I'm facing a challenge in finding the right architecture for a project where public exposure is turned off on my Azure subscription. I need my Function App to connect to a SharePoint Online site for fetching and updating data. I considered using Azure API Management, but I'm worried about the potential costs and whether it's the best fit for my use case. I'd appreciate any recommendations or advice on how to approach this!
3 Answers
If your setup only restricts inbound access, you're actually in a good place. You just need to ensure your Function App is allowed outbound access to the Microsoft Graph and SharePoint endpoints. The best approach is to set up VNet integration with a NAT gateway to control egress traffic and whitelist Microsoft 365 service tags on your firewall. If you can't allow any outbound traffic, consider setting up a lightweight proxy in a trusted zone that your Function App can call. But ideally, aim for using managed identities with the Graph API for better integration.
It sounds like your Function App will need to connect to SharePoint Online via outbound calls, which should be fine as long as you have the right permissions set up. Keep in mind that disabling public exposure only affects inbound traffic. So, as long as your function can reach the internet to call SharePoint, you should be okay! Just make sure your network setup allows this.
I had a similar situation and ended up using a custom connector in Power Automate to authenticate to SharePoint as a Service Principal Name (SPN). It was a bit tricky, but it did work! However, if your customer is blocking all solutions related to Power Platform, that might not be an option for you.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically