Azure Functions overview: A guide for Microsoft admins

What is Azure Functions?

Azure Functions is a serverless computing service for customers who want to build automatic responses to various events without explicitly managing the underlying infrastructure. An Azure Function executes code in response to a multitude of events across Microsoft's cloud-based products, such as when a new user is created in Microsoft Entra ID, formerly Azure Active Directory, or a file is put in a OneDrive folder.

With Azure Functions, you don't need to manage any infrastructure, making it easy to execute small, single-purpose functions that scale to meet demand. Azure Functions supports multiple programming languages, including C#, Java, JavaScript, TypeScript, Python and PowerShell, making it a flexible option for various applications.

Microsoft uses a consumption-based model for Azure Functions that depends on the resources used to execute the function. More complex functions cost more money, but a simple monitoring function that checks for a file upload to SharePoint Online and then sends an email has to run approximately 2,000 times to run up a cost of $0.01.

How can Microsoft admins benefit from using Azure Functions?

Admins must align the IT infrastructure with business goals in the most efficient and secure manner possible. In this context, Azure Functions offers several benefits to achieve these objectives:

• Efficiency and cost savings. Microsoft uses a pay-as-you-go pricing model for Azure Functions. Organizations only incur costs when functions run. This approach could bring significant savings compared to maintaining always-on server infrastructure.
• Scalability. The serverless architecture dynamically scales resources to handle peaks in workload without intervention.
• Integrated security. With Microsoft Entra ID and other Microsoft tools, Azure Functions let admins apply security and compliance policies to serverless applications.
• Streamlined workflows. Azure Functions connects with other Azure services and external resources through triggers and bindings to automate workflows, reducing the need for manual intervention.
• Development flexibility. Azure Functions supports many programming languages to make it more accessible for admins to develop and deploy custom functions to perform a variety of tasks.

Understanding Azure Functions

To fully understand how Azure Functions fits within Microsoft's ecosystem, it's helpful to compare it with other services admins can use for management:

• Azure Logic Apps is a service for building automated workflows that integrate apps, data, services and systems. Its visual designer feature makes building workflows easier for users without coding experience. Azure Logic Apps is ideal for connecting diverse systems and services, including SaaS applications and custom APIs.
• Azure Automation is a cloud-based automation and configuration service designed for consistent management across Azure and non-Azure environments. It is primarily for automating repetitive tasks, such as deployments, environment setup and configuration management using PowerShell and Python scripts.
• Microsoft Graph is a unified API endpoint that enables applications to access data, relationships and insights across Microsoft 365 services and applications. Azure Functions uses Microsoft Graph to process the data in an event-driven manner, responding to specific triggers or changes.
• The Azure and Microsoft 365 portals are GUI-based tools for managing services, users and configurations. They are mainly used for administrative tasks and setting adjustments.

What are the advantages of Azure Functions for Microsoft 365 admins?

Azure Functions has a suite of benefits that make it ideal for Microsoft 365 administrators who want to build more efficient, secure and customized workflows for their organizations. Azure Functions automates intricate tasks in Microsoft 365 environments, executing code in response to events for capabilities beyond what's possible with standard automation tools.

Administrators can build tailor-made routines triggered by specific events in Microsoft 365, such as arriving email, calendar events or changes in SharePoint documents.

Azure Functions supports a wide range of programming languages and seamlessly connects multiple Azure services and external APIs. This makes it possible to build integrations that are difficult or impossible with out-of-the-box tools.

Azure Functions stands out from the other platform services due to its customization capabilities. Administrators can write code to handle data transformations, integrate third-party services or automate complex workflows. Azure Functions automates complex workflows that involve multiple steps and conditional logic.

Azure Functions also facilitates real-time data processing for instant response to changes in data or system events, ensuring swift and efficient execution of automated tasks. Azure Functions security features maintain the privacy and integrity of data within Microsoft 365 environments. Azure Functions operates in an isolated environment to keep code execution from affecting the security or performance of other services. Azure Functions also integrates with Microsoft Entra ID and supports role-based access control to give admins a way to define security policies and permissions for accessing and managing functions. Furthermore, Azure Functions complies with Microsoft's privacy and compliance standards, making it ideal for sensitive data scenarios.

What are potential disadvantages of Azure Functions?

Although Azure Functions is a comprehensive framework for creating and distributing event-based applications, there are some potential downsides, such as the complexity of serverless architectures, difficulties with integrating with current systems and the expenses associated with cloud services.

Some IT teams might have difficulties adopting Azure Functions. Getting the most out of this service requires a solid grasp of the serverless model, event-driven architecture and an understanding of the specific features and limitations. A serverless model requires admins to think differently about architecture, scalability and state management.

Debugging serverless applications can be more complex due to their distributed nature. Similarly, effective monitoring requires familiarity with Azure-specific tools and practices. While Azure Functions offers extensive integration capabilities with Azure services and external systems, connecting it to existing infrastructure might take a lot of effort, especially when dealing with complex legacy systems or third-party services not designed for serverless architectures.

Although Azure Functions uses a consumption-based pricing model, trying to understand and manage costs can be a potential disadvantage. Costs vary based on execution times, the number of executions and resource consumption. Without careful planning and monitoring, organizations might experience higher than anticipated costs.

