Just saw your comment. You can reach me on linkedin: www.linkedin.com/in/nagendra-m-8984981

@ appreciate your response, send you a personal DM to your profile in linked in. Kind regards!

I know... I recorded this under time pressure... I'm going to prepping a whole new set of content soon. I'll be sure to use a better mic.,

You may be able to move your resources across subscriptions and resource groups. In order to find out, open up your group and select "move" on the overview screen. Select the target resource group and then the resources. The system will run a validation and let you know if a move is allowed. Finally select move to start the process.

learn.microsoft.com/en-us/azure/azure-resource-manager/management/move-resource-group-and-subscription#use-the-portal

I am wondering the same thing. I really like this approach but if I won't figure out if this can be used in the local machine the reality is that I probably can't use it.

I cover this in the video around 3:45 and 4:15. Depending on if you're using Host/Admin authorization or Function Authorization.

If you put your key in the vault as a secret, you can grant a specific service principal access to the secret. Your android app can then use that particular service principal to access the secret ( and its value). There is nothing that limits the principal to only be used on Android, however. Did I understand your question correctly?

@azureappmodernization9036 thank you so much for taking the time to reply. but how is this better than storing the secret key in the android app since you will need to store the service principals credentials in the app?

Sorry for the delayed response here: You should be able to set the timezone by defining WEBSITE_TIME_ZONE in your app settings. learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-timer?tabs=python-v2%2Cisolated-process%2Cnodejs-v4&pivots=programming-language-python#ncrontab-time-zones

Deployment slot settings are for deployment slots, otherwise a 'setting/environment variable' does not need to be a deployment slot settting.

@@siyabongamngomezulu3775 , I am not seeing it as a requirement in any of the docs. Sorry about the mis-statement in the video. Good catch @conaxlearn8566

Have you installed the functions core tools ? learn.microsoft.com/en-us/azure/azure-functions/functions-run-local?tabs=v4%2Clinux%2Ccsharp%2Cportal%2Cbash

Glad you liked it

@@azureappmodernization9036 Hey just a question, if the functions are not http triggered, say queue triggered then key mechanism is the only way to authorize the functions right ? I do know that managed identity is a way, but I’m sure we can’t have an app registration in this case. Am I correct ?

Glad you enjoyed it!

@@azureappmodernization9036 Do you think a JWT flow woudl make sense for a azure function or should i go for AD-Auth a) in general? even for CI/CD use cases like text-2-speech translations b) as API/ Fetch for my Vue frontend

(Apologies for the late reply) If I understand your question correctly: You have 2 entities: The caller and the function. In the first part of the video, I register the function with an identity (app registration) and then a role that we need to be in place to call the function. In the second part, we need an identity to call the function and we associate the role the function needs with that identity. When the call is made this occurs (in a similar order) , the function asks AD: "Is the caller allowed to call me?" So AD will challenge the caller with auth information. The caller logs into AD (with client and secret), AD gives it a token that is valid for a period of time. The caller resends the request to the function, which asks AD the same question again: "Is the caller allowed to call me?" AD looks up the bearer token the client sent it and validates it, it then looks up the caller's app role and matches it with the function app role. If all looks good, it tells the function that security checks have passed.

@@azureappmodernization9036 Thank you, makes perfect sense! Seems I was just looking at it from a different perspective.

Great explanation ❤

Sorry, I should have been clearer in the content. This video shows how to use AD for identity and then you use RBAC to authorize that identity. The first step is to give the function an identity. You can provide you own identity certificates, or you can let Azure manage the identity lifecycle for you. Once you assign the managed identity, you turn on AD authentication which will validate the identity for every connection. Then on the SQL side, you use RBAC to grant access to that identity. So, the combination of these statements: CREATE USER [FNName] FROM EXTERNAL PROVIDER and ALTER ROLE db_datareader ADD MEMBER [FNName] will grant the identity 'FNName' reader access.

My pleasure