MicrosoftDocs
diff --git a/‎articles/iot-central/core/howto-export-to-azure-data-explorer.md
Lines changed: 47 additions & 47 deletions b/‎articles/iot-central/core/howto-export-to-azure-data-explorer.md
Lines changed: 47 additions & 47 deletions
diff --git a/‎articles/iot-central/core/howto-export-to-blob-storage.md
Lines changed: 35 additions & 35 deletions b/‎articles/iot-central/core/howto-export-to-blob-storage.md
Lines changed: 35 additions & 35 deletions
@@ -4,7 +4,7 @@ description: Learn how to use the IoT Central data export capability to continuo
 services: iot-central
 author: dominicbetts
 ms.author: dobett
-ms.date: 05/22/2023
+ms.date: 03/05/2024
 ms.topic: how-to
 ms.service: iot-central
 ---
@@ -35,29 +35,42 @@ Azure Data Explorer destinations let you configure the connection with a *servic
 
 ### Create an Azure Data Explorer destination
 
-# [Service principal](#tab/service-principal)
+# [Managed identity](#tab/managed-identity)
 
-If you don't have an existing Azure Data Explorer database to export to, follow these steps:
+This article shows how to create a managed identity using the Azure CLI. You can also use the Azure portal to create a managed identity.
 
-1. You have two choices to create an Azure Data Explorer database:
+If you don't have an existing Azure Data Explorer database to export to, follow these steps. You have two choices to create an Azure Data Explorer database:
 
-    - Create a new Azure Data Explorer cluster and database. To learn more, see the [Azure Data Explorer quickstart](/azure/data-explorer/create-cluster-database-portal). Make a note of the cluster URI and the name of the database you create, you need these values in the following steps.
-    - Create a new Azure Synapse Data Explorer pool and database. To learn more, see the [Azure Data Explorer quickstart](../../synapse-analytics/get-started-analyze-data-explorer.md). Make a note of the pool URI and the name of the database you create, you need these values in the following steps.
+- Create a new Azure Data Explorer cluster and database. To learn more, see the [Azure Data Explorer quickstart](/azure/data-explorer/create-cluster-database-portal). Make a note of the cluster URI and the name of the database you create, you need these values in the following steps.
+- Create a new Azure Synapse Data Explorer pool and database. To learn more, see the [Azure Data Explorer quickstart](../../synapse-analytics/get-started-analyze-data-explorer.md). Make a note of the pool URI and the name of the database you create, you need these values in the following steps.
 
-1. Create a service principal that you can use to connect your IoT Central application to Azure Data Explorer. Use the Azure Cloud Shell to run the following command:
+To configure the managed identity that enables your IoT Central application to securely export data to your Azure resource:
+
+1. Create a managed identity for your IoT Central application to use to connect to your database. Use the Azure Cloud Shell to run the following command:
 
     ```azurecli
-    az ad sp create-for-rbac --skip-assignment --name "My SP for IoT Central" --scopes /subscriptions/<SubscriptionId>
+    az iot central app identity assign --name {your IoT Central app name} \
+        --resource-group {resource group name} \
+        --system-assigned
     ```
 
-    Make a note of the `appId`, `password`, and `tenant` values in the command output, you need them in the following steps.
+    Make a note of the `principalId` and `tenantId` output by the command. You use these values in the following step.
 
-1. To add the service principal to the database, navigate to the Azure Data Explorer portal and run the following query on your database. Replace the placeholders with the values you made a note of previously:
+1. Configure the database permissions to allow connections from your IoT Central application. Use the Azure Cloud Shell to run the following command:
 
-    ```kusto
-    .add database ['<YourDatabaseName>'] admins ('aadapp=<YourAppId>;<YourTenant>');
+    ```azurecli
+    az kusto database-principal-assignment create --cluster-name {name of your cluster} \
+        --database-name {name of your database}    \
+        --resource-group {resource group name} \
+        --principal-assignment-name {name of your IoT Central application} \
+        --principal-id {principal id from the previous step} \
+        --principal-type App --role Admin \
+        --tenant-id {tenant id from the previous step}
     ```
 
+    > [!TIP]
+    > If you're using Azure Synapse, see [`az synapse kusto database-principal-assignment`](/cli/azure/synapse/kusto/database-principal-assignment).
+
 1. Create a table in your database with a suitable schema for the data you're exporting. The following example query creates a table called `smartvitalspatch`. To learn more, see [Transform data inside your IoT Central application for export](howto-transform-data-internally.md):
 
     ```kusto
@@ -90,55 +103,38 @@ To create the Azure Data Explorer destination in IoT Central on the **Data expor
 
 1. Select **Azure Data Explorer** as the destination type.
 
-1. Enter your Azure Data Explorer cluster or pool URL, database name, and table name. The following table shows the service principal values to use for the authorization:
-
-    | Service principal value | Destination configuration |
-    | ----------------------- | ------------------------- |
-    | appId                   | ClientID                  |
-    | tenant                  | Tenant ID                 |
-    | password                | Client secret             |
+1. Enter your Azure Data Explorer cluster or pool URL, database name, and table name. Select **System-assigned managed identity** as the authorization type.
 
     > [!TIP]
     > The cluster URL for a standalone Azure Data Explorer looks like `https://<ClusterName>.<AzureRegion>.kusto.windows.net`. The cluster URL for an Azure Synapse Data Explorer pool looks like `https://<DataExplorerPoolName>.<SynapseWorkspaceName>.kusto.azuresynapse.net`.
 
-    :::image type="content" source="media/howto-export-data/export-destination.png" alt-text="Screenshot of Azure Data Explorer export destination that uses a service principal.":::
+    :::image type="content" source="media/howto-export-data/export-destination-managed.png" alt-text="Screenshot of Azure Data Explorer export destination that uses a managed identity.":::
 
-# [Managed identity](#tab/managed-identity)
+If you don't see data arriving in your destination service, see [Troubleshoot issues with data exports from your Azure IoT Central application](troubleshooting.md).
 
-This article shows how to create a managed identity using the Azure CLI. You can also use the Azure portal to create a managed identity.
+# [Service principal](#tab/service-principal)
 
-If you don't have an existing Azure Data Explorer database to export to, follow these steps. You have two choices to create an Azure Data Explorer database:
+If you don't have an existing Azure Data Explorer database to export to, follow these steps:
 
-- Create a new Azure Data Explorer cluster and database. To learn more, see the [Azure Data Explorer quickstart](/azure/data-explorer/create-cluster-database-portal). Make a note of the cluster URI and the name of the database you create, you need these values in the following steps.
-- Create a new Azure Synapse Data Explorer pool and database. To learn more, see the [Azure Data Explorer quickstart](../../synapse-analytics/get-started-analyze-data-explorer.md). Make a note of the pool URI and the name of the database you create, you need these values in the following steps.
+1. You have two choices to create an Azure Data Explorer database:
 
-To configure the managed identity that enables your IoT Central application to securely export data to your Azure resource:
+    - Create a new Azure Data Explorer cluster and database. To learn more, see the [Azure Data Explorer quickstart](/azure/data-explorer/create-cluster-database-portal). Make a note of the cluster URI and the name of the database you create, you need these values in the following steps.
+    - Create a new Azure Synapse Data Explorer pool and database. To learn more, see the [Azure Data Explorer quickstart](../../synapse-analytics/get-started-analyze-data-explorer.md). Make a note of the pool URI and the name of the database you create, you need these values in the following steps.
 
-1. Create a managed identity for your IoT Central application to use to connect to your database. Use the Azure Cloud Shell to run the following command:
+1. Create a service principal that you can use to connect your IoT Central application to Azure Data Explorer. Use the Azure Cloud Shell to run the following command:
 
     ```azurecli
-    az iot central app identity assign --name {your IoT Central app name} \
-        --resource-group {resource group name} \
-        --system-assigned
+    az ad sp create-for-rbac --skip-assignment --name "My SP for IoT Central" --scopes /subscriptions/<SubscriptionId>
     ```
 
-    Make a note of the `principalId` and `tenantId` output by the command. You use these values in the following step.
+    Make a note of the `appId`, `password`, and `tenant` values in the command output, you need them in the following steps.
 
-1. Configure the database permissions to allow connections from your IoT Central application. Use the Azure Cloud Shell to run the following command:
+1. To add the service principal to the database, navigate to the Azure Data Explorer portal and run the following query on your database. Replace the placeholders with the values you made a note of previously:
 
-    ```azurecli
-    az kusto database-principal-assignment create --cluster-name {name of your cluster} \
-        --database-name {name of your database}    \
-        --resource-group {resource group name} \
-        --principal-assignment-name {name of your IoT Central application} \
-        --principal-id {principal id from the previous step} \
-        --principal-type App --role Admin \
-        --tenant-id {tenant id from the previous step}
+    ```kusto
+    .add database ['<YourDatabaseName>'] admins ('aadapp=<YourAppId>;<YourTenant>');
     ```
 
-    > [!TIP]
-    > If you're using Azure Synapse, see [`az synapse kusto database-principal-assignment`](/cli/azure/synapse/kusto/database-principal-assignment).
-
 1. Create a table in your database with a suitable schema for the data you're exporting. The following example query creates a table called `smartvitalspatch`. To learn more, see [Transform data inside your IoT Central application for export](howto-transform-data-internally.md):
 
