Managed identity

A Function App can use a Managed Identity in order to access other Azure services.

When configuring your Function App, click the Identity blade on the left.
Switch the Status to On and click Save.
Click Yes to create a Managed Identity to represent your Function App.
Your Function App now has an identity in Azure Active Directory, and can be assigned roles and access to specific services like other identities.

When interacting with Key Vaults, Event Grid, or Storage accounts (besides the File share automatically attached to the Function App), this is the Identity you will use, and it is named after your Function App. You can also grant it permissions to access other Azure services if the data flow itself requires access to them.