You may be able to move your resources across subscriptions and resource groups. In order to find out, open up your group and select "move" on the overview screen. Select the target resource group and then the resources. The system will run a validation and let you know if a move is allowed. Finally select move to start the process.

learn.microsoft.com/en-us/azure/azure-resource-manager/management/move-resource-group-and-subscription#use-the-portal

I am wondering the same thing. I really like this approach but if I won't figure out if this can be used in the local machine the reality is that I probably can't use it.

I cover this in the video around 3:45 and 4:15. Depending on if you're using Host/Admin authorization or Function Authorization.

If you put your key in the vault as a secret, you can grant a specific service principal access to the secret. Your android app can then use that particular service principal to access the secret ( and its value). There is nothing that limits the principal to only be used on Android, however. Did I understand your question correctly?

@azureappmodernization9036 thank you so much for taking the time to reply. but how is this better than storing the secret key in the android app since you will need to store the service principals credentials in the app?

Sorry for the delayed response here: You should be able to set the timezone by defining WEBSITE_TIME_ZONE in your app settings. learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-timer?tabs=python-v2%2Cisolated-process%2Cnodejs-v4&pivots=programming-language-python#ncrontab-time-zones

Deployment slot settings are for deployment slots, otherwise a 'setting/environment variable' does not need to be a deployment slot settting.

@@siyabongamngomezulu3775 , I am not seeing it as a requirement in any of the docs. Sorry about the mis-statement in the video. Good catch @conaxlearn8566

Have you installed the functions core tools ? learn.microsoft.com/en-us/azure/azure-functions/functions-run-local?tabs=v4%2Clinux%2Ccsharp%2Cportal%2Cbash

Glad you liked it

@@azureappmodernization9036 Hey just a question, if the functions are not http triggered, say queue triggered then key mechanism is the only way to authorize the functions right ? I do know that managed identity is a way, but I’m sure we can’t have an app registration in this case. Am I correct ?

Glad you enjoyed it!

@@azureappmodernization9036 Do you think a JWT flow woudl make sense for a azure function or should i go for AD-Auth a) in general? even for CI/CD use cases like text-2-speech translations b) as API/ Fetch for my Vue frontend

(Apologies for the late reply) If I understand your question correctly: You have 2 entities: The caller and the function. In the first part of the video, I register the function with an identity (app registration) and then a role that we need to be in place to call the function. In the second part, we need an identity to call the function and we associate the role the function needs with that identity. When the call is made this occurs (in a similar order) , the function asks AD: "Is the caller allowed to call me?" So AD will challenge the caller with auth information. The caller logs into AD (with client and secret), AD gives it a token that is valid for a period of time. The caller resends the request to the function, which asks AD the same question again: "Is the caller allowed to call me?" AD looks up the bearer token the client sent it and validates it, it then looks up the caller's app role and matches it with the function app role. If all looks good, it tells the function that security checks have passed.

@@azureappmodernization9036 Thank you, makes perfect sense! Seems I was just looking at it from a different perspective.

Sorry, I should have been clearer in the content. This video shows how to use AD for identity and then you use RBAC to authorize that identity. The first step is to give the function an identity. You can provide you own identity certificates, or you can let Azure manage the identity lifecycle for you. Once you assign the managed identity, you turn on AD authentication which will validate the identity for every connection. Then on the SQL side, you use RBAC to grant access to that identity. So, the combination of these statements: CREATE USER [FNName] FROM EXTERNAL PROVIDER and ALTER ROLE db_datareader ADD MEMBER [FNName] will grant the identity 'FNName' reader access.

My pleasure

So logic app uses Event Grid to call Azure Function? ok.. thanks for the suggestion.

I was able to get this to work, but not sure when I can get it recorded.. basically you publish from logic app using eventGridpublish connector and then add an eventGrid subscription that invokes the function app. when the logicapp is invoked, it won't matter which language the function is in. Does this help?

Hey Kaps! Glad you liked it! The SMI video is up as well. Look for the title "How to Setup Auth with Managed Identity" . I also show how to create a CRUD API against SQL server in that video.

Glad to hear it! I plan on creating many more of these, so let me know if there's something you're interested in.

I think they did. If you right click on the name of your function app, the drop down menu has the deploy section now. I noticed that it changed right around Build 2022. Between the "setup up authentication video" and the "Secure your secrets" videos, you can see it looks different. It takes me a few days between recording, editing and posting so, don't go by those dates.

@@azureappmodernization9036 Or maybe I'll actually follow the docs haha

tell me what didn't work? when I remake this, I can make sure to cover that

​@@azureappmodernization9036 It works okay for me I was looking for the Create Folder button next to the Azure functions tab, but it looks like they moved that to the new "Workspace" section in the same Azure Tools extension. The Workspace section is where you can make functions locally, test locally, then deploy to any of the Function Apps you have