removing preview tag for identity-based host storage

Author: mattchenderson

articles/azure-functions/functions-identity-based-connections-tutorial.md

@@ -256,7 +256,7 @@ Whenever your app would need to add a reference to a secret, you would just need
 > [!TIP]
 > The [Application Insights connection string](../azure-monitor/app/sdk-connection-string.md) and its included instrumentation key are not considered secrets and can be retrieved from App Insights using [Reader](../role-based-access-control/built-in-roles.md#reader) permissions. You do not need to move them into Key Vault, although you certainly can.
 
-## Use managed identity for AzureWebJobsStorage (Preview)
+## Use managed identity for AzureWebJobsStorage
 
 Next you will use the system-assigned identity you configured in the previous steps for the `AzureWebJobsStorage` connection. `AzureWebJobsStorage` is used by the Functions runtime and by several triggers and bindings to coordinate between multiple running instances. It is required for your function app to operate, and like Azure Files, it is configured with a connection string by default when you create a new function app.
 
@@ -294,7 +294,7 @@ Similar to the steps you took before with the user-assigned identity and your ke
 Next you will update your function app to use its system-assigned identity when it uses the blob service for host storage.
 
 > [!IMPORTANT]
-> The `AzureWebJobsStorage` configuration is used by some triggers and bindings, and those extensions must be able to use identity-based connections, too. Apps that use blob triggers or event hub triggers may need to update those extensions. Because no functions have been defined for this app, there isn't a concern yet. To learn more about this requirement, see [Connecting to host storage with an identity (Preview)](./functions-reference.md#connecting-to-host-storage-with-an-identity-preview).
+> The `AzureWebJobsStorage` configuration is used by some triggers and bindings, and those extensions must be able to use identity-based connections, too. Apps that use blob triggers or event hub triggers may need to update those extensions. Because no functions have been defined for this app, there isn't a concern yet. To learn more about this requirement, see [Connecting to host storage with an identity](./functions-reference.md#connecting-to-host-storage-with-an-identity).
 >
 > Similarly, `AzureWebJobsStorage` is used for deployment artifacts when using server-side build in Linux Consumption. When you enable identity-based connections for `AzureWebJobsStorage` in Linux Consumption, you will need to deploy via [an external deployment package](run-functions-from-deployment-package.md).
 

articles/azure-functions/functions-reference.md

@@ -34,7 +34,7 @@ The function.json file defines the function's trigger, bindings, and other confi
 
 For more information, see [Azure Functions triggers and bindings concepts](functions-triggers-bindings.md).
 
-The `bindings` property is where you configure both triggers and bindings. Each binding shares a few common settings and some settings which are specific to a particular type of binding. Every binding requires the following settings:
+The `bindings` property is where you configure both triggers and bindings. Each binding shares a few common settings and some settings, which are specific to a particular type of binding. Every binding requires the following settings:
 
 | Property    | Values | Type | Comments|
 |---|---|---|---|
@@ -112,7 +112,7 @@ For example, the `connection` property for an Azure Blob trigger definition migh
 
 Some connections in Azure Functions can be configured to use an identity instead of a secret. Support depends on the extension using the connection. In some cases, a connection string may still be required in Functions even though the service to which you are connecting supports identity-based connections. For a tutorial on configuring your function apps with managed identities, see the [creating a function app with identity-based connections tutorial](./functions-identity-based-connections-tutorial.md).
 
-Identity-based connections are supported by the following components:
+The following components support identity-based connections:
 
 | Connection source                                       | Plans supported | Learn more                                                                                                         |
 |---------------------------------------------------------|-----------------|--------------------------------------------------------------------------------------------------------------------|
@@ -124,7 +124,7 @@ Identity-based connections are supported by the following components:
 | Azure Cosmos DB triggers and bindings         | All | [Azure Cosmos DB extension version 4.0.0 or later][cosmosv4],<br/> [Extension bundle 4.0.2 or later][cosmosv4]|
 | Azure SignalR triggers and bindings           | All | [Azure SignalR extension version 1.7.0 or later][signalr] <br/>[Extension bundle 3.6.1 or later][signalr] |
 | Durable Functions storage provider (Azure Storage) | All | [Durable Functions extension version 2.7.0 or later][durable-identity],<br/>[Extension bundle 3.3.0 or later][durable-identity] |
-| Host-required storage ("AzureWebJobsStorage") - Preview | All             | [Connecting to host storage with an identity](#connecting-to-host-storage-with-an-identity-preview)                        |
+| Host-required storage ("AzureWebJobsStorage") | All             | [Connecting to host storage with an identity](#connecting-to-host-storage-with-an-identity)                        |
 
