fix: merging dev changes to main (#787)

* feat: Implementation of Configurable Logging Control via Flag (#756)

* Implementation of Configurable Logging Control via Flag

* bicep updated

* updated bicep

* updated custom bicep

* Fix typo in CustomizingAzdParameters.md (#772)

* Update src/App/app.py

fixed blank string issue

Co-authored-by: Copilot <[email protected]>

* feat: Add Troubleshooting Guide for Log Analytics Workspace Deletion Issues (#758)

* Add files via upload

* Update deployment guide with replication note

Added note about disabling replication before deleting resources.

* Fix typo in LogAnalyticsReplicationDisable.md

* Fix formatting of note in Deployment Guide

---------

Co-authored-by: Harsh-Microsoft <[email protected]>

* Update CosmosDB parameters for improved redundancy and location handling and resolved sql server redeployment issue

* update main.json

* Update infra/main.bicep

Co-authored-by: Copilot <[email protected]>

* Update infra/main.bicep

Co-authored-by: Copilot <[email protected]>

* resolved copilot comments

---------

Co-authored-by: Prajwal-Microsoft <[email protected]>
Co-authored-by: AjitPadhi-Microsoft <[email protected]>
Co-authored-by: Thanusree-Microsoft <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Harsh-Microsoft <[email protected]>
Co-authored-by: Abdul-Microsoft <[email protected]>

Author: 7 people

docs/CustomizingAzdParameters.md

@@ -10,7 +10,8 @@ By default this template will use the environment name as the prefix to prevent
 | Name                          | Type    | Default Value       | Purpose                                                                                              |
 | -----------------------------| ------- | ------------------- | ---------------------------------------------------------------------------------------------------- |
 | `AZURE_ENV_NAME`            | string  | `azdtemp`           | Used as a prefix for all resource names to ensure uniqueness across environments.                    |
-| `AZURE_ENV_COSMOS_LOCATION`             | string  | `eastus2`    | Location of the Cosmos DB instance. Choose from (allowed values: `swedencentral`, `australiaeast`).      |
+| `AZURE_ENV_COSMOS_LOCATION`             | string  | `Same as resource group location`    | Primary location for the Cosmos DB instance. When enabling redundancy, verify the region supports zone redundancy. [Check supported regions](https://learn.microsoft.com/en-us/azure/reliability/regions-list).      |
+| `AZURE_ENV_COSMOS_SECONDARY_LOCATION`   | string  | `canadacentral`    | Secondary failover location for Cosmos DB when enableRedundancy is true. [Check supported regions](https://learn.microsoft.com/en-us/azure/reliability/regions-list).      |
 | `AZURE_ENV_MODEL_DEPLOYMENT_TYPE`             | string  | `GlobalStandard`    | Change the Model Deployment Type (allowed values: Standard, GlobalStandard).                         |
 | `AZURE_ENV_MODEL_NAME`               | string  | `gpt-4o-mini`            | Set the GPT model name (allowed values: `gpt-4o`).                                                      |
 | `AZURE_ENV_MODEL_VERSION`     | string  | `2025-01-01-preview`        | Set the Azure OpenAI API version (allowed values: 2024-08-06).                                       |

docs/DeploymentGuide.md

@@ -236,7 +236,8 @@ Once you've opened the project in [Codespaces](#github-codespaces), [Dev Contain
 5. Once the deployment is complete, please follow the [Import Sample Data](#post-deployment-steps) instructions under **Post Deployment Steps** to load the sample data correctly.
 6. Open the [Azure Portal](https://portal.azure.com/), go to the deployed resource group, find the App Service and get the app URL from `Default domain`.
 7. Test the app locally with the sample question with any selected client: _Show latest asset value by asset type?_. For more sample questions you can test in the application, see [Sample Questions](SampleQuestions.md).
-8. You can now delete the resources by running `azd down`, if you are done trying out the application. 
+8. You can now delete the resources by running `azd down`, if you are done trying out the application.
+   > **Note:** If you deployed with `enableRedundancy=true` and Log Analytics workspace replication is enabled, you must first disable replication before running `azd down`, else resource group delete will fail. Follow the steps in [Handling Log Analytics Workspace Deletion with Replication Enabled](./LogAnalyticsReplicationDisable.md), wait until replication returns `false`, then run `azd down`.
 
 ### Publishing Local Build Container to Azure Container Registry
 

docs/LogAnalyticsReplicationDisable.md

@@ -0,0 +1,28 @@
+# 🛠 Handling Log Analytics Workspace Deletion with Replication Enabled
+
+If redundancy (replication) is enabled for your Log Analytics workspace, you must disable it before deleting the workspace or resource group. Otherwise, deletion will fail.
+
+## ✅ Steps to Disable Replication Before Deletion
+Run the following Azure CLI command. Note: This operation may take about 5 minutes to complete.
+
+```bash
+az resource update --ids "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{logAnalyticsName}" --set properties.replication.enabled=false
+```
+
+Replace:
+- `{subscriptionId}` → Your Azure subscription ID
+- `{resourceGroupName}` → The name of your resource group
+- `{logAnalyticsName}` → The name of your Log Analytics workspace
+
+Optional: Verify replication is disabled (should output `false`):
+```bash
+az resource show --ids "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{logAnalyticsName}" --query properties.replication.enabled -o tsv
+```
+
+## ✅ After Disabling Replication
+You can safely delete:
+- The Log Analytics workspace (manual)
+- The resource group (manual), or
+- All provisioned resources via `azd down`
+
+Return to: [Deployment Guide](./DeploymentGuide.md)

infra/main.bicep

@@ -10,7 +10,10 @@ param solutionName string = 'clientadvisor'
 param existingLogAnalyticsWorkspaceId string = ''
 
 @description('Optional. CosmosDB Location')
-param cosmosLocation string = 'eastus2'
+param cosmosLocation string = resourceGroup().location
+
+@description('Optional. Secondary CosmosDB Location for high availability and failover scenarios. Not all Azure regions support zone redundancy for Cosmos DB. See https://learn.microsoft.com/azure/cosmos-db/high-availability#azure-regions-and-zone-redundancy for supported regions.')
+param secondaryCosmosLocation string = 'canadacentral'
 
 @minLength(1)
 @description('Optional. GPT model deployment type:')
@@ -231,30 +234,13 @@ var replicaLocation = replicaRegionPairs[resourceGroup().location]
 @description('Optional. The tags to apply to all deployed Azure resources.')
 param tags resourceInput<'Microsoft.Resources/resourceGroups@2025-04-01'>.tags = {}
 
-// Region pairs list based on article in [Azure Database for MySQL Flexible Server - Azure Regions](https://learn.microsoft.com/azure/mysql/flexible-server/overview#azure-regions) for supported high availability regions for CosmosDB.
-var cosmosDbZoneRedundantHaRegionPairs = {
-  australiaeast: 'uksouth' //'southeastasia'
-  centralus: 'eastus2'
-  eastasia: 'southeastasia'
-  eastus: 'centralus'
-  eastus2: 'centralus'
-  japaneast: 'australiaeast'
-  northeurope: 'westeurope'
-  southeastasia: 'eastasia'
-  uksouth: 'westeurope'
-  westeurope: 'northeurope'
-}
-
 var allTags = union(
   {
     'azd-env-name': solutionName
   },
   tags
 )
 
-// Paired location calculated based on 'location' parameter. This location will be used by applicable resources if `enableScalability` is set to `true`
-var cosmosDbHaLocation = cosmosDbZoneRedundantHaRegionPairs[resourceGroup().location]
-
 // Extracts subscription, resource group, and workspace name from the resource ID when using an existing Log Analytics workspace
 var useExistingLogAnalytics = !empty(existingLogAnalyticsWorkspaceId)
 
@@ -557,7 +543,7 @@ module keyvault 'br/public:avm/res/key-vault/vault:0.12.1' = {
     name: keyVaultName
     location: solutionLocation
     tags: tags
-    sku: 'standard'
+    sku: enableScalability ? 'premium' : 'standard'
     publicNetworkAccess: enablePrivateNetworking ? 'Disabled' : 'Enabled'
     networkAcls: {
       defaultAction: 'Allow'
@@ -843,12 +829,12 @@ module cosmosDb 'br/public:avm/res/document-db/database-account:0.15.0' = {
           {
             failoverPriority: 0
             isZoneRedundant: true
-            locationName: solutionLocation
+            locationName: cosmosLocation
           }
           {
             failoverPriority: 1
             isZoneRedundant: true
-            locationName: cosmosDbHaLocation
+            locationName: secondaryCosmosLocation
           }
         ]
       : [
@@ -1014,22 +1000,6 @@ module sqlDBModule 'br/public:avm/res/sql/server:0.20.1' = {
       ]
     }
     primaryUserAssignedIdentityResourceId: userAssignedIdentity.outputs.resourceId
-    privateEndpoints: enablePrivateNetworking
-      ? [
-          {
-            privateDnsZoneGroup: {
-              privateDnsZoneGroupConfigs: [
-                {
-                  privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.sqlServer]!.outputs.resourceId
-                }
-              ]
-            }
-            service: 'sqlServer'
-            subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
-            tags: tags
-          }
-        ]
-      : []
     firewallRules: (!enablePrivateNetworking) ? [
       {
         endIpAddress: '255.255.255.255'
@@ -1045,6 +1015,34 @@ module sqlDBModule 'br/public:avm/res/sql/server:0.20.1' = {
     tags: tags
   }
 }
+// ========== SQL Server Private Endpoint (separated) ========== //
+module sqlDbPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.11.1' = if (enablePrivateNetworking) {
+  name: take('avm.res.network.private-endpoint.sql-${solutionSuffix}', 64)
+  params: {
+    name: 'pep-sql-${solutionSuffix}'
+    location: solutionLocation
+    tags: tags
+    enableTelemetry: enableTelemetry
+    subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
+    customNetworkInterfaceName: 'nic-sql-${solutionSuffix}'
+    privateLinkServiceConnections: [
+      {
+        name: 'pl-sqlserver-${solutionSuffix}'
+        properties: {
+          privateLinkServiceId: sqlDBModule.outputs.resourceId
+          groupIds: ['sqlServer']
+        }
+      }
+    ]
+    privateDnsZoneGroup: {
+      privateDnsZoneGroupConfigs: [
+        {
+          privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.sqlServer]!.outputs.resourceId
+        }
+      ]
+    }
+  }
+}
 
 // ========== Frontend server farm ========== //
 // WAF best practices for Web Application Services: https://learn.microsoft.com/en-us/azure/well-architected/service-guides/app-service-web-apps
@@ -1062,11 +1060,11 @@ module webServerFarm 'br/public:avm/res/web/serverfarm:0.5.0' = {
     // WAF aligned configuration for Monitoring
     diagnosticSettings: enableMonitoring ? [{ workspaceResourceId: logAnalyticsWorkspaceResourceId }] : null
     // WAF aligned configuration for Scalability
-    skuName: enableScalability || enableRedundancy ? 'P1v3' : 'B3'
+    skuName: 'B3'
     // skuCapacity: enableScalability ? 3 : 1
     skuCapacity: 1 // skuCapacity set to 1 (not 3) due to multiple agents created per type during WAF deployment
     // WAF aligned configuration for Redundancy
-    zoneRedundant: enableRedundancy ? true : false
+    zoneRedundant: false // zone redundancy requires a minimum of 2 instances; as we are keeping skuCapacity to 1, setting zoneRedundant to false
   }
 }
 
@@ -1218,7 +1216,7 @@ module searchService 'br/public:avm/res/search/search-service:0.11.1' = {
     ]
     partitionCount: 1
     replicaCount: 1
-    sku: 'standard'
+    sku: enableScalability ? 'standard' : 'basic'
     semanticSearch: 'free'
     // Use the deployment tags provided to the template
     tags: tags