Function System-Assigned Managed Identity

System-assigned Azure managed identity is enabled if user-assigned managed identity is not used. User-assigned managed identities offer less frequent updates to Azure resources and allow for configuration of permissions ahead of function creation.

If you have not created a user-assigned managed identity at Protect Function User-Assigned Managed Identity, setup following role assignments for system-assigned managed identity:

  1. Navigate to the function

  2. Select Settings, Identity.

  3. Confirm Status of system-assigned identity is already On on System Assigned tab

  4. Click on Azure role assignments button.

  5. Assign following roles to this identity:

    • Storage Blob Data Owner
    • Monitoring Metrics Publisher
    • Azure Event Hubs Data Sender: required only if function is sending logs to ESA

  6. From Azure console, navigate to Function App and select protect function deployed in previous section.

  7. Select Overview and click Restart button. Wait until function restart completes.


Last modified : January 14, 2026