Prisma Cloud Compute: Azure Functions Returning "Failed to download Function" 403 Error

Azure functions show the following error in the Prisma Cloud Console:

ERRO 2025-01-20T23:47:42.449 scanner.go:1393 Failed to download function: failed to download [function_name] function: failed to download file, status code 403

GUI Path: Monitor > Vulnerabilities > Functions > Scanned functions.

• Prisma Cloud Compute SaaS version
• Prisma Cloud Compute Self-hosted version
• Azure Serverless Scanning

Networking configurations are preventing Prisma Cloud from downloading the function files in order to scan them.

GUI Path: Function App > Networking > Inbound traffic configuration 

• Navigate to your function's Networking tab within Azure.
• Allow public network access to the function OR select "Enabled from select virtual networks and IP addresses".
  • If you select "Enabled from select virtual networks and IP addresses", you must allow inbound connections from the IP addresses in the following documentation.
  • For example, if your Prisma tenant is in app4.prismacloud.io us-west-1, you should be able to allow the following IP addresses to clear the 403 errors:
    34.82.138.152
    35.230.69.118
    104.198.109.73
    34.19.57.46
    34.83.186.93
    34.168.3.165

Check the Advanced tool site tab as well. We need to either have allow action for unmatched rules, or to allow the Prisma IP addresses similar to the main site or use main site rules. The rules here at "Advanced tool site" take precedence over the main site allow rules. 

• Navigate to Monitor > Vulnerabilities > Functions in the Prisma Cloud Console and trigger a new scan.
• Wait for the scan to finish and refresh the results.