![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 4%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKD%3C/text%3E%3C/svg%3E)
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 65%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 85%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVK%3C/text%3E%3C/svg%3E)
Hi @Kumar, Dheeraj ,
Thanks for reaching out to Microsoft Q&A.
As discussed earlier, Azure Functions can run in several hosting plans, and each has different characteristics in terms of cost, scaling, performance, and memory.
| Consumption Plan | Serverless, auto-scaling, pay-per-execution | - Auto-scale from zero - No idle cost - Ideal for event-driven workloads | - Cold start latency (especially for .NET isolated and Premium features) - Max 1.5 GB memory per instance | 1.5 GB | Pay per execution and memory-time |
|---|---|---|---|---|---|
| Consumption Plan | Serverless, auto-scaling, pay-per-execution | - Auto-scale from zero - No idle cost - Ideal for event-driven workloads | - Cold start latency (especially for .NET isolated and Premium features) - Max 1.5 GB memory per instance | 1.5 GB | Pay per execution and memory-time |
| Premium Plan | Serverless with pre-warmed instances | - No cold start - VNET, larger memory (up to 14 GB) - Unlimited execution duration | - More expensive than Consumption | 3–14 GB | Pay for pre-warmed instances + execution |
| Dedicated (App Service) Plan | Runs on App Service Plan VMs | - Predictable performance - Full control over VM size - Can host web apps in same plan | - Always on, pay for VMs even if idle - Less efficient for spiky workloads | Depends on VM SKU (up to 32 GB+) | Pay per VM |
| Elastic Premium (Flex Consumption) | Premium-like features with more dynamic scaling | - Can scale to zero - Higher memory per instance - No cold start - Supports VNET | - More complex pricing | Up to 14 GB | Pay per instance runtime and scaling |
Consumption: Best for small, infrequent workloads. Cost-effective if you have low to medium usage.
Premium: Best for critical workloads needing low latency, VNET, longer execution, and more memory.
Flex Consumption: A hybrid; scales to zero like Consumption but supports higher memory and pre-warmed instances.
Dedicated / App Service: Best if you already have App Service Plan VMs and want predictable performance or hosting multiple apps together.
Cost and Memory Considerations:
- Consumption Plan
- Memory: 1.5 GB per function instance
- Cost: ~$0.20 per million executions + execution time
- Cold start: Yes, can affect latency
- Premium / Flex Consumption
- Memory: 3–14 GB per instance
- Cost: Higher, pay for pre-warmed instances + execution
- Cold start: No
- Dedicated / App Service
- Memory: VM-dependent (2–32 GB or more)
- Cost: Pay per VM/hour, whether functions run or not
How to assign required privilege to Managed identity in Graph to create certain operations like app creation, sp creation and secrets etc
This can only be achieved using PowerShell script, but not possible through Portal UI.
Use Azure AD app registration + delegated permissions
- (If you want more control than built-in roles)
- Create an AAD app registration representing your Function
- Under API Permissions → Add Microsoft Graph → Application permissions:
- Application.ReadWrite.All
- Directory.ReadWrite.All (if you manage SPs)
- (Optionally) AppRoleAssignment.ReadWrite.All
- Grant admin consent
- Assign that app registration’s service principal roles via Azure CLI/PowerShell to your Function’s managed identity
- e.g.
New-AzureADAppRoleAssignmentoraz ad app permission grant
- e.g.
C. Code snippet (PowerShell + Az module)
# 1. Get the Function’s managed identity principalId
$func = Get-AzWebApp -Name myFunctionApp -ResourceGroup myRG
$mi = (Get-AzUserAssignedIdentity -ResourceGroup myRG -Name myFunctionApp-identity)
# 2. Assign Directory role
New-AzRoleAssignment -ObjectId $mi.PrincipalId `
-RoleDefinitionName "Application Administrator" `
-Scope "/"
Or use Microsoft Graph SDK calls to add appRoleAssignments.
Hope this helps!
If the resolution was helpful, kindly take a moment to click on and click on Yes for was this answer helpful. And, if you have any further query do let us know