MicrosoftDocs
diff --git a/‎articles/azure-fluid-relay/how-tos/azure-function-token-provider.md
Lines changed: 99 additions & 0 deletions b/‎articles/azure-fluid-relay/how-tos/azure-function-token-provider.md
Lines changed: 99 additions & 0 deletions
diff --git a/‎articles/azure-monitor/essentials/azure-monitor-workspace-manage.md
Lines changed: 3 additions & 0 deletions b/‎articles/azure-monitor/essentials/azure-monitor-workspace-manage.md
Lines changed: 3 additions & 0 deletions
@@ -34,6 +34,8 @@ Using [Azure Functions](../../azure-functions/functions-overview.md) is a fast w
 
 This example demonstrates how to create your own **HTTPTrigger Azure Function** that fetches the token by passing in your tenant key.
 
+# [TypeScript](#tab/typescript)
+
 ```typescript
 import { AzureFunction, Context, HttpRequest } from "@azure/functions";
 import { ScopeType } from "@fluidframework/azure-client";
@@ -88,6 +90,103 @@ export default httpTrigger;
 
 The `generateToken` function, found in the `@fluidframework/azure-service-utils` package, generates a token for the given user that is signed using the tenant's secret key. This method enables the token to be returned to the client without exposing the secret. Instead, the token is generated server-side using the secret to provide scoped access to the given document. The example ITokenProvider below makes HTTP requests to this Azure Function to retrieve the tokens.
 
+# [C#](#tab/csharp)
+
+```cs
+using System;
+using System.IO;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Azure.WebJobs;
+using Microsoft.Azure.WebJobs.Extensions.Http;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Linq;
+using System.Text;
+
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+
+namespace dotnet_tokenprovider_functionsapp
+{
+    public static class AzureFunction
+    {
+        // NOTE: retrieve the key from a secure location.
+        private static readonly string key = "myTenantKey";
+
+        [FunctionName("AzureFunction")]
+        public static async Task<IActionResult> Run(
+            [HttpTrigger(AuthorizationLevel.Function, "get", Route = null)] HttpRequest req, ILogger log)
+        {
+            string content = await new StreamReader(req.Body).ReadToEndAsync();
+            JObject body = !string.IsNullOrEmpty(content) ? JObject.Parse(content) : null;
+
+            string tenantId = (req.Query["tenantId"].ToString() ?? body["tenantId"]?.ToString()) as string;
+            string documentId = (req.Query["documentId"].ToString() ?? body["documentId"]?.ToString() ?? null) as string;
+            string userId = (req.Query["userId"].ToString() ?? body["userId"]?.ToString()) as string;
+            string userName = (req.Query["userName"].ToString() ?? body["userName"]?.ToString()) as string;
+            string[] scopes = (req.Query["scopes"].ToString().Split(",") ?? body["scopes"]?.ToString().Split(",") ?? null) as string[];
+
+            if (string.IsNullOrEmpty(tenantId))
+            {
+                return new BadRequestObjectResult("No tenantId provided in query params");
+            }
+
+            if (string.IsNullOrEmpty(key))
+            {
+                return new NotFoundObjectResult($"No key found for the provided tenantId: ${tenantId}");
+            }
+
+            //  If a user is not specified, the token will not be associated with a user, and a randomly generated mock user will be used instead
+            var user = (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(userId)) ? 
+                new { name = Guid.NewGuid().ToString(), id = Guid.NewGuid().ToString() } :
+                new { name = userName, id = userId };
+
+            // Will generate the token and returned by an ITokenProvider implementation to use with the AzureClient.
+            string token = GenerateToken(
+                tenantId,
+                key,
+                scopes ?? new string[] { "doc:read", "doc:write", "summary:write" },
+                documentId,
+                user
+            );
+
+            return new OkObjectResult(token);
+        }
+
+        private static string GenerateToken(string tenantId, string key, string[] scopes, string? documentId, dynamic user, int lifetime = 3600, string ver = "1.0")
+        {
+            string docId = documentId ?? "";
+            DateTime now = DateTime.Now;
+
+            SigningCredentials credentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)), SecurityAlgorithms.HmacSha256);
+
+            JwtHeader header = new JwtHeader(credentials);
+            JwtPayload payload = new JwtPayload
+            {
+                { "documentId", docId },
+                { "scopes", scopes },
+                { "tenantId", tenantId },
+                { "user", user },
+                { "iat", new DateTimeOffset(now).ToUnixTimeSeconds() },
+                { "exp", new DateTimeOffset(now.AddSeconds(lifetime)).ToUnixTimeSeconds() },
+                { "ver", ver },
+                { "jti", Guid.NewGuid() }
+            };
+
+            JwtSecurityToken token = new JwtSecurityToken(header, payload);
+
+            return new JwtSecurityTokenHandler().WriteToken(token);
+        }
+    }
+}
+```
+
+The `GenerateToken` function is built off of the `@fluidframework/azure-service-utils` npm package, and it generates a token for the given user that is signed using the tenant's secret key. This function enables the token to be returned to the client without exposing the secret. Instead, the token is generated server-side using the secret to provide scoped access to the given document. The example ITokenProvider below makes HTTP requests to this Azure Function to retrieve the tokens.
+
+---
+
 ### Deploy the Azure Function
 
 Azure Functions can be deployed in several ways. For more information, see the **Deploy** section of the [Azure Functions documentation](../../azure-functions/functions-continuous-deployment.md) for more information about deploying Azure Functions.
 
@@ -12,6 +12,9 @@ ms.date: 01/19/2023
 
 This article shows you how to create and delete an Azure Monitor workspace. When you configure Azure Monitor managed service for Prometheus, you can select an existing Azure Monitor workspace or create a new one.
 
+> [!NOTE]
+> When you create an Azure Monitor workspace, by default a data collection rule and a data collection endpoint in the form `<azure-workspace-name>` will automatically be created in a resource group in the form `MA_<azure-workspace-name>_<location>_managed`.
+
 ## Create an Azure Monitor workspace
 ### [Azure portal](#tab/azure-portal)