Azure Function App Key
Service Name: Azure Functions
Service Description: Azure Functions is a serverless compute service that enables you to run event-triggered code without having to explicitly provision or manage infrastructure. It allows developers to focus on writing code that matters to their business needs rather than worrying about the platform or infrastructure to run it on.
Service Address: https://azure.microsoft.com/en-us/products/functions/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Function App level through Azure App Service networking features.
Secret Access Scope: Grants access to invoke specific Azure Functions within a Function App. Function keys can be scoped at the function level or at the function app level (admin keys).
Secret Revokement URL: https://portal.azure.com/ (Navigate to your Function App > App keys > Delete or regenerate the key)
Secret Example: abcdef1234567890abcdef1234567890abcdefghijklmnopq==
Suspicious Activity Investigation Instructions:
- Review Azure Function App logs for unusual invocation patterns or unauthorized access attempts.
- Check Azure Monitor for unexpected spikes in function executions.
- Review Azure Activity Logs for any configuration changes to the Function App.
- Examine IP addresses that have been accessing your functions for any unfamiliar locations.
- Verify if there are any unexpected outbound connections from your functions.
Mitigation Instructions:
- Immediately regenerate the compromised function key in the Azure Portal.
- Navigate to your Function App in the Azure Portal.
- Select "App keys" or "Function keys" depending on the key type.
- Click "Renew" next to the compromised key or delete it and create a new one.
- Update any legitimate applications or services that use this key with the new value.
- Consider implementing IP restrictions to limit which IP addresses can call your functions.
- Enable Azure AD authentication for your functions when possible instead of using keys.
- Review your key management practices and consider using Azure Key Vault for storing sensitive credentials.