shanhix1 · Jul 14, 2021
diff --git a/‎articles/digital-twins/how-to-create-azure-function.md
Lines changed: 4 additions & 143 deletions b/‎articles/digital-twins/how-to-create-azure-function.md
Lines changed: 4 additions & 143 deletions
diff --git a/‎articles/digital-twins/how-to-ingest-iot-hub-data.md
Lines changed: 12 additions & 18 deletions b/‎articles/digital-twins/how-to-ingest-iot-hub-data.md
Lines changed: 12 additions & 18 deletions
diff --git a/‎articles/digital-twins/how-to-ingest-opcua-data.md
Lines changed: 18 additions & 24 deletions b/‎articles/digital-twins/how-to-ingest-opcua-data.md
Lines changed: 18 additions & 24 deletions
diff --git a/‎articles/digital-twins/how-to-integrate-azure-signalr.md
Lines changed: 6 additions & 4 deletions b/‎articles/digital-twins/how-to-integrate-azure-signalr.md
Lines changed: 6 additions & 4 deletions
diff --git a/‎articles/digital-twins/how-to-provision-using-device-provisioning-service.md
Lines changed: 14 additions & 26 deletions b/‎articles/digital-twins/how-to-provision-using-device-provisioning-service.md
Lines changed: 14 additions & 26 deletions
diff --git a/‎articles/digital-twins/media/how-to-provision-using-device-provisioning-service/add-http-trigger-function-visual-studio.png
-17.4 KB b/‎articles/digital-twins/media/how-to-provision-using-device-provisioning-service/add-http-trigger-function-visual-studio.png
-17.4 KB
diff --git a/‎articles/digital-twins/media/how-to-provision-using-device-provisioning-service/create-event-hub-trigger-function.png
-17.9 KB b/‎articles/digital-twins/media/how-to-provision-using-device-provisioning-service/create-event-hub-trigger-function.png
-17.9 KB
diff --git a/‎includes/digital-twins-configure-function-app.md
Lines changed: 135 additions & 0 deletions b/‎includes/digital-twins-configure-function-app.md
Lines changed: 135 additions & 0 deletions
diff --git a/‎includes/digital-twins-publish-and-configure-function-app.md
Lines changed: 0 additions & 13 deletions b/‎includes/digital-twins-publish-and-configure-function-app.md
Lines changed: 0 additions & 13 deletions
diff --git a/‎includes/digital-twins-publish-azure-function.md
Lines changed: 0 additions & 57 deletions b/‎includes/digital-twins-publish-azure-function.md
Lines changed: 0 additions & 57 deletions
@@ -5,7 +5,7 @@ titleSuffix: Azure Digital Twins
 description: See how to create a function in Azure that can access and be triggered by digital twins.
 author: baanders
 ms.author: baanders # Microsoft employees only
-ms.date: 8/27/2020
+ms.date: 7/14/2021
 ms.topic: how-to
 ms.service: digital-twins
 
@@ -35,21 +35,7 @@ This article shows you how to create a function in Azure for use with Azure Digi
 
 ## Create a function app in Visual Studio
 
-In Visual Studio 2019, select **File** > **New** > **Project**. Search for the **Azure Functions** template. Select **Next**.
-
-:::image type="content" source="media/how-to-create-azure-function/create-azure-function-project.png" alt-text="Screenshot of Visual Studio showing the new project dialog. The Azure Functions project template is highlighted.":::
-
-Specify a name for the function app and then select __Create__.
-
-:::image type="content" source="media/how-to-create-azure-function/configure-new-project.png" alt-text="Screenshot of Visual Studio showing the dialog to configure a new project, including project name, location, and the choice to create a new solution.":::
-
-Select the function app type **Event Grid trigger** and then select __Create__.
-
-:::image type="content" source="media/how-to-create-azure-function/event-grid-trigger-function.png" alt-text="Screenshot of Visual Studio showing the dialog to create a new Azure Functions application. The Event Grid trigger option is highlighted.":::
-
-After your function app is created, Visual Studio generates a code sample in a *Function1.cs* file in your project folder. This short function is used to log events.
-
-:::image type="content" source="media/how-to-create-azure-function/visual-studio-sample-code.png" alt-text="Screenshot of Visual Studio. The project window for the new project is shown. Code for a sample function is shown in a file called Function1." lightbox="media/how-to-create-azure-function/visual-studio-sample-code.png":::
+For instructions on how to create a function app using Visual Studio, see [Develop Azure Functions using Visual Studio](../azure-functions/functions-develop-vs.md#publish-to-azure).
 
 ## Write a function that has an Event Grid trigger
 
@@ -94,7 +80,7 @@ Now that your application is written, you can publish it to Azure.
 
 ## Publish the function app to Azure
 
-[!INCLUDE [digital-twins-publish-azure-function.md](../../includes/digital-twins-publish-azure-function.md)]
+For instructions on how to publish a function app, see [Develop Azure Functions using Visual Studio](../azure-functions/functions-develop-vs.md#publish-to-azure).
 
 ### Verify the publication of your function
 
@@ -114,132 +100,7 @@ To access Azure Digital Twins, your function app needs a system-managed identity
 
 ## Set up security access for the function app
 
-You can set up security access for the function app by using either the Azure CLI or the Azure portal. Follow the steps for your preferred option.
-
-# [CLI](#tab/cli)
-
-Run these commands in [Azure Cloud Shell](https://shell.azure.com) or a [local Azure CLI installation](/cli/azure/install-azure-cli).
-You can use the function app's system-managed identity to give it the **Azure Digital Twins Data Owner** role for your Azure Digital Twins instance. The role gives the function app permission in the instance to perform data plane activities. Then make the URL of the instance accessible to your function by setting an environment variable.
-
-### Assign an access role
-
-[!INCLUDE [digital-twins-permissions-required.md](../../includes/digital-twins-permissions-required.md)]
-
-The function skeleton in earlier examples requires a bearer token to be passed to it. If the bearer token isn't passed, the function app can't authenticate with Azure Digital Twins. 
-
-To make sure the bearer token is passed, set up [managed identities](../active-directory/managed-identities-azure-resources/overview.md) permissions so the function app can access Azure Digital Twins. You set up these permissions only once for each function app.
-
-
-1. Use the following command to see the details of the system-managed identity for the function. Take note of the `principalId` field in the output.
-
-    ```azurecli-interactive	
-    az functionapp identity show --resource-group <your-resource-group> --name <your-App-Service-function-app-name>	
-    ```
-
-    >[!NOTE]
-    > If the result is empty instead of showing identity details, create a new system-managed identity for the function by using this command:
-    > 
-    >```azurecli-interactive	
-    >az functionapp identity assign --resource-group <your-resource-group> --name <your-App-Service-function-app-name>	
-    >```
-    >
-    > The output displays details of the identity, including the `principalId` value required for the next step. 
-
-1. Use the `principalId` value in the following command to assign the function app's identity to the _Azure Digital Twins Data Owner_ role for your Azure Digital Twins instance.
-
-    ```azurecli-interactive	
-    az dt role-assignment create --dt-name <your-Azure-Digital-Twins-instance> --assignee "<principal-ID>" --role "Azure Digital Twins Data Owner"
-    ```
-
-### Configure application settings
-
-Make the URL of your instance accessible to your function by setting an environment variable for it. For more information about environment variables, see [Manage your function app](../azure-functions/functions-how-to-use-azure-function-app-settings.md?tabs=portal). 
-
-> [!TIP]
-> The Azure Digital Twins instance's URL is made by adding *https://* to the beginning of your instance's host name. To see the host name, along with all the properties of your instance, run `az dt show --dt-name <your-Azure-Digital-Twins-instance>`.
-
-```azurecli-interactive	
-az functionapp config appsettings set --resource-group <your-resource-group> --name <your-App-Service-function-app-name> --settings "ADT_SERVICE_URL=https://<your-Azure-Digital-Twins-instance-host-name>"
-```
-
-# [Azure portal](#tab/portal)
-
-Complete the following steps in the [Azure portal](https://portal.azure.com/).
-
-### Assign an access role
-
-[!INCLUDE [digital-twins-permissions-required.md](../../includes/digital-twins-permissions-required.md)]
-
-A system-assigned managed identity enables Azure resources to authenticate to cloud services (for example, Azure Key Vault) without storing credentials in code. After you enable system-assigned managed identity, all necessary permissions can be granted through Azure role-based access control. 
-
-The lifecycle of this type of managed identity is tied to the lifecycle of this resource. Additionally, each resource can have only one system-assigned managed identity.
-
-1. In the [Azure portal](https://portal.azure.com/), search for your function app by typing its name in the search box. Select your app from the results. 
-
-    :::image type="content" source="media/how-to-create-azure-function/portal-search-for-function-app.png" alt-text="Screenshot of the Azure portal. The function app's name is in the portal search bar, and the search result is highlighted.":::
-
-1. On the function app page, in the menu on the left, select __Identity__ to work with a managed identity for the function. On the __System assigned__ page, verify that the __Status__ is set to **On**. If it's not, set it now and then **Save** the change.
-
-    :::image type="content" source="media/how-to-create-azure-function/verify-system-managed-identity.png" alt-text="Screenshot of the Azure portal. On the Identity page for the function app, the Status option is set to On." lightbox="media/how-to-create-azure-function/verify-system-managed-identity.png":::
-
-1. Select __Azure role assignments__.
-
-    :::image type="content" source="media/how-to-create-azure-function/add-role-assignment-1.png" alt-text="Screenshot of the Azure portal. On the Azure Function's Identity page, under Permissions, the button Azure role assignments is highlighted." lightbox="media/how-to-create-azure-function/add-role-assignment-1.png":::
-
-    Select __+ Add role assignment (Preview)__.
-
-    :::image type="content" source="media/how-to-create-azure-function/add-role-assignment-2.png" alt-text="Screenshot of the Azure portal. On the Azure role assignments page, the button Add role assignment (Preview) is highlighted." lightbox="media/how-to-create-azure-function/add-role-assignment-2.png":::
-
-1. On the __Add role assignment (Preview)__ page, select the following values:
-
-    * **Scope**: _Resource group_
-    * **Subscription**: Select your Azure subscription.
-    * **Resource group**: Select your resource group.
-    * **Role**: _Azure Digital Twins Data Owner_
-
-    Save the details by selecting __Save__.
-
-    :::image type="content" source="media/how-to-create-azure-function/add-role-assignment-3.png" alt-text="Screenshot of the Azure portal, showing how to add a new role assignment. The dialog shows fields for Scope, Subscription, Resource group, and Role.":::
-
-### Configure application settings
-
-To make the URL of your Azure Digital Twins instance accessible to your function, you can set an environment variable. Application settings are exposed as environment variables to allow access to the Azure Digital Twins instance. For more information about environment variables, see [Manage your function app](../azure-functions/functions-how-to-use-azure-function-app-settings.md?tabs=portal). 
-
-To set an environment variable with the URL of your instance, first find your instance's host name: 
-
-1. Search for your instance in the [Azure portal](https://portal.azure.com). 
-1. In the menu on the left, select __Overview__. 
-1. Copy the __Host name__ value.
-
-    :::image type="content" source="media/how-to-create-azure-function/instance-host-name.png" alt-text="Screenshot of the Azure portal. On the instance's Overview page, the host name value is highlighted.":::
-
-You can now create an application setting:
-
-1. In the portal search bar, search for your function app and then select it from the results.
-
-    :::image type="content" source="media/how-to-create-azure-function/portal-search-for-function-app.png" alt-text="Screenshot of the Azure portal. The function app's name is being searched in the portal search bar. The search result is highlighted.":::
-
-1. On the left, select __Configuration__. Then on the __Application settings__ tab, select __+ New application setting__.
-
-    :::image type="content" source="media/how-to-create-azure-function/application-setting.png" alt-text="Screenshot of the Azure portal. On the Configuration tab for the function app, the button to create a New application setting is highlighted.":::
-
-1. In the window that opens, use the host name value you copied to create an application setting.
-    * **Name**: ADT_SERVICE_URL
-    * **Value**: https://<your-Azure-Digital-Twins-host-name>
-    
-    Select __OK__ to create an application setting.
-    
-    :::image type="content" source="media/how-to-create-azure-function/add-application-setting.png" alt-text="Screenshot of the Azure portal. On the Add/Edit application setting page, the Name and Value fields are filled out. The O K button is highlighted.":::
-
-1. After you create the setting, it should appear on the __Application settings__ tab. Verify that **ADT_SERVICE_URL** appears on the list. Then save the new application setting by selecting __Save__.
-
-    :::image type="content" source="media/how-to-create-azure-function/application-setting-save-details.png" alt-text="Screenshot of the Azure portal. On the application settings tab, the new A D T SERVICE URL setting and the Save button are both highlighted.":::
-
-1. Any changes to the application settings require an application restart, so select __Continue__ to restart your application when prompted.
-
-    :::image type="content" source="media/how-to-create-azure-function/save-application-setting.png" alt-text="Screenshot of the Azure portal. A note states that any changes to application settings will restart your application.":::
-
----
+[!INCLUDE [digital-twins-configure-function-app.md](../../includes/digital-twins-configure-function-app.md)]
 
