MicrosoftDocs
diff --git a/‎articles/azure-functions/durable/durable-functions-mssql-container-apps-hosting.md
Lines changed: 52 additions & 50 deletions b/‎articles/azure-functions/durable/durable-functions-mssql-container-apps-hosting.md
Lines changed: 52 additions & 50 deletions
@@ -10,6 +10,7 @@ ms.date: 05/06/2025
 This article shows how to host a Durable Functions app in Azure Container Apps. While Durable Functions supports several [storage providers](./durable-functions-storage-providers.md) or *backends*, autoscaling of the app is only available when using the Microsoft SQL (MSSQL) backend. If another backends is used, you need to [manually set up scaling](../functions-container-apps-hosting.md#event-driven-scaling) today.
 
 ## Prerequisites 
+
 + [Visual Studio Code](https://code.visualstudio.com/download) installed.
 
 + [.NET 8.0 SDK](https://dotnet.microsoft.com/download).
@@ -25,10 +26,12 @@ This article shows how to host a Durable Functions app in Azure Container Apps.
 + An HTTP test tool that keeps your data secure. For more information, see [HTTP test tools](../functions-develop-local.md#http-test-tools).
 
 ## Create a local Durable Functions project
+
 In Visual Studio Code, [create a .NET isolated Durable Functions project](./quickstart-mssql.md) configured to use the MSSQL backend. Follow the article until the [Test locally](./quickstart-mssql.md#test-locally) section and make sure you can run the app locally before going to the next step. 
 
 ### Add Docker related files
-1. In the project root directory, add a *Dockerfile* with the following content:
+
+1. In the project root directory, add a _Dockerfile_ with the following content:
     ```
     FROM mcr.microsoft.com/dotnet/sdk:8.0 AS installer-env
 
@@ -45,14 +48,14 @@ In Visual Studio Code, [create a .NET isolated Durable Functions project](./quic
 
     COPY --from=installer-env ["/home/site/wwwroot", "/home/site/wwwroot"]
     ```
-
-1. Add a *.dockerignore* file with the following content:
+1. Add a _.dockerignore_ file with the following content:
     ```
     local.settings.json
     ```
 
 ## Build the container image 
-The Dockerfile in the project root describes the minimum required environment to run the function app in a container. You can find the complete list of supported base images for Azure Functions documented as Host images in the prerequisites section or can be found in the [Azure Functions Base by Microsoft | Docker Hub](https://hub.docker.com/_/microsoft-azure-functions-base)
+
+The Dockerfile in the project root describes the minimum required environment to run the function app in a container. The complete list of supported base images for Azure Functions is documented above as Host images in the pre-requisites section or can be found in the [Azure Functions Base by Microsoft | Docker Hub](https://hub.docker.com/_/microsoft-azure-functions-base)
 
 1. Start the Docker daemon. 
 
@@ -74,44 +77,46 @@ The Dockerfile in the project root describes the minimum required environment to
     ```bash
     docker push $dockerId/$imageName:$imageVersion
     ```
-
-Depending on network speed, pushing the image the first time might take a few minutes (pushing subsequent changes is faster). While you're waiting, proceed to the next section to create Azure resources in another terminal.
+Depending on network speed, pushing the image the first time might take a few minutes (pushing subsequent changes is much faster). While you're waiting, proceed to the next section to create Azure resources in another terminal.
 
 ## Create Azure resources
-The following instructions guide you through creating these Azure resources:
+
+The following instructions will guide you through creating these Azure resources:
 - Azure resource group: For convenient cleanup later, all resources are created in this group. 
 - Azure Container App environment: Environment where container app is hosted. 
 - Azure Container App: Image containing the Durable Functions app is deployed to this app. 
 - Azure Storage Account: Required by the function app to store app related data such as application code. 
-- A virtual network: Required when running container apps. 
+- A virtual network: Required by the Azure Container App environment. 
 