How admins can use Azure Functions

Microsoft 365 admins build scalable, event-driven applications by connecting to Azure Functions through the Azure portal or by using Visual Studio Code (VS Code).

Triggers, a fundamental concept in Azure Functions, determine when and how to execute a function. A specific trigger type links to each function, such as an HTTP request, message in a queue or timer. HTTP triggers activate your function through HTTP requests, making them suitable for building APIs and webhooks. Timer triggers schedule functions to run at defined intervals, which is perfect for regular maintenance tasks or batch processing. Queue triggers respond to messages placed in Azure Queue Storage.

Microsoft offers a range of templates for common scenarios that include predefined code and configuration settings. You select templates based on your intended trigger and language preference when creating a new function in the Azure portal. The Azure Functions extension for VS Code also offers template-based function creation, streamlining the development process.

How to use Azure Functions with PowerShell

The example below uses the Azure portal to create and manage an Azure Function. For this example, you need to use the PnP PowerShell module, assuming your environment already trusts it. If not, please review the following documentation to execute Register-PnPManagementShellAccess.

Here are the steps:

1. Log in to the Azure portal using your Microsoft account.
2. Go to Create a resource, search for Function App and follow the wizard to create a new function app. You must specify details such as your Subscription, Resource Group, Function App name and Runtime stack.
   
   

3. Once you create the Function App, you can add new functions directly within the portal.
4. Click on App Files from the left navigation.
5. Change the dropdown to profile.ps1, comment out the following lines and click Save:

   #if ($env:MSI_SECRET) {
   #    Disable-AzContextAutosave -Scope Process | Out-Null
   #    Connect-AzAccount -Identity
   #}​

6. Change the dropdown to requirements.psd1, modify the code to the following and click Save:

   @{
       'PnP.PowerShell' = '2.*'
    }​

7. Once in the Function App, click Create, and choose HTTP trigger.
8. Set the Name and the Authorization to Anonymous for testing.
9. Click the new HTTP trigger and the Code + Test option.
10. Overwrite the current code with the following code, and click Save -- update the URL and Library as needed:

    using namespace System.Net
    
    param($Request, $TriggerMetadata)
    
    $securePassword = ConvertTo-SecureString $env:User_Pwd -AsPlainText -Force
    $credentials = New-Object PSCredential ($env:User_Account, $securePassword)
    Connect-PnPOnline https://site.sharepoint.com/sites/Mark8ProjectTeam -Credentials $credentials
    $siteRelativeUrl = "/sites/Mark8ProjectTeam/Shared Documents"
    
    $script:fileDetailsArray = @()
    
    function Get-FilesRecursively {
        param (
            [string]$folderServerRelativeUrl
        )
    
        $items = Get-PnPListItem -List "Shared Documents" -FolderServerRelativeUrl $folderServerRelativeUrl -PageSize 500
    
        foreach ($item in $items) {
            if ($item.FileSystemObjectType -eq "Folder") {
                Get-FilesRecursively -folderServerRelativeUrl $item.FieldValues.FileRef
            } else {
                $fileDetails = Get-PnPProperty -ClientObject $item -Property "File"
                if ($fileDetails.TimeLastModified -gt (Get-Date).AddDays(-10)) {
    
                    $fileObj = [PSCustomObject]@{
                        FileName = if ([string]::IsNullOrEmpty($fileDetails.Name)) { $item.FieldValues["Title"] } else { $fileDetails.Name }
                        FilePath = $item.FieldValues["FileRef"]
                        Modified = $fileDetails.TimeLastModified
                        ModifiedBy = $item.FieldValues["Editor"].LookupValue
                    }
    
                    $script:fileDetailsArray += $fileObj
                }
            }
        }
    }
    
    Get-FilesRecursively -folderServerRelativeUrl $siteRelativeUrl
    
    $jsonOutput = $script:fileDetailsArray | ConvertTo-Json -Depth 10
    
    Disconnect-PnPOnline
    
    Write-Output $jsonOutput
    
    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
        StatusCode = [HttpStatusCode]::OK
        Body = $jsonOutput
        Headers = @{
            "Content-Type" = "application/json"
        }
    })​

11. Execute the function using the Test/Run or Get Function URL buttons.
12. Lastly, navigate to the Function App root, and click Configuration.
13. In the Application Settings, add two new application settings: one called User_Account and another called User_Pwd. Populate them with the set of credentials you wish to use to have access to SharePoint Online. Do not use this approach for production.

The Test/Run option lets you view it directly within the trigger window. The Get function Url provides a URL you can paste into the browser, which executes the Azure Function. After running the Azure Function, it returns a JSON string with all the files modified in the past day from the specific location within SharePoint Online.

This is just a simple example of what could be done using PowerShell within an Azure Function. You can use other languages, such as Python, for further enhancements. For example, you can modify the code to create a report, email it to other users or administrators or take other actions if required.

Microsoft offers extensive documentation, code samples and tutorials for Azure Functions, catering to beginners and advanced users in this documentation.

Liam Cleary is founder and owner of SharePlicity, a technology consulting company that helps organizations with internal and external collaboration, document and records management, business process automation, automation tool deployment, and security controls and protection. Cleary's areas of expertise include security on the Microsoft 365 and Azure platforms, PowerShell automation and IT administration. Cleary is a Microsoft MVP and a Microsoft Certified Trainer.