 ## Next steps
 
 
@@ -81,32 +81,26 @@ When the twin is created successfully, the CLI output from the command should lo
 
 In this section, you'll create an Azure function to access Azure Digital Twins and update twins based on IoT telemetry events that it receives. Follow the steps below to create and publish the function.
 
-#### Step 1: Create a function app project
+1. First, create a new function app project in Visual Studio. For instructions on how to do this, see [Develop Azure Functions using Visual Studio](../azure-functions/functions-develop-vs.md#create-an-azure-functions-project).
 
-First, create a new function app project in Visual Studio. For instructions on how to do this, see the [Create a function app in Visual Studio](how-to-create-azure-function.md#create-a-function-app-in-visual-studio) section of the *How-to: Set up a function for processing data* article.
+2. Add the following packages to your project:
+    * [Azure.DigitalTwins.Core](https://www.nuget.org/packages/Azure.DigitalTwins.Core/)
+    * [Azure.Identity](https://www.nuget.org/packages/Azure.Identity/)
+    * [Microsoft.Azure.WebJobs.Extensions.EventGrid](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions.EventGrid/)
 
-#### Step 2: Fill in function code
+3. Rename the *Function1.cs* sample function that Visual Studio has generated to *IoTHubtoTwins.cs*. Replace the code in the file with the following code:
 
-Add the following packages to your project:
-* [Azure.DigitalTwins.Core](https://www.nuget.org/packages/Azure.DigitalTwins.Core/)
-* [Azure.Identity](https://www.nuget.org/packages/Azure.Identity/)
-* [Microsoft.Azure.WebJobs.Extensions.EventGrid](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions.EventGrid/)
+    :::code language="csharp" source="~/digital-twins-docs-samples/sdks/csharp/IoTHubToTwins.cs":::
 
-Rename the *Function1.cs* sample function that Visual Studio has generated to *IoTHubtoTwins.cs*. Replace the code in the file with the following code:
+    Save your function code.
 
-:::code language="csharp" source="~/digital-twins-docs-samples/sdks/csharp/IoTHubToTwins.cs":::
+4. Publish the project with the *IoTHubtoTwins.cs* function to a function app in Azure. For instructions on how to do this, see [Develop Azure Functions using Visual Studio](../azure-functions/functions-develop-vs.md#publish-to-azure).
 
-Save your function code.
+### Configure the function app
 
-#### Step 3: Publish the function app to Azure
+Next, **assign an access role** for the function and **configure the application settings** so that it can access your Azure Digital Twins instance.
 
-Publish the project with *IoTHubtoTwins.cs* function to a function app in Azure.
-
-For instructions on how to do this, see the section [Publish the function app to Azure](how-to-create-azure-function.md#publish-the-function-app-to-azure) of the *How-to: Set up a function for processing data* article.
-
-#### Step 4: Configure the function app
-
-Next, **assign an access role** for the function and **configure the application settings** so that it can access your Azure Digital Twins instance. For instructions on how to do this, see the section [Set up security access for the function app](how-to-create-azure-function.md#set-up-security-access-for-the-function-app) of the *How-to: Set up a function for processing data* article.
+[!INCLUDE [digital-twins-configure-function-app.md](../../includes/digital-twins-configure-function-app.md)]
 
 ## Connect your function to IoT Hub
 
 
@@ -358,23 +358,18 @@ Next, create a [shared access signature for the container](../storage/common/sto
 
 In this section, you'll publish an Azure function that you downloaded in [Prerequisites](#prerequisites) that will process the OPC UA data and update Azure Digital Twins.
 
-#### Step 1: Open the function in Visual Studio
+1. Navigate to the downloaded [OPC UA to Azure Digital Twins](https://github.com/Azure-Samples/opcua-to-azure-digital-twins) project on your local machine, and into the *Azure Functions/OPCUAFunctions* folder. Open the **OPCUAFunctions.sln** solution in Visual Studio.
+2. Publish the project to a function app in Azure. For instructions on how to do this, see [Develop Azure Functions using Visual Studio](../azure-functions/functions-develop-vs.md#publish-to-azure).
 
-Navigate to the downloaded [OPC UA to Azure Digital Twins](https://github.com/Azure-Samples/opcua-to-azure-digital-twins) project on your local machine, and into the *Azure Functions/OPCUAFunctions* folder. Open the **OPCUAFunctions.sln** solution in Visual Studio.
+#### Configure the function app
 
-#### Step 2: Publish the function
+Next, **assign an access role** for the function and **configure the application settings** so that it can access your Azure Digital Twins instance.
 
-Publish the function project to a function app in Azure.
+[!INCLUDE [digital-twins-configure-function-app.md](../../includes/digital-twins-configure-function-app.md)]
 
-For instructions on how to do this, see the section [Publish the function app to Azure](how-to-create-azure-function.md#publish-the-function-app-to-azure) of the *How-to: Set up a function for processing data* article.
+#### Add application settings
 
-#### Step 3: Configure the function app
-
-**Assign an access role** for the function and **configure the application settings** so that it can access your Azure Digital Twins instance. For instructions on how to do this, see the section [Set up security access for the function app](how-to-create-azure-function.md#set-up-security-access-for-the-function-app) of the *How-to: Set up a function for processing data* article.
-
-#### Step 4: Add application settings
-
-You'll also need to add some application settings to fully set up your environment. Go to the [Azure portal](https://portal.azure.com) and navigate to your newly created Azure function by searching for its name in the portal search bar.
+You'll also need to add some application settings to fully set up your environment and the Azure function. Go to the [Azure portal](https://portal.azure.com) and navigate to your newly created Azure function by searching for its name in the portal search bar.
 
 Select Configuration from the function's left navigation menu. Use the **+ New application setting** button to start creating new settings.
 
@@ -395,7 +390,7 @@ There are three application settings you need to create:
 
 ### Create event subscription
 
-Lastly, create an event subscription to connect your function app and ProcessOPCPublisherEventsToADT function to your IoT Hub. The event subscription is needed so that data can flow from the gateway device into IoT Hub through the function, which then updates Azure Digital Twins.
+Lastly, create an event subscription to connect your function app and *ProcessOPCPublisherEventsToADT* function to your IoT Hub. The event subscription is needed so that data can flow from the gateway device into IoT Hub through the function, which then updates Azure Digital Twins.
 
