Merge pull request #281819 from ggailey777/fixup

[Functions] Public PR fix-ups

Author: AnnaMHuff

articles/azure-functions/configure-monitoring.md

@@ -3,7 +3,7 @@ title: Configure monitoring for Azure Functions
 description: Learn how to connect your function app to Application Insights for monitoring and how to configure data collection.
 ms.service: azure-functions
 ms.topic: how-to
-ms.date: 07/11/2024
+ms.date: 08/06/2024
 ms.custom: devdivchpfy22
 
 # Customer intent: As a developer, I want to understand how to configure monitoring for my functions correctly, so I can collect the data that I need.
@@ -48,7 +48,7 @@ Category names are assigned differently in Functions compared to other .NET fram
 
 The following table describes the main categories of logs that the runtime creates:
 
-# [v2.x+](#tab/v2)
+### [v2.x+](#tab/v2)
 
 | Category | Table | Description |
 | ----- | ----- | ----- |
@@ -65,7 +65,7 @@ The following table describes the main categories of logs that the runtime creat
 > [!NOTE]
 > For .NET class library functions, these categories assume you're using `ILogger` and not `ILogger<T>`. For more information, see the [Functions ILogger documentation](functions-dotnet-class-library.md#ilogger).
 
-# [v1.x](#tab/v1)
+### [v1.x](#tab/v1)
 
 | Category | Table | Description |
 | ----- | ----- | ----- |
@@ -90,7 +90,7 @@ The following examples define logging based on the following rules:
 + `Host.Aggregator` and `Host.Results` are set to lower levels. Setting logging levels too high (especially higher than `Information`) can result in loss of metrics and performance data.
 + Logging for function runs is set to `Information`. If necessary, you can [override](functions-host-json.md#override-hostjson-values) this setting in local development to `Debug` or `Trace`.
 
-# [v2.x+](#tab/v2)
+### [v2.x+](#tab/v2)
 
 ```json
 {
@@ -106,7 +106,7 @@ The following examples define logging based on the following rules:
 }
 ```
 
-# [v1.x](#tab/v1)
+### [v1.x](#tab/v1)
 
 ```json
 {
@@ -127,7 +127,7 @@ The following examples define logging based on the following rules:
 
 If *[host.json]* includes multiple logs that start with the same string, the more defined logs ones are matched first. Consider the following example that logs everything in the runtime, except `Host.Aggregator`, at the `Error` level:
 
-# [v2.x+](#tab/v2)
+### [v2.x+](#tab/v2)
 
 ```json
 {
@@ -143,7 +143,7 @@ If *[host.json]* includes multiple logs that start with the same string, the mor
 }
 ```
 
-# [v1.x](#tab/v1)
+### [v1.x](#tab/v1)
 
 ```json
 {
@@ -191,7 +191,7 @@ As noted in the previous section, the runtime aggregates data about function exe
 
 Application Insights has a [sampling](../azure-monitor/app/sampling.md) feature that can protect you from producing too much telemetry data on completed executions at times of peak load. When the rate of incoming executions exceeds a specified threshold, Application Insights starts to randomly ignore some of the incoming executions. The default setting for maximum number of executions per second is 20 (five in version 1.x). You can configure sampling in [*host.json*](./functions-host-json.md#applicationinsights). Here's an example:
 
-# [v2.x+](#tab/v2)
+### [v2.x+](#tab/v2)
 
 ```json
 {
@@ -209,7 +209,7 @@ Application Insights has a [sampling](../azure-monitor/app/sampling.md) feature
 
 You can exclude certain types of telemetry from sampling. In this example, data of type `Request` and `Exception` is excluded from sampling. It ensures that *all* function executions (requests) and exceptions are logged while other types of telemetry remain subject to sampling.
 
-# [v1.x](#tab/v1)
+### [v1.x](#tab/v1)
 
