Azure Functions Event Grid Trigger Authentication Issues

I having an issue with Azure Functions and Event Grid with authentication enabled.

I have an Azure Function (Java 11 + Maven) with an Event Grid Trigger from Storage Account with Event Grid Systems that was working correctly using Function Keys. However, after enabling Authentication in the Function App through the Azure Portal, Event Grid started receiving 401 Unauthorized errors, even though the event grid is linked as system identity.

I need enable the authentication to protect my function for anonymous calls, but need my function event grid keep working, so this is what I'm do

1. Create the resource group:

   az group create --name rg-event-hub-fn-01 --location westus

1. Create the storage account and container:

   az storage account create \
   --name staccwestus01 \
   --resource-group rg-event-hub-fn-01 \
   --location westus \
   --sku Standard_LRS

   az storage container create \
   --account-name staccwestus01 \
   --name contracts \
   --public-access off

Created 2 folders inside the contracts container: approved / rejected.

1. Create the service plan for Azure Function:

   az functionapp plan create \
   --name sp-azure-function-event-grid-01 \
   --resource-group rg-event-hub-fn-01 \
   --location westus \
   --sku B1 \
   --is-linux

1. Create the Azure Function:

   az functionapp create \
   --resource-group rg-event-hub-fn-01 \
   --name azure-function-event-example-01 \
   --storage-account staccwestus01 \
   --plan sp-azure-function-event-grid-01 \
   --runtime java \
   --runtime-version 11 \
   --functions-version 4 \
   --os-type Linux \
   --assign-identity

1. Package the project and deploy it:

   mvn clean package azure-functions:package

   az functionapp deployment source config-zip \
   --resource-group rg-event-hub-fn-01 \
   --name azure-function-event-example-01 \
   --src function.zip

1. Create the Event Grid system topic through the Azure Portal:
   • Enter to the Storage Account resource staccwestus01
   • In the left menu, the "Events" section.
   • "Event Grid".
   • "Create Create Event Subscription".
   • Name: event-grid-sys-subsc-fn-01
   • Event Schema: Event Grid Schema.
   • Topic Type: Storage Account
   • Source Resource: staccwestus01
   • System Topic Name: staccwestus-event-grid-theme-01
   • Event Types: Microsoft.Storage.BlobCreated
   • Endpoint Type: Azure Function
   • Subscription: My Azure subscription.
   • Resource Group: rg-event-hub-fn-01
   • Function App: azure-function-event-example-01
   • Function Name: EventGridStorageAccountJava
   • In the Filter Tab, "Subject Filter" section.
   • Subject Begins With:
   • /blobServices/default/containers/contracts/blobs/approved
2. Upload a file to the folder: This worked without issues.

1. POST through Postman to Event Grid webhook: This also worked without issues.

1. Enable the authentication option from the Azure Function:
   • In the Azure Function azure-function-event-example-01, under Authentication Settings:
   • Configure the Microsoft Provider
   • Under "Identity provider", select Microsoft
   • "Create a new app registration" (as default).
   • App registration name: Keep the default suggested name.
   • Secret expiration: 180 days
   • Account types: Current tenant
   • Client application requirement: Allow requests only from this application itself.
   • Identity requirement: Allow requests from any identity
   • Tenant requirement: Allow requests only from the issuer tenant
   • Restrict access: Require authentication
   • Unauthenticated requests: HTTP 401 Unauthorized: recommended for APIs
   • Token Store: Check
2. Enable system identity from Event Grid system and grant roles to the Azure Function:
   • In the Event Grid System Topic staccwestus-event-grid-theme-01, set "Status" to On.
   • Go to the Function app azure-function-event-example-01 and assign the role "Contributor" to "Event Grid Topic Systems".
   • Restart the Azure Function
3. Upload a file to the folder:

Attempted to upload a file to the folder, which resulted in a 401 error.

1. POST through Postman to Event Grid webhook: This also resulted in a 401 error.

Finally i need to keep enable the authentication to prevent the anonymus calls for example in the home function page.