 For instructions, follow the same steps used in [Connect the IoT hub to the Azure function](tutorial-end-to-end.md#connect-the-iot-hub-to-the-azure-function) from the Azure Digital Twins *Tutorial: Connect an end-to-end solution*.
 
@@ -405,9 +400,18 @@ The event subscription will have an Endpoint type of **Azure function**, and an
 
 After this step, all required components should be installed and running. Data should be flowing from your OPC UA Simulation Server, through Azure IoT Hub, and into your Azure Digital Twins instance. 
 
+### Verify completion
+
+In this section, you set up an Azure function to connect the OPC UA data to Azure Digital Twins. Verify that you've completed the following checklist:
+> [!div class="checklist"]
+> * Created and imported *opcua-mapping.json* file into a blob storage container. 
+> * Published the sample function *ProcessOPCPublisherEventsToADT* to a function app in Azure.
+> * Added three new application settings to the Azure Functions app.
+> * Created an event subscription to send IoT Hub events to the function app.
+
 The next section provides some Azure CLI commands that you can run to monitor the events and verify everything is working successfully.
 
-### Verify and monitor
+## Verify and monitor
 
 The commands in this section can be run in the [Azure Cloud Shell](https://shell.azure.com), or in a [local Azure CLI window](/cli/azure/install-azure-cli).
 
@@ -425,16 +429,6 @@ Finally, you can use Azure Digital Twins Explorer to manually monitor twin prope
 
 :::image type="content" source="media/how-to-ingest-opcua-data/adt-explorer-2.png" alt-text="Screenshot of using azure digital twins explorer to monitor twin property updates":::
 
-### Verify completion
-
-In this section, you set up an Azure function to connect the OPC UA data to Azure Digital Twins. Verify that you've completed the following checklist:
-> [!div class="checklist"]
-> * Created and imported *opcua-mapping.json* file into a blob storage container. 
-> * Published the sample function ProcessOPCPublisherEventsToADT to a function app in Azure.
-> * Added three new application settings to the Azure Functions app.
-> * Created an event subscription to send IoT Hub events to the function app.
-> * Used Azure CLI commands to verify the final data flow
-
 ## Next steps
 
 In this article, you set up a full data flow for getting simulated OPC UA Server data into Azure Digital Twins, where it updates a property on a digital twin.
 
@@ -66,7 +66,7 @@ In this section, you will set up two Azure functions:
 
 Start Visual Studio (or another code editor of your choice), and open the code solution in the *digital-twins-samples-master > ADTSampleApp* folder. Then do the following steps to create the functions:
 
-1. In the *SampleFunctionsApp* project, create a new C# class called **SignalRFunctions.cs**.
+1. In the *SampleFunctionsApp* project, create a new C# class called **SignalRFunctions.cs**. For instructions on how to do this, see [Develop Azure Functions using Visual Studio](../azure-functions/functions-develop-vs.md#add-a-function-to-your-project).
 
 1. Replace the contents of the class file with the following code:
 
@@ -79,9 +79,11 @@ Start Visual Studio (or another code editor of your choice), and open the code s
 
     This should resolve any dependency issues in the class.
 
-1. Publish your function to Azure, using the steps described in the [Publish the app section](tutorial-end-to-end.md#publish-the-app) of the *Connect an end-to-end solution* tutorial. You can publish it to the same app service/function app that you used in the end-to-end tutorial [prerequisite](#prerequisites), or create a new one—but you may want to use the same one to minimize duplication. 
+1. Publish your function to Azure. You can publish it to the same app service/function app that you used in the end-to-end tutorial [prerequisite](#prerequisites), or create a new one—but you may want to use the same one to minimize duplication. For instructions on how to publish a function using Visual Studio, see [Develop Azure Functions using Visual Studio](../azure-functions/functions-develop-vs.md#publish-to-azure).
 
-Next, configure the functions to communicate with your Azure SignalR instance. You'll start by gathering the SignalR instance's **connection string**, and then add it to the functions app's settings.
+### Configure the function
+
+Next, configure the function to communicate with your Azure SignalR instance. You'll start by gathering the SignalR instance's **connection string**, and then add it to the functions app's settings.
 
 1. Go to the [Azure portal](https://portal.azure.com/) and search for the name of your SignalR instance in the search bar at the top of the portal. Select the instance to open it.
 1. Select **Keys** from the instance menu to view the connection strings for the SignalR service instance.
@@ -99,7 +101,7 @@ Next, configure the functions to communicate with your Azure SignalR instance. Y
 
     :::image type="content" source="media/how-to-integrate-azure-signalr/output-app-setting.png" alt-text="Screenshot of the output in a command window, showing a list item called 'AzureSignalRConnectionString'.":::
 
-#### Connect the function to Event Grid
+## Connect the function to Event Grid
 
 Next, subscribe the *broadcast* Azure function to the **event grid topic** you created during the [tutorial prerequisite](how-to-integrate-azure-signalr.md#prerequisites). This will allow telemetry data to flow from the thermostat67 twin through the event grid topic and to the function. From here, the function can broadcast the data to all the clients.
 