     ```kusto
@@ -171,14 +167,18 @@ To create the Azure Data Explorer destination in IoT Central on the **Data expor
 
 1. Select **Azure Data Explorer** as the destination type.
 
-1. Enter your Azure Data Explorer cluster or pool URL, database name, and table name. Select **System-assigned managed identity** as the authorization type.
+1. Enter your Azure Data Explorer cluster or pool URL, database name, and table name. The following table shows the service principal values to use for the authorization:
+
+    | Service principal value | Destination configuration |
+    | ----------------------- | ------------------------- |
+    | appId                   | ClientID                  |
+    | tenant                  | Tenant ID                 |
+    | password                | Client secret             |
 
     > [!TIP]
     > The cluster URL for a standalone Azure Data Explorer looks like `https://<ClusterName>.<AzureRegion>.kusto.windows.net`. The cluster URL for an Azure Synapse Data Explorer pool looks like `https://<DataExplorerPoolName>.<SynapseWorkspaceName>.kusto.azuresynapse.net`.
 
-    :::image type="content" source="media/howto-export-data/export-destination-managed.png" alt-text="Screenshot of Azure Data Explorer export destination that uses a managed identity.":::
-
-If you don't see data arriving in your destination service, see [Troubleshoot issues with data exports from your Azure IoT Central application](troubleshooting.md).
+    :::image type="content" source="media/howto-export-data/export-destination.png" alt-text="Screenshot of Azure Data Explorer export destination that uses a service principal.":::
 
 ---
 
 
@@ -4,7 +4,7 @@ description: Learn how to use the IoT Central data export capability to continuo
 services: iot-central
 author: dominicbetts
 ms.author: dobett
-ms.date: 05/22/2023
+ms.date: 03/05/2024
 ms.topic: how-to
 ms.service: iot-central
 ms.custom: devx-track-azurecli
@@ -38,25 +38,39 @@ Blob Storage destinations let you configure the connection with a *connection st
 
 ### Create an Azure Blob Storage destination
 
-# [Connection string](#tab/connection-string)
+# [Managed identity](#tab/managed-identity)
 
+This article shows how to create a managed identity using the Azure CLI. You can also use the Azure portal to create a manged identity.
 
-If you don't have an existing Azure storage account to export to, run the following script in the Azure Cloud Shell bash environment. The script creates a resource group, Azure Storage account, and blob container. It then prints the connection string to use when you configure the data export in IoT Central:
+If you don't have an existing Azure storage account to export to, run the following script in the Azure Cloud Shell bash environment. The script creates a resource group, Azure Storage account, and blob container. The script then enables the managed identity for your IoT Central application and assigns the role it needs to access your storage account:
 
 ```azurecli-interactive
-# Replace the storage account name with your own unique value
+# Replace the storage account name with your own unique value.
 SA=yourstorageaccount$RANDOM
+
+# Replace the IoT Central app name with the name of your
+# IoT Central application.
+CA=your-iot-central-app
+
 CN=exportdata
 RG=centralexportresources
 LOCATION=eastus
 
 az group create -n $RG --location $LOCATION
-az storage account create --name $SA --resource-group $RG --location $LOCATION --sku Standard_LRS
+SAID=$(az storage account create --name $SA --resource-group $RG --location $LOCATION --sku Standard_LRS --query "id" --output tsv)
 az storage container create --account-name $SA --resource-group $RG --name $CN
 
-CS=$(az storage account show-connection-string --resource-group $RG --name $SA --query "connectionString" --output tsv)
+# This assumes your IoT Central application is in the 
+# default `IOTC` resource group.
+az iot central app identity assign --name $CA --resource-group IOTC --system-assigned
+PI=$(az iot central app identity show --name $CA --resource-group IOTC --query "principalId" --output tsv)
 
-echo "Storage connection string: $CS"
+az role assignment create --assignee $PI --role "Storage Blob Data Contributor" --scope $SAID
+
+az role assignment list --assignee $PI --all -o table
+
+echo "Endpoint URI: https://$SA.blob.core.windows.net/"
+echo "Container: $CN"
 ```
 
 You can learn more about creating new [Azure Blob Storage accounts](../../storage/blobs/storage-quickstart-blobs-portal.md) or [Azure Data Lake Storage v2 storage accounts](../../storage/common/storage-account-create.md). Data export can only write data to storage accounts that support block blobs. The following table shows the known compatible storage account types:
@@ -68,51 +82,41 @@ You can learn more about creating new [Azure Blob Storage accounts](../../storag
 |Standard|Blob storage|
 |Premium|Block Blob storage|
 
+To further secure your blob container and only allow access from trusted services with managed identities, see [Export data to a secure destination on an Azure Virtual Network](howto-connect-secure-vnet.md).
+
 To create the Blob Storage destination in IoT Central on the **Data export** page:
 
 1. Select **+ New destination**.
 
 1. Select **Azure Blob Storage** as the destination type.
 
-1. Select **Connection string** as the authorization type.
+1. Select **System-assigned managed identity** as the authorization type.
 
