can be made to these settings at a time, the page needs to be refreshed
• Click on Azure Active Directory
• Set Management Mode to Advanced now
• Make note of the Client ID and the Client Secret, this will be used as the Client ID and the Client Secret in the execute article. 
• Copy the token from Allowed Token Audiences and paste it into the line below it like so 
  • Note if the token isnt there, you may need to refresh your browser and return to this point. 
• In the second like, delete the end of the URL up to the .net
• Click OK and then Save
• You now have a protected Azure Function

Setup - App Registration

• Click on the Azure Active Directory blade
• Click on Properties
• Make note of the Directory ID, this will be used as the Directory ID in the execute article
• Click on App Registrations
• Find your app from the All Apps drop down
• Click into it
• Proceed to the next KB article for details of executing the function