 
@@ -88,25 +88,18 @@ Inside your function app project that you created in the [Prerequisites section]
 
 Start by opening the function app project in Visual Studio on your machine and follow the steps below.
 
-#### Step 1: Add a new function 
+1. First, create a new function of type *HTTP-trigger* in the function app project in Visual Studio. For instructions on how to do this, see [Develop Azure Functions using Visual Studio](../azure-functions/functions-develop-vs.md#add-a-function-to-your-project).
 
-Add a new function of type *HTTP-trigger* to the function app project in Visual Studio.
+2. Add a new NuGet package to the project: [Microsoft.Azure.Devices.Provisioning.Service](https://www.nuget.org/packages/Microsoft.Azure.Devices.Provisioning.Service/). You might need to add more packages to your project as well, if the packages used in the code aren't part of the project already.
 
-:::image type="content" source="media/how-to-provision-using-device-provisioning-service/add-http-trigger-function-visual-studio.png" alt-text="Screenshot of the Visual Studio view to add Azure function of type Http Trigger to a function app project." lightbox="media/how-to-provision-using-device-provisioning-service/add-http-trigger-function-visual-studio.png":::
+3. In the newly created function code file, paste in the following code, rename the function to *DpsAdtAllocationFunc.cs*, and save the file.
 
-#### Step 2: Fill in function code
+    :::code language="csharp" source="~/digital-twins-docs-samples-dps/functions/DpsAdtAllocationFunc.cs":::
 
-Add a new NuGet package to the project: [Microsoft.Azure.Devices.Provisioning.Service](https://www.nuget.org/packages/Microsoft.Azure.Devices.Provisioning.Service/). You might need to add more packages to your project as well, if the packages used in the code aren't part of the project already.
+4. Publish the project with the *DpsAdtAllocationFunc.cs* function to a function app in Azure. For instructions on how to do this, see [Develop Azure Functions using Visual Studio](../azure-functions/functions-develop-vs.md#publish-to-azure).
 
-In the newly created function code file, paste in the following code, rename the function to *DpsAdtAllocationFunc.cs*, and save the file.
-
-:::code language="csharp" source="~/digital-twins-docs-samples-dps/functions/DpsAdtAllocationFunc.cs":::
-
-#### Step 3: Publish the function app to Azure
-
-Publish the project with *DpsAdtAllocationFunc.cs* function to the function app in Azure.
-
-[!INCLUDE [digital-twins-publish-and-configure-function-app.md](../../includes/digital-twins-publish-and-configure-function-app.md)]
+> [!IMPORTANT]
+> When creating the function app for the first time in the [Prerequisites section](#prerequisites), you may have already assigned an access role for the function and configured the application settings for it to access your Azure Digital Twins instance. These need to be done once for the entire function app, so verify they've been completed in your app before continuing. You can find instructions in the [Set up security access for the function app](how-to-create-azure-function.md#set-up-security-access-for-the-function-app) section of the *How-to: Set up a function in Azure to process data* article.
 
 ### Create Device Provisioning enrollment
 
@@ -249,23 +242,18 @@ For more about lifecycle events, see [IoT Hub Non-telemetry events](../iot-hub/i
 
 Start by opening the function app project in Visual Studio on your machine and follow the steps below.
 
-#### Step 1: Add a new function
-     
-Add a new function of type *Event Hub Trigger* to the function app project in Visual Studio.
-
-:::image type="content" source="media/how-to-provision-using-device-provisioning-service/create-event-hub-trigger-function.png" alt-text="Screenshot of the Visual Studio window showing how to add an Azure function of type Event Hub Trigger in a function app project." lightbox="media/how-to-provision-using-device-provisioning-service/create-event-hub-trigger-function.png":::
+1. First, create a new function of type *Event Hub Trigger* in the function app project in Visual Studio. For instructions on how to do this, see [Develop Azure Functions using Visual Studio](../azure-functions/functions-develop-vs.md#add-a-function-to-your-project).
 
-#### Step 2: Fill in function code
+2. Add a new NuGet package to the project: [Microsoft.Azure.Devices.Provisioning.Service](https://www.nuget.org/packages/Microsoft.Azure.Devices.Provisioning.Service/). You might need to add more packages to your project as well, if the packages used in the code aren't part of the project already.
 
-In the newly created function code file, paste in the following code, rename the function to `DeleteDeviceInTwinFunc.cs`, and save the file.
+3. In the newly created function code file, paste in the following code, rename the function to *DeleteDeviceInTwinFunc.cs*, and save the file.
 
