MicrosoftDocs
diff --git a/‎articles/azure-functions/durable/durable-task-scheduler/develop-with-durable-task-scheduler.md
Lines changed: 2 additions & 167 deletions b/‎articles/azure-functions/durable/durable-task-scheduler/develop-with-durable-task-scheduler.md
Lines changed: 2 additions & 167 deletions
diff --git a/‎articles/azure-functions/durable/durable-task-scheduler/durable-task-scheduler-dashboard.md
Lines changed: 97 additions & 7 deletions b/‎articles/azure-functions/durable/durable-task-scheduler/durable-task-scheduler-dashboard.md
Lines changed: 97 additions & 7 deletions
@@ -264,174 +264,9 @@ You can see all the task hubs created in a scheduler on the **Overview** of the
 
 Durable Task Scheduler **only** supports either *user-assigned* or *system-assigned* managed identity authentication. **User-assigned identities are recommended,** as they aren't tied to the lifecycle of the app and can be reused after the app is deprovisioned.
 
-The following are the Durable Task Scheduler related roles you can grant to an identity:
+If you haven't already, [configure managed identity for your Durable Functions app](./durable-task-scheduler-identity.md).
 
- - **Durable Task Data Contributor**: Role for all data access operations. This role is a superset of all other roles. 
- - **Durable Task Worker**: Role used by worker applications to interact with the Durable Task Scheduler. Assign this role if your app is used *only* for processing orchestrations, activities, and entities. 
- - **Durable Task Data Reader**: Role to read all Durable Task Scheduler data. Assign this role if you only need a list of orchestrations and entities payloads. 
-
-> [!NOTE]
-> Most Durable Functions apps would require the Durable Task Data Contributor role. 
-
-The following sections demonstrate how to grant permissions to an identity resource and configure your Durable Functions app to use the identity for access to schedulers and task hubs. 
-
-### Assign RBAC (role-based access control) to managed identity resource 
-
-::: zone pivot="az-cli" 
-
-1. Create a user-assigned managed identity
-
-    ```azurecli
-    az identity create -g RESOURCE_GROUP_NAME -n IDENTITY_NAME
-    ```
-
-1. Set the assignee to identity resource created
-
-    ```azurecli
-    assignee=$(az identity show --name IDENTITY_NAME --resource-group RESOURCE_GROUP_NAME --query 'clientId' --output tsv) 
-    ``` 
-
-1. Set the scope. Granting access on the scheduler scope gives access to *all* task hubs in that scheduler.
-
-    **Task Hub**
-
-    ```bash
-    scope="/subscriptions/SUBSCRIPTION_ID/resourceGroups/RESOURCE_GROUP_NAME/providers/Microsoft.DurableTask/schedulers/SCHEDULER_NAME/taskHubs/TASKHUB_NAME"
-    ```
-   
-    **Scheduler**
-
-    ```bash
-    scope="/subscriptions/SUBSCRIPTION_ID/resourceGroups/RESOURCE_GROUP_NAME/providers/Microsoft.DurableTask/schedulers/SCHEDULER_NAME"
-    ```
-
-1. Grant access. Run the following command to create the role assignment and grant access.
-
-    ```azurecli
-    az role assignment create \
-      --assignee "$assignee" \
-      --role "Durable Task Data Contributor" \
-      --scope "$scope"
-    ```
-   
-    *Expected output*
-   
-    The following output example shows a developer identity assigned with the Durable Task Data Contributor role on the *scheduler* level:
-   
-    ```json
-    {
-      "condition": null,
-      "conditionVersion": null,
-      "createdBy": "YOUR_DEVELOPER_CREDENTIAL_ID",
-      "createdOn": "2024-12-20T01:36:45.022356+00:00",
-      "delegatedManagedIdentityResourceId": null,
-      "description": null,
-      "id": "/subscriptions/YOUR_SUBSCRIPTION_ID/resourceGroups/YOUR_RESOURCE_GROUP/providers/Microsoft.DurableTask/schedulers/YOUR_DTS_NAME/providers/Microsoft.Authorization/roleAssignments/ROLE_ASSIGNMENT_ID",
-      "name": "ROLE_ASSIGNMENT_ID",
-      "principalId": "YOUR_DEVELOPER_CREDENTIAL_ID",
-      "principalName": "YOUR_EMAIL",
-      "principalType": "User",
-      "resourceGroup": "YOUR_RESOURCE_GROUP",
-      "roleDefinitionId": "/subscriptions/YOUR_SUBSCRIPTION/providers/Microsoft.Authorization/roleDefinitions/ROLE_DEFINITION_ID",
-      "roleDefinitionName": "Durable Task Data Contributor",
-      "scope": "/subscriptions/YOUR_SUBSCRIPTION/resourceGroups/YOUR_RESOURCE_GROUP/providers/Microsoft.DurableTask/schedulers/YOUR_DTS_NAME",
-      "type": "Microsoft.Authorization/roleAssignments",
-      "updatedBy": "YOUR_DEVELOPER_CREDENTIAL_ID",
-      "updatedOn": "2024-12-20T01:36:45.022356+00:00"
-    }
-    ```
-
-::: zone-end 
-
-::: zone pivot="az-portal"
-
-[!INCLUDE [assign-role-based-access-control-portal](./includes/assign-role-based-access-control-portal.md)]
-
-::: zone-end 
-
-### Assign managed identity to your app
-
-Now that the identity has the required RBAC to access Durable Task Scheduler, you need to assign it to your function app.
-
-::: zone pivot="az-cli" 
-
-1. Get resource ID of manage identity.
-    ```azurecli
-    resource_id=$(az resource show --resource-group RESOURCE_GROUP --name MANAGED_IDENTITY_NAME --resource-type Microsoft.ManagedIdentity/userAssignedIdentities --query id --output tsv)
-    ```
-
-1. Assign the identity to app.
-    ```azurecli
-    az functionapp identity assign --resource-group RESOURCE_GROUP_NAME --name FUNCTION_APP_NAME --identities "$resource_id"
-    ```
-
-::: zone-end 
-
-::: zone pivot="az-portal"
-  
-1. From your app in the portal, select **Settings** > **Identity**. 
-
-1. Click the **User assigned** tab.
-
-1. Click **+ Add**, then pick the identity created in the last section. Click the **Add** button.
-
-    :::image type="content" source="media/configure-durable-task-scheduler/assign-identity.png" alt-text="Screenshot of adding the user-assigned managed identity to your app in the portal.":::
-
-::: zone-end 
-
-### Add environment variables to app
-
-Add these two environment variables to app setting:
-  - `TASKHUB_NAME`: name of task hub
-  - `DURABLE_TASK_SCHEDULER_CONNECTION_STRING`: the format of the string is `"Endpoint={scheduler point};Authentication=ManagedIdentity;ClientID={client id}"`, where `Endpoint` is the scheduler endpoint and `client id` is the identity's client ID. 
-
-::: zone pivot="az-cli"
-
-1. Get the required information for the Durable Task Scheduler connection string. 
-
-    To get the scheduler endpoint.
-    ```azurecli
-    az durabletask scheduler show --resource-group RESOURCE_GROUP_NAME --name DTS_NAME --query 'properties.endpoint' --output tsv
-    ```
-
-    To get the client ID of managed identity.
-    ```azurecli
-    az identity show --name MANAGED_IDENTITY_NAME --resource-group RESOURCE_GROUP_NAME --query 'clientId' --output tsv
-    ```
-
-1. Use the following command to add environment variable for the scheduler connection string to app. 
-    ```azurecli
-    az functionapp config appsettings set --resource-group RESOURCE_GROUP_NAME --name FUNCTION_APP_NAME --settings KEY_NAME=KEY_VALUE
-    ```
-
-1. Repeat previous step to add environment variable for task hub name. 
-
-::: zone-end 
-
-::: zone pivot="az-portal"
-
-1. Get the required information for the Durable Task Scheduler connection string. 
-
-    To get your scheduler endpoint, navigate to the **Overview** tab of your scheduler resource and find "Endpoint" in the top *Essentials* section. 
-
-    To get your managed identity client ID, navigate to the **Overview** tab of your resource and find "Client ID" in the top *Essentials* section. 
-
-1. Navigate to your app on the portal. 
-
-1. In the left menu, click **Settings** > **Environment variables**. 
-
-1. Add environment variable for Durable Task Scheduler connection string. 
-
-1. Add environment variable for task hub name.   
-
-1. Click **Apply** then **Confirm** to add the variables. 
-
-::: zone-end 
-
-> [!NOTE]
-> If you use system-assigned identity, your connection string would *not* need the client ID of the identity resource: `"Endpoint={scheduler endpoint};Authentication=ManagedIdentity"`.
-
-## Accessing Durable Task Scheduler dashboard
+## Accessing the Durable Task Scheduler dashboard
 
 Assign the required role to your *developer identity (email)* to gain access to the [Durable Task Scheduler dashboard](./durable-task-scheduler-dashboard.md). 
 
 
@@ -1,17 +1,107 @@
 ---
 title: Debug and manage orchestrations using the Azure Functions Durable Task Scheduler dashboard (preview)
 description: Learn how to debug and manage your orchestrations using the Azure Functions Durable Task Scheduler.
-ms.topic: conceptual
-ms.date: 03/17/2025
+ms.topic: how-to
+ms.date: 05/05/2025
+zone_pivot_groups: dts-devexp
 ---
 
 # Debug and manage orchestrations using the Azure Functions Durable Task Scheduler dashboard (preview)
 
-Observe, manage, and debug your task hub or scheduler's orchestrations effectively using the Durable Task Scheduler dashboard. The dashboard is available when you run the [Durable Task Scheduler emulator](./durable-task-scheduler.md#emulator-for-local-development) locally or create a scheduler resource on Azure. 
-- **Running locally** doesn't require authentication. 
-- **Creating a scheduler resource on Azure** requires that you [assign the *Durable Task Data Contributor* role to your identity](./develop-with-durable-task-scheduler.md#accessing-durable-task-scheduler-dashboard). You can then access the dashboard via either:
-  - The task hub's dashboard endpoint URL in the Azure portal
-  - Navigate to `https://dashboard.durabletask.io/` combined with your task hub endpoint.  
+Observe, manage, and debug your task hub or scheduler's orchestrations using the Durable Task Scheduler dashboard. The dashboard is available when you run the [Durable Task Scheduler emulator](./durable-task-scheduler.md#emulator-for-local-development) locally or create a scheduler resource on Azure. 
+
+Running the emulator locally doesn't require authentication. 
+
+Creating a scheduler resource on Azure requires [assigning the *Durable Task Data Contributor* role to your identity](./durable-task-scheduler-identity.md). You can then access the dashboard via either:
+- The task hub's dashboard endpoint URL in the Azure portal
+- Navigate to `https://dashboard.durabletask.io/` combined with your task hub endpoint.  
+
+In this article, you learn how to:
+
+> [!div class="checklist"]
+>
+> - Assign one of the Durable Task roles to your developer identity. 
+> - Access the Durable Task Scheduler dashboard.
+> - View orchestration status and history via the Durable Task Scheduler dashboard.
+
+## Prerequisites
+
+Before you begin:
+
+- [Install the latest Azure CLI](/cli/azure/install-azure-cli) 
+- [Create a scheduler and task hub resource](./develop-with-durable-task-scheduler.md)
+- [Configure managed identity for your Durable Task Scheduler resource](./durable-task-scheduler-identity.md)
+
+## Access the Durable Task Scheduler dashboard
+
+Assign the required role to your *developer identity (email)* to gain access to the [Durable Task Scheduler dashboard](./durable-task-scheduler-dashboard.md). 
+
+::: zone pivot="az-cli" 
+
+1. Set the assignee to your developer identity.
+
+    ```azurecli
+    assignee=$(az ad user show --id "[email protected]" --query "id" --output tsv)
+    ```
+
+1. Set the scope. Granting access on the scheduler scope gives access to *all* task hubs in that scheduler.
+
+    **Task Hub**
+
+    ```bash
+    scope="/subscriptions/SUBSCRIPTION_ID/resourceGroups/RESOURCE_GROUP/providers/Microsoft.DurableTask/schedulers/SCHEDULER_NAME/taskHubs/TASK_HUB_NAME"
+    ```
+   
+    **Scheduler**
+    ```bash
+    scope="/subscriptions/SUBSCRIPTION_ID/resourceGroups/RESOURCE_GROUP/providers/Microsoft.DurableTask/schedulers/SCHEDULER_NAME"
+    ```
+
+1. Grant access. Run the following command to create the role assignment and grant access.
+
+    ```azurecli
+    az role assignment create \
+      --assignee "$assignee" \
+      --role "Durable Task Data Contributor" \
+      --scope "$scope"
+    ```
+   
+    *Expected output*
+   
+    The following output example shows a developer identity assigned with the Durable Task Data Contributor role on the *scheduler* level:
+   
+    ```json
+    {
+      "condition": null,
+      "conditionVersion": null,
+      "createdBy": "YOUR_DEVELOPER_CREDENTIAL_ID",
+      "createdOn": "2024-12-20T01:36:45.022356+00:00",
+      "delegatedManagedIdentityResourceId": null,
+      "description": null,
+      "id": "/subscriptions/YOUR_SUBSCRIPTION_ID/resourceGroups/YOUR_RESOURCE_GROUP/providers/Microsoft.DurableTask/schedulers/YOUR_DTS_NAME/providers/Microsoft.Authorization/roleAssignments/ROLE_ASSIGNMENT_ID",
+      "name": "ROLE_ASSIGNMENT_ID",
+      "principalId": "YOUR_DEVELOPER_CREDENTIAL_ID",
+      "principalName": "YOUR_EMAIL",
+      "principalType": "User",
+      "resourceGroup": "YOUR_RESOURCE_GROUP",
+      "roleDefinitionId": "/subscriptions/YOUR_SUBSCRIPTION/providers/Microsoft.Authorization/roleDefinitions/ROLE_DEFINITION_ID",
+      "roleDefinitionName": "Durable Task Data Contributor",
+      "scope": "/subscriptions/YOUR_SUBSCRIPTION/resourceGroups/YOUR_RESOURCE_GROUP/providers/Microsoft.DurableTask/schedulers/YOUR_DTS_NAME",
+      "type": "Microsoft.Authorization/roleAssignments",
+      "updatedBy": "YOUR_DEVELOPER_CREDENTIAL_ID",
+      "updatedOn": "2024-12-20T01:36:45.022356+00:00"
+    }
+    ```
+
+1. After granting access, go to `https://dashboard.durabletask.io/` and fill out the required information about your scheduler and task hub to see the dashboard. 
+ 
+::: zone-end 
+
+::: zone pivot="az-portal" 
+
+[!INCLUDE [assign-dev-identity-role-based-access-control-portal](./includes/assign-dev-identity-role-based-access-control-portal.md)]
+
+::: zone-end 
 
 ## Monitor orchestration progress and execution history