ROPC for how to configure networking

ggailey777 · ggailey777 · commit 7e607c74cf96 · 2024-12-04T19:01:46.000-08:00
diff --git a/articles/azure-functions/configure-networking-how-to.md b/articles/azure-functions/configure-networking-how-to.md
@@ -3,24 +3,25 @@ title: How to use a secured storage account with Azure Functions
 description: Learn how to use a secured storage account in a virtual network as the default storage account for a function app in Azure Functions.
 ms-service: azure-functions
 ms.topic: how-to
-ms.date: 06/27/2024
+ms.date: 12/04/2024
 ms.custom: template-how-to, build-2024, ignite-2024
 # Customer intent: As a developer, I want to understand how to use a secured storage account in a virtual network as the default storage account for my function app, so that my function app can be secure.
 ---
 
 # How to use a secured storage account with Azure Functions
 
-This article shows you how to connect your function app to a secured storage account. For an in-depth tutorial on how to create your function app with inbound and outbound access restrictions, see the [Integrate with a virtual network](functions-create-vnet.md) tutorial. To learn more about Azure Functions and networking, see [Azure Functions networking options](functions-networking-options.md).
+Azure Functions requires an Azure Storage account when you create a function app instance. This default storage account is used by the Functions runtime to maintain the health of your function app. For more information, see [Storage considerations for Azure Functions](storage-considerations.md). This article shows you how to use a secured storage account as the default storage account. For an in-depth tutorial on how to create your function app with inbound and outbound access restrictions, see the [Integrate with a virtual network](functions-create-vnet.md) tutorial. To learn more about Azure Functions and networking, see [Azure Functions networking options](functions-networking-options.md).
 
 ## Restrict your storage account to a virtual network
 
-When you create a function app, you either create a new storage account or link to an existing one. Currently, only the Azure portal, [ARM template deployments](functions-infrastructure-as-code.md?tabs=json&pivots=premium-plan#secured-deployments), and [Bicep deployments](functions-infrastructure-as-code.md?tabs=bicep&pivots=premium-plan#secured-deployments) support function app creation with an existing secured storage account.
+When you create a function app, you either create a new storage account or link to an existing one. Keep these considerations in mind when working with secured storage account. 
 
-> [!NOTE]  
-> Secured storage accounts are supported for all tiers of the [Dedicated (App Service) plan](./dedicated-plan.md) and the [Elastic Premium plan](./functions-premium-plan.md). They're also supported by the [Flex Consumption plan](./flex-consumption-plan.md).
-> The [Consumption plan](consumption-plan.md) doesn't support virtual networks.
-
-For a list of all restrictions on storage accounts, see [Storage account requirements](storage-considerations.md#storage-account-requirements).
++ To create a function app that uses an existing secured storage account as the default storage account, you must create your app either in the [Azure portal](https://portal.azure.com) or by using [ARM template](functions-infrastructure-as-code.md?tabs=json&pivots=premium-plan#secured-deployments) or [Bicep](functions-infrastructure-as-code.md?tabs=bicep&pivots=premium-plan#secured-deployments) deployments.
++ When using a secured storage account with a dynamic scale plan, you should host your functions in the [Flex Consumption plan](./flex-consumption-plan.md). This plan supports both secured storage accounts and managed identity-based connections to storage, which is the most secure connection option.    
++ All tiers of both the [Dedicated (App Service) plan](./dedicated-plan.md) and the [Elastic Premium plan](./functions-premium-plan.md) also support secure storage accounts. However, there are trade-offs when using managed identities to connect from a Premium plan app. For more information, see <!---<<link here>>--->. 
++ The [Consumption plan](consumption-plan.md) doesn't support virtual networks, so you can't connect to a secured storage account when running in the Consumption plan. To take advantage of serverless function hosting, you should instead recreate your app to run in Flex Consumption plan.
++ This article currently shows you how to create a function app in a Premium plan that connects to a secured storage account using the storage account connection string. To provide the best protection of storage account credentials, you should instead use managed identities when connecting to a storage account. Instead follow the [Quickstart: Create and deploy functions to Azure Functions using the Azure Developer CLI](create-first-function-azure-developer-cli.md) to create a function app in the Flex Consumption plan that connects to a new secured storage account using managed identities. 
++ For a list of all restrictions on storage accounts, see [Storage account requirements](storage-considerations.md#storage-account-requirements).
 
 ## Secure storage during function app creation
 
@@ -59,7 +60,7 @@ Set up a secured storage account for your function app:
 
 1. [Create a second storage account](../storage/common/storage-account-create.md). This storage account is the secured storage account for your function app to use instead of its original unsecured storage account. You can also use an existing storage account not already being used by Functions.
 
-1. Save the connection string for this storage account to use later.
+1. Save the connection string for this storage account to use later. 
 
 1. [Create a file share](../storage/files/storage-how-to-create-file-share.md#create-a-file-share) in the new storage account. For your convenience, you can use the same file share name from your original storage account. Otherwise, if you use a new file share name, you must update your app setting.
 
