Changes to run as AzureCliCredential from notebook in VSC (#272)

* Changes to run as AzureCliCredential from notebook in VSC

* pre-commit corrections

* AI Red Team example against Copilot Studio agent

Author: jaestevan

.gitignore

@@ -14,6 +14,8 @@ deployment.json
 *result.jsonl
 *results.json
 *results.jsonl
+*.scan_*
+*-Scan.json
 
 ## Python Gitignore
 ## From: https://github.com/github/gitignore/blob/main/Python.gitignore
@@ -181,3 +183,5 @@ cython_debug/
 
 # macOS Finder
 .DS_Store
+
+token_cache.bin

scenarios/evaluate/AI_RedTeaming/AI_RedTeaming.ipynb

@@ -17,7 +17,13 @@
     "### Prerequisite\n",
     "First, if you have an Azure subscription, create an [Azure AI hub](https://learn.microsoft.com/en-us/azure/ai-studio/concepts/ai-resources) then [create an Azure AI project](https://learn.microsoft.com/en-us/azure/ai-studio/concepts/ai-resources). AI projects and Hubs can be served within a private network and are compatible with private endpoints. You **do not** need to provide your own LLM deployment as the AI Red Teaming Agent hosts adversarial models for both simulation and evaluation of harmful content and connects to it via your Azure AI project.\n",
     "\n",
-    "**Note**: In order to upload your results to Azure AI Foundry, you must have the `Storage Blob Data Contributor` role\n",
+    "In order to upload your results to Azure AI Foundry:\n",
+    "- Your AI Foundry project must have a connection (*Connected Resources*) to a storage account with `Microsoft Entra ID` authentication enabled.\n",
+    "- Your AI Foundry project must have the `Storage Blob Data Contributor` role in the storage account.\n",
+    "- You must have the `Storage Blob Data Contributor` role in the storage account.\n",
+    "- You must have network access to the storage account.\n",
+    "\n",
+    "For more information see: https://learn.microsoft.com/en-us/azure/ai-foundry/how-to/develop/run-scans-ai-red-teaming-agent\n",
     "\n",
     "**Important**: First, ensure that you've installed the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) and then make sure to authenticate to Azure using `az login` in your terminal before running this notebook.\n",
     "\n",
@@ -38,7 +44,7 @@
     "\n",
     "```bash\n",
     "pip install uv\n",
-    "uv pip install azure-ai-evaluation[redteam] azure-identity openai\n",
+    "uv pip install azure-ai-evaluation[redteam] azure-identity openai azure-ai-projects\n",
     "```\n",
     "\n",
     "\n",
@@ -65,14 +71,36 @@
     "import os\n",
     "\n",
     "# Azure imports\n",
-    "from azure.identity import DefaultAzureCredential, get_bearer_token_provider\n",
     "from azure.ai.evaluation.red_team import RedTeam, RiskCategory, AttackStrategy\n",
     "\n",
     "# OpenAI imports\n",
-    "from openai import AzureOpenAI\n",
+    "from openai import AzureOpenAI"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Login to Azure with valid credentials\n",
+    "\n",
+    "Ensure that you've installed the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) and then make sure to authenticate to Azure using `az login` in your terminal before running this notebook.\n",
+    "\n",
+    "Configure the `credential` object with a different AzureCredential type if this is a requirement for your environment."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# Azure Credential imports\n",
+    "from azure.identity import AzureCliCredential, get_bearer_token_provider\n",
+    "\n",
+    "!az login\n",
     "\n",
     "# Initialize Azure credentials\n",
-    "credential = DefaultAzureCredential()"
+    "credential = AzureCliCredential()"
    ]
   },
   {
@@ -83,6 +111,8 @@
     "\n",
     "Set the following variables for use in this notebook. These variables connect to your Azure resources and model deployments.\n",
     "\n",
+    "Set these variables by creating an `.env` file in your project's root folder.\n",
+    "\n",
     "**Note:** You can find these values in your Azure AI Foundry project or Azure OpenAI resource."
    ]
   },
@@ -95,14 +125,12 @@
     "```\n",
     "# Azure OpenAI\n",
     "AZURE_OPENAI_API_KEY=\"your-api-key-here\"\n",
-    "AZURE_OPENAI_ENDPOINT=\"https://endpoint-name.openai.azure.com/openai/deployments/deployment-name/chat/completions\"\n",
+    "AZURE_OPENAI_ENDPOINT=\"https://endpoint-name.cognitiveservices.azure.com/\"\n",
     "AZURE_OPENAI_DEPLOYMENT_NAME=\"gpt-4\"\n",
     "AZURE_OPENAI_API_VERSION=\"2024-12-01-preview\"\n",
     "\n",
     "# Azure AI Project\n",
-    "AZURE_SUBSCRIPTION_ID=\"12345678-1234-1234-1234-123456789012\"\n",
-    "AZURE_RESOURCE_GROUP_NAME=\"your-resource-group\"\n",
-    "AZURE_PROJECT_NAME=\"your-project-name\"\n",
+    "AZURE_PROJECT_ENDPOINT=\"https://your-aifoundry-endpoint-name.services.ai.azure.com/api/projects/yourproject-name\"\n",
     "```"
    ]
   },
@@ -113,17 +141,11 @@
    "outputs": [],
    "source": [
     "# Azure AI Project information\n",
-    "azure_ai_project = {\n",
-    "    \"subscription_id\": os.environ.get(\"AZURE_SUBSCRIPTION_ID\"),\n",
-    "    \"resource_group_name\": os.environ.get(\"AZURE_RESOURCE_GROUP_NAME\"),\n",
-    "    \"project_name\": os.environ.get(\"AZURE_PROJECT_NAME\"),\n",
-    "}\n",
+    "azure_ai_project = os.environ.get(\"AZURE_PROJECT_ENDPOINT\")\n",
     "\n",
     "# Azure OpenAI deployment information\n",
     "azure_openai_deployment = os.environ.get(\"AZURE_OPENAI_DEPLOYMENT\")  # e.g., \"gpt-4\"\n",
-    "azure_openai_endpoint = os.environ.get(\n",
-    "    \"AZURE_OPENAI_ENDPOINT\"\n",
-    ")  # e.g., \"https://endpoint-name.openai.azure.com/openai/deployments/deployment-name/chat/completions\"\n",
+    "azure_openai_endpoint = os.environ.get(\"AZURE_OPENAI_ENDPOINT\")\n",
     "azure_openai_api_key = os.environ.get(\"AZURE_OPENAI_API_KEY\")  # e.g., \"your-api-key\"\n",
     "azure_openai_api_version = os.environ.get(\"AZURE_OPENAI_API_VERSION\")  # Use the latest API version"
    ]
@@ -280,7 +302,9 @@
    "source": [
     "# Run the red team scan called \"Intermediary-Model-Target-Scan\"\n",
     "result = await red_team.scan(\n",
-    "    target=azure_oai_model_config, scan_name=\"Intermediary-Model-Target-Scan\", attack_strategies=[AttackStrategy.Flip]\n",
+    "    target=azure_oai_model_config,\n",
+    "    scan_name=\"Intermediary-Model-Target-Scan\",\n",
+    "    attack_strategies=[AttackStrategy.Flip],\n",
     ")"
    ]
   },
@@ -307,7 +331,7 @@
     "    context: Optional[Dict[str, Any]] = None,  # noqa: ARG001\n",
     ") -> dict[str, list[dict[str, str]]]:\n",
     "    # Get token provider for Azure AD authentication\n",
-    "    token_provider = get_bearer_token_provider(DefaultAzureCredential(), \"https://cognitiveservices.azure.com/.default\")\n",
+    "    token_provider = get_bearer_token_provider(credential, \"https://cognitiveservices.azure.com/.default\")\n",
     "\n",
     "    # Initialize Azure OpenAI client\n",
     "    client = AzureOpenAI(\n",
@@ -476,7 +500,7 @@
  ],
  "metadata": {
   "kernelspec": {
-   "display_name": "test-3.10",
+   "display_name": ".venv",
    "language": "python",
    "name": "python3"
   },