-1. Paste in the connection string for your Blob Storage resource, and enter the case-sensitive container name if necessary.
+1. Enter the endpoint URI for your storage account and the case-sensitive container name. An endpoint URI looks like: `https://contosowaste.blob.core.windows.net`.
 
 1. Select **Save**.
 
-# [Managed identity](#tab/managed-identity)
+If you don't see data arriving in your destination service, see [Troubleshoot issues with data exports from your Azure IoT Central application](troubleshooting.md).
 
-This article shows how to create a managed identity using the Azure CLI. You can also use the Azure portal to create a manged identity.
+# [Connection string](#tab/connection-string)
 
-If you don't have an existing Azure storage account to export to, run the following script in the Azure Cloud Shell bash environment. The script creates a resource group, Azure Storage account, and blob container. The script then enables the managed identity for your IoT Central application and assigns the role it needs to access your storage account:
+
+If you don't have an existing Azure storage account to export to, run the following script in the Azure Cloud Shell bash environment. The script creates a resource group, Azure Storage account, and blob container. It then prints the connection string to use when you configure the data export in IoT Central:
 
 ```azurecli-interactive
-# Replace the storage account name with your own unique value.
+# Replace the storage account name with your own unique value
 SA=yourstorageaccount$RANDOM
-
-# Replace the IoT Central app name with the name of your
-# IoT Central application.
-CA=your-iot-central-app
-
 CN=exportdata
 RG=centralexportresources
 LOCATION=eastus
 
 az group create -n $RG --location $LOCATION
-SAID=$(az storage account create --name $SA --resource-group $RG --location $LOCATION --sku Standard_LRS --query "id" --output tsv)
+az storage account create --name $SA --resource-group $RG --location $LOCATION --sku Standard_LRS
 az storage container create --account-name $SA --resource-group $RG --name $CN
 
-# This assumes your IoT Central application is in the 
-# default `IOTC` resource group.
-az iot central app identity assign --name $CA --resource-group IOTC --system-assigned
-PI=$(az iot central app identity show --name $CA --resource-group IOTC --query "principalId" --output tsv)
-
-az role assignment create --assignee $PI --role "Storage Blob Data Contributor" --scope $SAID
-
-az role assignment list --assignee $PI --all -o table
+CS=$(az storage account show-connection-string --resource-group $RG --name $SA --query "connectionString" --output tsv)
 
-echo "Endpoint URI: https://$SA.blob.core.windows.net/"
-echo "Container: $CN"
+echo "Storage connection string: $CS"
 ```
 
 You can learn more about creating new [Azure Blob Storage accounts](../../storage/blobs/storage-quickstart-blobs-portal.md) or [Azure Data Lake Storage v2 storage accounts](../../storage/common/storage-account-create.md). Data export can only write data to storage accounts that support block blobs. The following table shows the known compatible storage account types:
@@ -124,22 +128,18 @@ You can learn more about creating new [Azure Blob Storage accounts](../../storag
 |Standard|Blob storage|
 |Premium|Block Blob storage|
 
-To further secure your blob container and only allow access from trusted services with managed identities, see [Export data to a secure destination on an Azure Virtual Network](howto-connect-secure-vnet.md).
-
 To create the Blob Storage destination in IoT Central on the **Data export** page:
 
 1. Select **+ New destination**.
 
 1. Select **Azure Blob Storage** as the destination type.
 
-1. Select **System-assigned managed identity** as the authorization type.
+1. Select **Connection string** as the authorization type.
 
-1. Enter the endpoint URI for your storage account and the case-sensitive container name. An endpoint URI looks like: `https://contosowaste.blob.core.windows.net`.
+1. Paste in the connection string for your Blob Storage resource, and enter the case-sensitive container name if necessary.
 
 1. Select **Save**.
 
-If you don't see data arriving in your destination service, see [Troubleshoot issues with data exports from your Azure IoT Central application](troubleshooting.md).
-
 ---
 
 [!INCLUDE [iot-central-data-export-setup](../../../includes/iot-central-data-export-setup.md)]