 [blobv5]: ./functions-bindings-storage-blob.md#install-extension
 [queuev5]: ./functions-bindings-storage-queue.md#storage-extension-5x-and-higher
@@ -164,13 +164,14 @@ Choose a tab below to learn about permissions for each component:
 [!INCLUDE [functions-cosmos-permissions](../../includes/functions-cosmos-permissions.md)]
 
 # [Azure SignalR extension](#tab/signalr)
-You'll need to create a role assignment that provides access to Azure SignalR Service data plane REST APIs. We recommend you to use the built-in role [SignalR Service Owner](../role-based-access-control/built-in-roles.md#signalr-service-owner). Management roles like [Owner](../role-based-access-control/built-in-roles.md#owner) aren't sufficient.
+
+You need to create a role assignment that provides access to Azure SignalR Service data plane REST APIs. We recommend you to use the built-in role [SignalR Service Owner](../role-based-access-control/built-in-roles.md#signalr-service-owner). Management roles like [Owner](../role-based-access-control/built-in-roles.md#owner) aren't sufficient.
 
 # [Durable Functions storage provider](#tab/durable)
 
 [!INCLUDE [functions-durable-permissions](../../includes/functions-durable-permissions.md)]
 
-# [Functions host storage (preview)](#tab/azurewebjobsstorage)
+# [Functions host storage](#tab/azurewebjobsstorage)
 
 [!INCLUDE [functions-azurewebjobsstorage-permissions](../../includes/functions-azurewebjobsstorage-permissions.md)]
 
@@ -182,17 +183,17 @@ An identity-based connection for an Azure service accepts the following common p
 
 | Property    |  Environment variable template | Description |
 |---|---|---|---|
-| Token Credential |  `<CONNECTION_NAME_PREFIX>__credential` | Defines how a token should be obtained for the connection. Recommended only when specifying a user-assigned identity, when it should be set to "managedidentity". This is only valid when hosted in the Azure Functions service. |
-| Client ID | `<CONNECTION_NAME_PREFIX>__clientId` | When `credential` is set to "managedidentity", this property specifies the user-assigned identity to be used when obtaining a token. The property accepts a client ID corresponding to a user-assigned identity assigned to the application. If not specified, the system-assigned identity will be used. This property is used differently in [local development scenarios](#local-development-with-identity-based-connections), when `credential` should not be set. |
+| Token Credential |  `<CONNECTION_NAME_PREFIX>__credential` | Defines how a token should be obtained for the connection. This setting is recommended only when specifying a user-assigned identity, when it should be set to "managedidentity". This value is only valid when hosted in the Azure Functions service. |
+| Client ID | `<CONNECTION_NAME_PREFIX>__clientId` | When `credential` is set to "managedidentity", this property specifies the user-assigned identity to be used when obtaining a token. The property accepts a client ID corresponding to a user-assigned identity assigned to the application. If not specified, the system-assigned identity is used. This property is used differently in [local development scenarios](#local-development-with-identity-based-connections), when `credential` should not be set. |
 
-Additional options may be supported for a given connection type. Please refer to the documentation for the component making the connection.
+Additional options may be supported for a given connection type. Refer to the documentation for the component making the connection.
 
 ##### Local development with identity-based connections
 
 > [!NOTE]
 > Local development with identity-based connections requires updated versions of the [Azure Functions Core Tools](./functions-run-local.md). You can check your currently installed version by running `func -v`. For Functions v3, use version `3.0.3904` or later. For Functions v4, use version `4.0.3904` or later.
 
-When running locally, the above configuration tells the runtime to use your local developer identity. The connection will attempt to get a token from the following locations, in order:
+When you are running your function project locally, the above configuration tells the runtime to use your local developer identity. The connection attempts to get a token from the following locations, in order:
 
 - A local cache shared between Microsoft applications
 - The current user context in Visual Studio
@@ -226,7 +227,7 @@ Here is an example of `local.settings.json` properties required for identity-bas
 }
 ```
 
-#### Connecting to host storage with an identity (Preview)
+#### Connecting to host storage with an identity
 
 The Azure Functions host uses the "AzureWebJobsStorage" connection for core behaviors such as coordinating singleton execution of timer triggers and default app key storage. This can be configured to leverage an identity as well.
 

articles/azure-functions/storage-considerations.md

@@ -52,7 +52,7 @@ The storage account must be accessible to the function app. If you need to use a
 
 ### Storage account connection setting
 
-By default, Functions clients will configure the AzureWebJobsStorage connection as a connection string stored in the [AzureWebJobsStorage application setting](./functions-app-settings.md#azurewebjobsstorage), but you can also [configure AzureWebJobsStorage to use an identity-based connection](functions-reference.md#connecting-to-host-storage-with-an-identity-preview) without a secret.
+By default, Functions clients will configure the AzureWebJobsStorage connection as a connection string stored in the [AzureWebJobsStorage application setting](./functions-app-settings.md#azurewebjobsstorage), but you can also [configure AzureWebJobsStorage to use an identity-based connection](functions-reference.md#connecting-to-host-storage-with-an-identity) without a secret.
 
 Function apps are configured to use Azure Files by storing a connection string in the [WEBSITE_CONTENTAZUREFILECONNECTIONSTRING application setting](./functions-app-settings.md#website_contentazurefileconnectionstring) and providing the name of the file share in the [WEBSITE_CONTENTSHARE application setting](./functions-app-settings.md#website_contentshare).
 

includes/functions-blob-permissions.md

@@ -6,17 +6,17 @@ ms.date: 10/08/2021
 ms.author: mahender
 ---
 
-You will need to create a role assignment that provides access to your blob container at runtime. Management roles like [Owner](../articles/role-based-access-control/built-in-roles.md#owner) are not sufficient. The following table shows built-in roles that are recommended when using the Blob Storage extension in normal operation. Your application may require additional permissions based on the code you write.
+You need to create a role assignment that provides access to your blob container at runtime. Management roles like [Owner](../articles/role-based-access-control/built-in-roles.md#owner) aren't sufficient. The following table shows built-in roles that are recommended when using the Blob Storage extension in normal operation. Your application may require further permissions based on the code you write.
 
 | Binding type   | Example built-in roles                |
 |----------------|---------------------------------------|
-| Trigger        | [Storage Blob Data Owner] **and** [Storage Queue Data Contributor]<sup>1</sup><br/><br/>Additional permissions must also be granted to the AzureWebJobsStorage connection.<sup>2</sup> |
+| Trigger        | [Storage Blob Data Owner] **and** [Storage Queue Data Contributor]<sup>1</sup><br/><br/>Extra permissions must also be granted to the AzureWebJobsStorage connection.<sup>2</sup> |
 | Input binding  | [Storage Blob Data Reader]            |
 | Output binding | [Storage Blob Data Owner]             |
 
 <sup>1</sup> The blob trigger handles failure across multiple retries by writing [poison blobs] to a queue on the storage account specified by the connection.
 
-<sup>2</sup> The AzureWebJobsStorage connection is used internally for blobs and queues that enable the trigger. If it is configured to use an identity-based connection, it will need additional permissions beyond the default requirement. These are covered by the [Storage Blob Data Owner], [Storage Queue Data Contributor], and [Storage Account Contributor] roles. To learn more, see [Connecting to host storage with an identity][webjobs-permissions].
+<sup>2</sup> The AzureWebJobsStorage connection is used internally for blobs and queues that enable the trigger. If it's configured to use an identity-based connection, it needs extra permissions beyond the default requirement. The required permissions are covered by the [Storage Blob Data Owner], [Storage Queue Data Contributor], and [Storage Account Contributor] roles. To learn more, see [Connecting to host storage with an identity][webjobs-permissions].
 
 [Storage Blob Data Reader]: ../articles/role-based-access-control/built-in-roles.md#storage-blob-data-reader
 [Storage Blob Data Owner]: ../articles/role-based-access-control/built-in-roles.md#storage-blob-data-owner
@@ -25,4 +25,4 @@ You will need to create a role assignment that provides access to your blob cont
 [poison blobs]: ../articles/azure-functions/functions-bindings-storage-blob-trigger.md#poison-blobs
 
 [Storage Account Contributor]: ../articles/role-based-access-control/built-in-roles.md#storage-account-contributor
-[webjobs-permissions]: ../articles/azure-functions/functions-reference.md#connecting-to-host-storage-with-an-identity-preview
+[webjobs-permissions]: ../articles/azure-functions/functions-reference.md#connecting-to-host-storage-with-an-identity

includes/functions-durable-permissions.md

@@ -12,7 +12,7 @@ You'll need to create a role assignment that provides access to Azure storage at
 - [Storage Queue Data Contributor]
 - [Storage Table Data Contributor]
 
-Your application may require more permissions based on the code you write. If you're using the default behavior or explicitly setting `connectionName` to "AzureWebJobsStorage", see [Connecting to host storage with an identity](../articles/azure-functions/functions-reference.md#connecting-to-host-storage-with-an-identity-preview) for other permission considerations.
+Your application may require more permissions based on the code you write. If you're using the default behavior or explicitly setting `connectionName` to "AzureWebJobsStorage", see [Connecting to host storage with an identity](../articles/azure-functions/functions-reference.md#connecting-to-host-storage-with-an-identity) for other permission considerations.
 
 [Storage Blob Data Contributor]: ../articles/role-based-access-control/built-in-roles.md#storage-blob-data-contributor
 [Storage Queue Data Contributor]: ../articles/role-based-access-control/built-in-roles.md#storage-queue-data-contributor