How can I use a Synthetic Canary with a Lambda which is protected by MSAL?

Typically, MSAL is used to guarantee an extra layer of security that uses random code and also, guarantees a real human, authorized person is there. That being said, Cloud Watch Synthetic generally wouldn't be able to get through these mechanisms. One way to get there is provide special credentials for the CW Synthetics to get passed and make sure the CW Synthetic is network protected and won't expose these checks. Hope that helps !