Merge pull request #220276 from ggailey777/public-sync

LJSpiller · web-flow · commit e897045db84b · 2022-12-02T18:20:11.000-05:00
Add master key caution note as shared include
diff --git a/articles/azure-functions/disable-function.md b/articles/azure-functions/disable-function.md
@@ -10,7 +10,7 @@ ms.custom: "devx-track-csharp, devx-track-azurepowershell"
 
 This article explains how to disable a function in Azure Functions. To *disable* a function means to make the runtime ignore the automatic trigger that's defined for the function. This lets you prevent a specific function from running without stopping the entire function app.
 
-The recommended way to disable a function is with an app setting in the format `AzureWebJobs.<FUNCTION_NAME>.Disabled` set to `true`. You can create and modify this application setting in a number of ways, including by using the [Azure CLI](/cli/azure/) and from your function's **Overview** tab in the [Azure portal](https://portal.azure.com). 
+The recommended way to disable a function is with an app setting in the format `AzureWebJobs.<FUNCTION_NAME>.Disabled` set to `true`. You can create and modify this application setting in several ways, including by using the [Azure CLI](/cli/azure/) and from your function's **Overview** tab in the [Azure portal](https://portal.azure.com). 
 
 ## Disable a function
 
@@ -97,6 +97,8 @@ To learn more, see [Azure Functions Deployment slots](functions-deployment-slots
 
 You can still cause a disabled function to run by supplying the [master key](functions-bindings-http-webhook-trigger.md#master-key-admin-level) in a REST request to the endpoint URL of the disabled function. In this way, you can develop and validate functions in Azure in a disabled state while preventing them from being accessed by others. Using any other type of key in the request returns an HTTP 404 response. 
 
+[!INCLUDE [functions-master-key-caution](../../includes/functions-master-key-caution.md)]
+
 To learn more about the master key, see [Obtaining keys](functions-bindings-http-webhook-trigger.md#obtaining-keys). To learn more about calling non-HTTP triggered functions, see [Manually run a non HTTP-triggered function](functions-manually-run-non-http.md).
 
 ## local.settings.json
@@ -167,7 +169,7 @@ or
     "disabled": "IS_DISABLED"
 ```
 
-In the second example, the function is disabled when there is an app setting that is named IS_DISABLED and is set to `true` or 1.
+In the second example, the function is disabled when there's an app setting that is named IS_DISABLED and is set to `true` or 1.
 
 >[!IMPORTANT]  
 >The portal uses application settings to disable v1.x functions. When an application setting conflicts with the function.json file, an error can occur. You should remove the `disabled` property from the function.json file to prevent errors. 
diff --git a/includes/functions-authorization-keys.md b/includes/functions-authorization-keys.md
@@ -7,23 +7,22 @@ ms.author: glenga
 ---
 Functions lets you use keys to make it harder to access your HTTP function endpoints during development. Unless the HTTP access level on an HTTP triggered function is set to `anonymous`, requests must include an API access key in the request. 
 
-While keys provide a default security mechanism, you may want to consider additional options to secure an HTTP endpoint in production. For example, it's generally not a good practice to distribute shared secret in public apps. If your function is being called from a public client, you may want to consider implementing another security mechanism. To learn more, see [Secure an HTTP endpoint in production](../articles/azure-functions/functions-bindings-http-webhook-trigger.md#secure-an-http-endpoint-in-production).
+While keys provide a default security mechanism, you may want to consider other options to secure an HTTP endpoint in production. For example, it's not a good practice to distribute shared secret in public apps. If your function is being called from a public client, you may want to consider implementing another security mechanism. To learn more, see [Secure an HTTP endpoint in production](../articles/azure-functions/functions-bindings-http-webhook-trigger.md#secure-an-http-endpoint-in-production).
 
 When you renew your function key values, you must manually redistribute the updated key values to all clients that call your function.  
 
 #### Authorization scopes (function-level)
 
 There are two access scopes for function-level keys:
 
-* **Function**: These keys apply only to the specific functions under which they are defined. When used as an API key, these only allow access to that function.
+* **Function**: These keys apply only to the specific functions under which they're defined. When used as an API key, these only allow access to that function.
 
 * **Host**: Keys with a host scope can be used to access all functions within the function app. When used as an API key, these allow access to any function within the function app. 
 
-Each key is named for reference, and there is a default key (named "default") at the function and host level. Function keys take precedence over host keys. When two keys are defined with the same name, the function key is always used.
+Each key is named for reference, and there's a default key (named "default") at the function and host level. Function keys take precedence over host keys. When two keys are defined with the same name, the function key is always used.
 
 #### Master key (admin-level) 
 
-Each function app also has an admin-level host key named `_master`. In addition to providing host-level access to all functions in the app, the master key also provides administrative access to the runtime REST APIs. This key cannot be revoked. When you set an access level of `admin`, requests must use the master key; any other key results in access failure.
+Each function app also has an admin-level host key named `_master`. In addition to providing host-level access to all functions in the app, the master key also provides administrative access to the runtime REST APIs. This key can't be revoked. When you set an access level of `admin`, requests must use the master key; any other key results in access failure.
 
-> [!CAUTION]  
-> Due to the elevated permissions in your function app granted by the master key, you should not share this key with third parties or distribute it in native client applications. Use caution when choosing the admin access level.
+[!INCLUDE [functions-master-key-caution](functions-master-key-caution.md)]
diff --git a/includes/functions-master-key-caution.md b/includes/functions-master-key-caution.md
@@ -0,0 +1,10 @@
+---
+author: ggailey777
+ms.service: azure-functions
+ms.topic: include
+ms.date: 12/02/2022
+ms.author: glenga
+---
+
+> [!CAUTION]  
+> Due to the elevated permissions in your function app granted by the master key, you shouldn't share this key with third parties or distribute it in native client applications. Use caution when choosing the admin access level.
