My goal is to make a fully secretless function app, and then add triggers for an Azure Storage queue and a Service Bus queue.
The first step is to create the function app, and configure it without Azure Files (because Azure Files doesn't support managed identity for SMB file shares). There is some documentation on this here. The portal doesn't provide that option today, but I can take the ARM template generated by the portal and modify it for my needs. So I go the through the create wizard, but instead of hitting Create, I hit the template button: