Evaluate need for beefing up authZ in Notification

The notification service is by far authorizing any EG with a valid resource Id. The resources id is validated by istio.
Event Grid has the ability to come with AuthZ of service's service principal. Is this necessary going forward?