-:::code language="csharp" source="~/digital-twins-docs-samples-dps/functions/DeleteDeviceInTwinFunc.cs":::
+    :::code language="csharp" source="~/digital-twins-docs-samples-dps/functions/DeleteDeviceInTwinFunc.cs":::
 
-#### Step 3: Publish the function app to Azure
+4. Publish the project with the *DeleteDeviceInTwinFunc.cs* function to a function app in Azure. For instructions on how to do this, see [Develop Azure Functions using Visual Studio](../azure-functions/functions-develop-vs.md#publish-to-azure).
 
-Publish the project with *DeleteDeviceInTwinFunc.cs* function to the function app in Azure.
-
-[!INCLUDE [digital-twins-publish-and-configure-function-app.md](../../includes/digital-twins-publish-and-configure-function-app.md)]
+> [!IMPORTANT]
+> When creating the function app for the first time in the [Prerequisites section](#prerequisites), you may have already assigned an access role for the function and configured the application settings for it to access your Azure Digital Twins instance. These need to be done once for the entire function app, so verify they've been completed in your app before continuing. You can find instructions in the [Set up security access for the function app](how-to-create-azure-function.md#set-up-security-access-for-the-function-app) section of the *How-to: Set up a function in Azure to process data* article.
 
 ### Create an IoT Hub route for lifecycle events
 
 
@@ -0,0 +1,135 @@
+---
+author: baanders
+description: include file describing how to configure an Azure function to work with Azure Digital Twins
+ms.service: digital-twins
+ms.topic: include
+ms.date: 7/14/2021
+ms.author: baanders
+---
+
+You can set up security access for the function app by using either the Azure CLI or the Azure portal. Follow the steps for your preferred option.
+
+# [CLI](#tab/cli)
+
+Run these commands in [Azure Cloud Shell](https://shell.azure.com) or a [local Azure CLI installation](/cli/azure/install-azure-cli).
+You can use the function app's system-managed identity to give it the **Azure Digital Twins Data Owner** role for your Azure Digital Twins instance. The role gives the function app permission in the instance to perform data plane activities. Then make the URL of the instance accessible to your function by setting an environment variable.
+
+### Assign an access role
+
+[!INCLUDE [digital-twins-permissions-required.md](digital-twins-permissions-required.md)]
+
+The Azure function requires a bearer token to be passed to it. If the bearer token isn't passed, the function app can't authenticate with Azure Digital Twins. 
+
+To make sure the bearer token is passed, set up [managed identities](../articles/active-directory/managed-identities-azure-resources/overview.md) permissions so the function app can access Azure Digital Twins. You only need to set up these permissions once for each function app.
+
+
+1. Use the following command to see the details of the system-managed identity for the function. Take note of the `principalId` field in the output.
+
+    ```azurecli-interactive	
+    az functionapp identity show --resource-group <your-resource-group> --name <your-App-Service-function-app-name>	
+    ```
+
+    >[!NOTE]
+    > If the result is empty instead of showing identity details, create a new system-managed identity for the function by using this command:
+    > 
+    >```azurecli-interactive	
+    >az functionapp identity assign --resource-group <your-resource-group> --name <your-App-Service-function-app-name>	
+    >```
+    >
+    > The output displays details of the identity, including the `principalId` value required for the next step. 
+
+1. Use the `principalId` value in the following command to assign the function app's identity to the _Azure Digital Twins Data Owner_ role for your Azure Digital Twins instance.
+
+    ```azurecli-interactive	
+    az dt role-assignment create --dt-name <your-Azure-Digital-Twins-instance> --assignee "<principal-ID>" --role "Azure Digital Twins Data Owner"
+    ```
+
+### Configure application settings
+
+Make the URL of your instance accessible to your function by setting an environment variable for it. For more information about environment variables, see [Manage your function app](../articles/azure-functions/functions-how-to-use-azure-function-app-settings.md?tabs=portal). 
+
+> [!TIP]
+> The Azure Digital Twins instance's URL is made by adding *https://* to the beginning of your instance's host name. To see the host name, along with all the properties of your instance, run `az dt show --dt-name <your-Azure-Digital-Twins-instance>`.
+
+```azurecli-interactive	
+az functionapp config appsettings set --resource-group <your-resource-group> --name <your-App-Service-function-app-name> --settings "ADT_SERVICE_URL=https://<your-Azure-Digital-Twins-instance-host-name>"
+```
+
+# [Azure portal](#tab/portal)
+
+Complete the following steps in the [Azure portal](https://portal.azure.com/).
+
+### Assign an access role
+
+[!INCLUDE [digital-twins-permissions-required.md](digital-twins-permissions-required.md)]
+
+A system-assigned managed identity enables Azure resources to authenticate to cloud services (for example, Azure Key Vault) without storing credentials in code. After you enable system-assigned managed identity, all necessary permissions can be granted through Azure role-based access control. 
+
+The lifecycle of this type of managed identity is tied to the lifecycle of this resource. Additionally, each resource can have only one system-assigned managed identity.
+
+1. In the [Azure portal](https://portal.azure.com/), search for your function app by typing its name in the search box. Select your app from the results. 
+
+    :::image type="content" source="../articles/digital-twins/media/how-to-create-azure-function/portal-search-for-function-app.png" alt-text="Screenshot of the Azure portal. The function app's name is in the portal search bar, and the search result is highlighted.":::
+
+1. On the function app page, in the menu on the left, select __Identity__ to work with a managed identity for the function. On the __System assigned__ page, verify that the __Status__ is set to **On**. If it's not, set it now and then **Save** the change.
+
+    :::image type="content" source="../articles/digital-twins/media/how-to-create-azure-function/verify-system-managed-identity.png" alt-text="Screenshot of the Azure portal. On the Identity page for the function app, the Status option is set to On." lightbox="../articles/digital-twins/media/how-to-create-azure-function/verify-system-managed-identity.png":::
+
+1. Select __Azure role assignments__.
+
+    :::image type="content" source="../articles/digital-twins/media/how-to-create-azure-function/add-role-assignment-1.png" alt-text="Screenshot of the Azure portal. On the Azure Function's Identity page, under Permissions, the button Azure role assignments is highlighted." lightbox="../articles/digital-twins/media/how-to-create-azure-function/add-role-assignment-1.png":::
+
+    Select __+ Add role assignment (Preview)__.
+
+    :::image type="content" source="../articles/digital-twins/media/how-to-create-azure-function/add-role-assignment-2.png" alt-text="Screenshot of the Azure portal. On the Azure role assignments page, the button Add role assignment (Preview) is highlighted." lightbox="../articles/digital-twins/media/how-to-create-azure-function/add-role-assignment-2.png":::
+
+1. On the __Add role assignment (Preview)__ page, select the following values:
+
+    * **Scope**: _Resource group_
+    * **Subscription**: Select your Azure subscription.
+    * **Resource group**: Select your resource group.
+    * **Role**: _Azure Digital Twins Data Owner_
+
+    Save the details by selecting __Save__.
+
+    :::image type="content" source="../articles/digital-twins/media/how-to-create-azure-function/add-role-assignment-3.png" alt-text="Screenshot of the Azure portal, showing how to add a new role assignment. The dialog shows fields for Scope, Subscription, Resource group, and Role.":::
+
+### Configure application settings
+
+To make the URL of your Azure Digital Twins instance accessible to your function, you can set an environment variable. Application settings are exposed as environment variables to allow access to the Azure Digital Twins instance. For more information about environment variables, see [Manage your function app](../articles/azure-functions/functions-how-to-use-azure-function-app-settings.md?tabs=portal). 
+
+To set an environment variable with the URL of your instance, first find your instance's host name: 
+
+1. Search for your instance in the [Azure portal](https://portal.azure.com). 
+1. In the menu on the left, select __Overview__. 
+1. Copy the __Host name__ value.
+
+    :::image type="content" source="../articles/digital-twins/media/how-to-create-azure-function/instance-host-name.png" alt-text="Screenshot of the Azure portal. On the instance's Overview page, the host name value is highlighted.":::
+
+You can now create an application setting:
+
+1. In the portal search bar, search for your function app and then select it from the results.
+
+    :::image type="content" source="../articles/digital-twins/media/how-to-create-azure-function/portal-search-for-function-app.png" alt-text="Screenshot of the Azure portal. The function app's name is being searched in the portal search bar. The search result is highlighted.":::
+
+1. On the left, select __Configuration__. Then on the __Application settings__ tab, select __+ New application setting__.
+
+    :::image type="content" source="../articles/digital-twins/media/how-to-create-azure-function/application-setting.png" alt-text="Screenshot of the Azure portal. On the Configuration tab for the function app, the button to create a New application setting is highlighted.":::
+
+1. In the window that opens, use the host name value you copied to create an application setting.
+    * **Name**: ADT_SERVICE_URL
+    * **Value**: https://<your-Azure-Digital-Twins-host-name>
+    
+    Select __OK__ to create an application setting.
+    
+    :::image type="content" source="../articles/digital-twins/media/how-to-create-azure-function/add-application-setting.png" alt-text="Screenshot of the Azure portal. On the Add/Edit application setting page, the Name and Value fields are filled out. The O K button is highlighted.":::
+
+1. After you create the setting, it should appear on the __Application settings__ tab. Verify that **ADT_SERVICE_URL** appears on the list. Then save the new application setting by selecting __Save__.
+
+    :::image type="content" source="../articles/digital-twins/media/how-to-create-azure-function/application-setting-save-details.png" alt-text="Screenshot of the Azure portal. On the application settings tab, the new A D T SERVICE URL setting and the Save button are both highlighted.":::
+
+1. Any changes to the application settings require an application restart, so select __Continue__ to restart your application when prompted.
+
+    :::image type="content" source="../articles/digital-twins/media/how-to-create-azure-function/save-application-setting.png" alt-text="Screenshot of the Azure portal. A note states that any changes to application settings will restart your application.":::
+
+---