 ```json
 {
@@ -288,11 +288,21 @@ For a function app to send data to Application Insights, it needs to connect to
 | Setting name | Description |
 | ---- | ---- |
 | **[`APPLICATIONINSIGHTS_CONNECTION_STRING`](functions-app-settings.md#applicationinsights_connection_string)** | This setting is recommended and is required when your Application Insights instance runs in a sovereign cloud. The connection string supports other [new capabilities](../azure-monitor/app/migrate-from-instrumentation-keys-to-connection-strings.md#new-capabilities).   |
-| **[`APPLICATIONINSIGHTS_AUTHENTICATION_STRING`](./functions-app-settings.md#applicationinsights_authentication_string)** | Connects to Application Insights using Microsoft Entra authentication. The value contains the client ID of either a system-assigned or a user-assigned managed identity that is authorized to publish telemetry to your Application Insights workspace. The string has a format of `ClientId=<YOUR_CLIENT_ID>;Authorization=AAD`. For more information, see [Microsoft Entra authentication for Application Insights](../azure-monitor/app/azure-ad-authentication.md).|
 | **[`APPINSIGHTS_INSTRUMENTATIONKEY`](functions-app-settings.md#appinsights_instrumentationkey)** | Legacy setting, which Application Insights has deprecated in favor of the connection string setting. |
 
 When you create your function app in the [Azure portal](./functions-get-started.md) from the command line by using [Azure Functions Core Tools](./create-first-function-cli-csharp.md) or [Visual Studio Code](./create-first-function-vs-code-csharp.md), Application Insights integration is enabled by default. The Application Insights resource has the same name as your function app, and is created either in the same region or in the nearest region.
 
+### Require Microsoft Entra authentication 
+
+You can use the [`APPLICATIONINSIGHTS_AUTHENTICATION_STRING`](./functions-app-settings.md#applicationinsights_authentication_string) setting to enable connections to Application Insights using Microsoft Entra authentication. This creates a consistent authentication experience across all Application Insights pipelines, including Profiler and Snapshot Debugger, as well as from the Functions host and language-specific agents.  
+
+>[!NOTE]  
+>There's no Entra authentication support for local development.
+
+The value contains either `Authorization=AAD` for a system-assigned managed identity or `ClientId=<YOUR_CLIENT_ID>;Authorization=AAD` for a user-assigned managed identity. The managed identity must already be available to the function app, with an assigned role equivalent to [Monitoring Metrics Publisher](/azure/role-based-access-control/built-in-roles/monitor#monitoring-metrics-publisher). For more information, see [Microsoft Entra authentication for Application Insights](../azure-monitor/app/azure-ad-authentication.md).
+
+The [`APPLICATIONINSIGHTS_CONNECTION_STRING`](functions-app-settings.md#applicationinsights_connection_string) setting is still required.
+
 [!INCLUDE [functions-app-insights-disable-local-note](../../includes/functions-app-insights-disable-local-note.md)]
 
 ### New function app in the portal

articles/azure-functions/functions-app-settings.md

@@ -58,11 +58,16 @@ Don't use both `APPINSIGHTS_INSTRUMENTATIONKEY` and `APPLICATIONINSIGHTS_CONNECT
 
 ## APPLICATIONINSIGHTS_AUTHENTICATION_STRING
 
-The connection string for Application Insights by using Microsoft Entra authentication. Use this setting when you must connect to your Application Insights workspace by using Microsoft Entra authentication. The string contains the client ID of either a system-assigned or a user-assigned managed identity that is authorized to publish telemetry to your Application Insights workspace. For more information, see [Microsoft Entra authentication for Application Insights](../azure-monitor/app/azure-ad-authentication.md).
+Enables access to Application Insights by using Microsoft Entra authentication. Use this setting when you must connect to your Application Insights workspace by using Microsoft Entra authentication. For more information, see [Microsoft Entra authentication for Application Insights](../azure-monitor/app/azure-ad-authentication.md).
 
-|Key|Sample value|
-|---|------------|
-|APPLICATIONINSIGHTS_AUTHENTICATION_STRING|`ClientId=<YOUR_CLIENT_ID>;Authorization=AAD`|
+When you use `APPLICATIONINSIGHTS_AUTHENTICATION_STRING`, the specific value that you set depends on the type of managed identity:
+
+| Managed identity | Setting value |
+| ----- | ----- |
+| System-assigned | `Authorization=AAD` |  
+| User-assigned | `Authorization=AAD;ClientId=<USER_ASSIGNED_CLIENT_ID>` |
+
+This authentication requirement is applied to connections from the Functions host, snapshot debugger, profiler, and any language-specific agents. To use this setting, the managed identity must already be available to the function app, with an assigned role equivalent to [Monitoring Metrics Publisher](/azure/role-based-access-control/built-in-roles/monitor#monitoring-metrics-publisher). 
 
 [!INCLUDE [functions-app-insights-disable-local-note](../../includes/functions-app-insights-disable-local-note.md)]
 
@@ -79,7 +84,7 @@ For more information, see [Connection strings](../azure-monitor/app/sdk-connecti
 |---|------------|
 |APPLICATIONINSIGHTS_CONNECTION_STRING|`InstrumentationKey=...`|
 
-To connect to Application Insights with Microsoft Entra authentication, you should instead use [`APPLICATIONINSIGHTS_AUTHENTICATION_STRING`](#applicationinsights_authentication_string).
+To connect to Application Insights with Microsoft Entra authentication, you should use [`APPLICATIONINSIGHTS_AUTHENTICATION_STRING`](#applicationinsights_authentication_string).
 
 ## AZURE_FUNCTION_PROXY_DISABLE_LOCAL_CALL
 

articles/azure-functions/functions-bindings-register.md

@@ -18,7 +18,7 @@ The following table indicates when and how you register bindings.
 |Azure portal|Automatic|Automatic<sup>*</sup>|
 |Non-.NET languages|Automatic|Use [extension bundles](#extension-bundles) (recommended) or [explicitly install extensions](#explicitly-install-extensions)|
 |C# class library using Visual Studio|[Use NuGet tools](functions-develop-vs.md#add-bindings)|[Use NuGet tools](functions-develop-vs.md#add-bindings)|
-|C# class library using Visual Studio Code|N/A|[Use .NET Core CLI](functions-develop-vs-code.md?tabs=csharp#install-binding-extensions)|
+|C# class library using Visual Studio Code|N/A|[Use .NET Core CLI](functions-develop-vs-code.md?tabs=csharp#install-binding-extensions)<br/>[Use the C# Dev Kit](https://code.visualstudio.com/docs/csharp/package-management#_add-a-package)|
 
 <sup>*</sup> Portal uses extension bundles, including C# script.
 

articles/azure-functions/functions-continuous-deployment.md

@@ -70,7 +70,7 @@ GitHub Actions is the default build provider for GitHub projects. GitHub Actions
 
 ### [App Service (Kudu) service](#tab/app-service)
 
-The App Service platform maintains a native deployment service ([Project Kudu](https://github.com/projectkudu/kudu/wiki)) to support local Git deployment, some container deployments, and other deployment sources not supported by either Pipelines or GitHub Actions. Remote builds, packaging, and other maintainence tasks are performed in a subdomain of `scm.azurewebsites.net` dedicated to your app, such as `https://myfunctionapp.scm.azurewebsites.net`. This build service can only be used when the `scm` site can be accessed by your deployment. Many publishing tools require basic authentication to connect to the `scm` endpoint, which means you can't use managed identities. 
+The App Service platform maintains a native deployment service ([Project Kudu](https://github.com/projectkudu/kudu/wiki)) to support local Git deployment, some container deployments, and other deployment sources not supported by either Pipelines or GitHub Actions. Remote builds, packaging, and other maintainence tasks are performed in a subdomain of `scm.azurewebsites.net` dedicated to your app, such as `https://myfunctionapp.scm.azurewebsites.net`. This build service can only be used when the `scm` site can be accessed by your deployment. While you can use identities to connect to the `scm` endpoint, many publishing tools instead require basic authentication to connect to the `scm` endpoint. 
 
 This build provider is used when you deploy your code project by using Visual Studio, Visual Studio Code, or Azure Functions Core Tools. If you haven't already deployed code to your function app by using one of these tools, you might need to [Enable basic authentication for deployments](#enable-basic-authentication-for-deployments) to use the `scm` site.  
 

articles/azure-functions/functions-develop-vs-code.md

@@ -546,6 +546,9 @@ Replace `<BINDING_TYPE_NAME>` with the name of the package that contains the bin
 
 Replace `<TARGET_VERSION>` in the example with a specific version of the package, such as `3.0.0-beta5`. Valid versions are listed on the individual package pages at [NuGet.org](https://nuget.org). The major versions that correspond to the current  Functions runtime are specified in the reference article for the binding.
 
+>[!TIP]  
+>You can also use the **NuGet** commands in [the C# Dev Kit](https://code.visualstudio.com/docs/csharp/package-management#_add-a-package) to install binding extension packages.
+
 C# script uses [extension bundles](functions-bindings-register.md#extension-bundles).
 
 ::: zone-end