-### Initial setup
-1. Log in to your Azure subscription:
-```azurecli
-az login  
-az account set -subscription | -s <subscription_name>
-```
+### Initial set up
 
-1. Run the required commands to setup the Azure Container Apps CLI extension:
-```azurecli
-az upgrade
+1. Login to your Azure subscription:
+    ```azurecli
+    az login  
 
-az extension add --name containerapp --upgrade
+    az account set -subscription | -s <subscription_name>
+    ```
 
-az provider register --namespace Microsoft.App
+1. Run the required commands to set up the Azure Container Apps CLI extension:
+    ```azurecli
+    az upgrade
 
-az provider register --namespace Microsoft.OperationalInsights
-```
+    az extension add --name containerapp --upgrade
+
+    az provider register --namespace Microsoft.App
+
+    az provider register --namespace Microsoft.OperationalInsights
+    ```
+
+### Create container app and related resources
 
-### Create app related resources
 A workload profile determines the amount of compute and memory resources available to the container apps deployed in an environment. Create a Consumption workload profile for scale-to-zero support and pay-per-use. Learn more about [workload profiles](../functions-container-apps-hosting.md#hosting-and-workload-profiles). 
 
 ```azurecli
 location=<REGION>
 resourceGroup=<RESOURCE_GROUP_NAME>
 storage=<STORAGE_NAME>
 containerAppEnv=<CONTAINER_APP_ENVIRONMNET_NAME>
-storageSku=Standard_LRS
 functionApp=<APP_NAME>
 vnet=<VNET_NAME>
 
@@ -161,21 +166,24 @@ https://<APP_NAME>.victoriouswave-3866c33e.<REGION>.azurecontainerapps.io/
 ```
 
 ### Create databases
-You need to create an Azure Storage account for storing app related data:
+
+Create an Azure Storage account as required by the function app:
 
 ```azurecli
-az storage account create --name $storage --location $location --resource-group $resourceGroup --sku $storageSku
+az storage account create --name $storage --location $location --resource-group $resourceGroup --sku Standard_LRS
 ```
 
-Your Durable Functions also needs an Azure SQL Database as its storage backend. This backend is where state information is persisted as your orchestrations run. In the Azure portal, you can [create an Azure SQL database](/azure/azure-sql/database/single-database-create-quickstart). During creation:
-- Enable Azure services and resources to access this server (under **Networking**)
-- Set the value for **Database collation** (under **Additional settings**) to `Latin1_General_100_BIN2_UTF8`.
+Your Durable Functions also needs an Azure SQL Database as its storage backend. This is where state information is persisted as your orchestrations run. In the Azure portal, you can [create an Azure SQL database](/azure/azure-sql/database/single-database-create-quickstart). During creation:
+- Enable Azure services and resources to access this server (under _Networking_)
+- Set the value for _Database collation_ (under _Additional settings_) to `Latin1_General_100_BIN2_UTF8`.
 
 > [!NOTE] 
 > Enabling the **Allow Azure services and resources to access this server** setting isn't a recommended security practice for production scenarios. Real applications should implement more secure approaches, such as stronger firewall restrictions or virtual network configurations.
 
+
 ### Configure identity-based authentication
-Managed identities make your app more secure by eliminating secrets from your app, such as credentials in the connection strings. You can choose between [system-assigned and user-assigned managed identity](/entra/identity/managed-identities-azure-resources/overview). This article demonstrates setting up user-assigned managed identity, which is the recommended option as it isn't tied to the app lifecycle.
+
+Managed identities make your app more secure by eliminating secrets from your app, such as credentials in the connection strings. You can choose between [system-assigned and user-assigned managed identity](/entra/identity/managed-identities-azure-resources/overview). This article demonstrates setting up user-assigned managed identity, which is the recommended option as it is not tied to the app lifecycle.
 
 1. Create identity and assign it to the container app:
     ```azurecli
@@ -187,9 +195,6 @@ Managed identities make your app more secure by eliminating secrets from your ap
     echo "Creating $identity"
     az identity create -g $resourceGroup -n $identity --location "$location"
 
-    # Construct the identity resource ID 
-    resourceId="/subscriptions/$subscription/resourceGroups/$resourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$identity"
-
     # Assign the identity to the container app
     echo "Assigning $identity to app"
     az containerapp identity assign --resource-group $resourceGroup --name $functionApp --user-assigned $identity
@@ -199,7 +204,7 @@ Managed identities make your app more secure by eliminating secrets from your ap
     ```
     # Set the scope of the access
     scope="/subscriptions/$subscription/resourceGroups/$resourceGroup/providers/Microsoft.Storage/storageAccounts/$storage"
-
+    
     # Get the identity's ClientId 
     clientId=$(az identity show --name $identity --resource-group $resourceGroup --query 'clientId' --output tsv)
     
@@ -208,9 +213,12 @@ Managed identities make your app more secure by eliminating secrets from your ap
     az role assignment create --assignee "$clientId" --role "Storage Blob Data Owner" --scope "$scope"
     ```
 
+> [!NOTE]
+> Authenticating to the MSSQL database using managed identity isn't supported when hosting a Durable Functions app in Azure Container Apps. Use connection string for now.
+
 ### Set up app settings
-1. Start by storing the SQL database's connection string as a [secret](../../container-apps/manage-secrets.md) in the container app. Find the connection string by going to the SQL database resource on Azure portal, navigating to the **Settings** tab, then clicking on **Connection strings**:
 
+1. Find the connection string by going to the SQL database resource on Azure portal, navigating to the **Settings** tab, then clicking on **Connection strings**:
     :::image type="content" source="./media/quickstart-mssql/mssql-azure-db-connection-string.png" alt-text="Screenshot showing database connection string.":::
 
     The connection string should have this format: 
@@ -223,14 +231,10 @@ Managed identities make your app more secure by eliminating secrets from your ap
     connStr="Server=tcp:$dbserver.database.windows.net,1433;Initial Catalog=$sqlDB;Persist Security Info=False;User ID=$username;Password=$password;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
     ```
 
-> [!NOTE]
-> Authenticating to the MSSQL database using managed identity isn't yet supported when hosting a Durable Functions app in Azure Container Apps. Only connection string is supported today. 
->
-> If you forget the password from the previous database creation step, you can reset it on the SQL server resource:
-> :::image type="content" source="./media/quickstart-mssql/mssql-azure-reset-pass-2.png" alt-text="Screenshot showing reset password button.":::
-
-1. Store the connection string as a secret:
+    If you forget the password from the previous database creation step, you can reset it on the SQL server resource:
+    :::image type="content" source="./media/quickstart-mssql/mssql-azure-reset-pass-2.png" alt-text="Screenshot showing reset password button.":::
 
+1. Store the SQL database's connection string as a [secret](../../container-apps/manage-secrets.md) called _sqldbconnection_ in the container app:
     ```azurecli
     az containerapp create \
     --resource-group $resourceGroup \
@@ -240,12 +244,12 @@ Managed identities make your app more secure by eliminating secrets from your ap
     --secrets sqldbconnection=$connStr
     ```
 
-1. Add these settings required by the app:
-    - `AzureWebJobsStorage__accountName`: <STORAGE_NAME>
-    - `AzureWebJobsStorage__clientId`: <IDENTITY_CLIENT_ID>
-    - `AzureWebJobsStorage__credential`: <MANAGED_IDENTITY>
-    - `SQLDB_Connection`: <SQLDB_CONNECTION_STRING>
-    - `FUNCTIONS_WORKER_RUNTIME`: <APP_LANGUAGE>
+1. Add these settings to the app:
+    - `AzureWebJobsStorage__accountName`: Azure Storage account name
+    - `AzureWebJobsStorage__clientId`: ClientId of the managed identity
+    - `AzureWebJobsStorage__credential`: Credential type, which is _managedidentity_
+    - `SQLDB_Connection`: Reference the SQL database connection string stored as a secret
+    - `FUNCTIONS_WORKER_RUNTIME`: Programming language of the app
 
     ```azurecli
     az containerapp update \
@@ -267,8 +271,7 @@ Managed identities make your app more secure by eliminating secrets from your ap
 
    The response is the HTTP function's initial result. It lets you know that the Durable Functions orchestration started successfully. It doesn't yet display the end result of the orchestration. The response includes a few useful URLs.
 
-1. Copy the URL value for `statusQueryGetUri`, paste it in your browser's address bar, and execute the request. Alternatively, you can also continue to use the HTTP test tool to issue the `GET` request.
-
+1. Copy the URL value for `statusQueryGetUri`, paste it in your browser's address bar, and execute the request. Alternatively, you can also continue to use the HTTP test tool to issue the GET request.
     The request queries the orchestration instance for the status. You should see that the instance finished and that it includes the outputs or results of the Durable Functions app like in this example:
 
     ```json
@@ -284,7 +287,6 @@ Managed identities make your app more secure by eliminating secrets from your ap
     }
     ```
 
-
 ## Next steps
 
 Learn more about: