Use ManagedIdentityCredential

Author: Pavan-Microsoft

docs/workshop/docs/workshop/Challenge-3-and-4/knowledge_mining_api.ipynb

@@ -28,7 +28,7 @@
     "import pyodbc\n",
     "from dotenv import load_dotenv\n",
     "\n",
-    "from azure.identity.aio import DefaultAzureCredential, get_bearer_token_provider\n",
+    "from azure.identity.aio import ManagedIdentityCredential, get_bearer_token_provider\n",
     "from azure.ai.agents.models import TruncationObject\n",
     "\n",
     "from semantic_kernel.functions.kernel_function_decorator import kernel_function\n",
@@ -61,7 +61,7 @@
     "    mid_id = os.getenv(\"SQLDB_USER_MID\")\n",
     "\n",
     "    try:\n",
-    "        async with DefaultAzureCredential() as credential:\n",
+    "        async with ManagedIdentityCredential() as credential:\n",
     "            token = await credential.get_token(\"https://database.windows.net/.default\")\n",
     "            token_bytes = token.token.encode(\"utf-16-LE\")\n",
     "            token_struct = struct.pack(\n",
@@ -128,7 +128,7 @@
     "\n",
     "        try:\n",
     "            token_provider = get_bearer_token_provider(\n",
-    "                DefaultAzureCredential(), \"https://cognitiveservices.azure.com/.default\"\n",
+    "                ManagedIdentityCredential(), \"https://cognitiveservices.azure.com/.default\"\n",
     "            )\n",
     "            token = await token_provider()\n",
     "            client = openai.AzureOpenAI(\n",
@@ -175,7 +175,7 @@
     "                    Only return the generated SQL query. Do not return anything else.'''\n",
     "            \n",
     "            token_provider = get_bearer_token_provider(\n",
-    "                DefaultAzureCredential(), \"https://cognitiveservices.azure.com/.default\"\n",
+    "                ManagedIdentityCredential(), \"https://cognitiveservices.azure.com/.default\"\n",
     "            )\n",
     "            token = await token_provider()\n",
     "            client = openai.AzureOpenAI(\n",
@@ -212,7 +212,7 @@
     "    ):\n",
     "        try:\n",
     "            token_provider = get_bearer_token_provider(\n",
-    "                DefaultAzureCredential(), \"https://cognitiveservices.azure.com/.default\"\n",
+    "                ManagedIdentityCredential(), \"https://cognitiveservices.azure.com/.default\"\n",
     "            )\n",
     "            token = await token_provider()\n",
     "            client = openai.AzureOpenAI(\n",
@@ -313,7 +313,7 @@
     "async def main() -> None:\n",
     "    ai_agent_settings = AzureAIAgentSettings()\n",
     "    async with (\n",
-    "        DefaultAzureCredential() as creds,\n",
+    "        ManagedIdentityCredential() as creds,\n",
     "        AzureAIAgent.create_client(credential=creds, endpoint=ai_agent_settings.endpoint) as client,\n",
     "    ):\n",
     "        AGENT_INSTRUCTIONS = '''You are a helpful assistant.\n",

docs/workshop/docs/workshop/Challenge-5/notebooks/video_chapter_generation.ipynb

@@ -117,8 +117,8 @@
     ")\n",
     "from python.content_understanding_client import AzureContentUnderstandingClient\n",
     "\n",
-    "from azure.identity import DefaultAzureCredential, get_bearer_token_provider\n",
-    "credential = DefaultAzureCredential()\n",
+    "from azure.identity import ManagedIdentityCredential, get_bearer_token_provider\n",
+    "credential = ManagedIdentityCredential()\n",
     "token_provider = get_bearer_token_provider(credential, AUTHENTICATION_URL)\n",
     "\n",
     "# The analyzer template is used to define the schema of the output\n",

docs/workshop/docs/workshop/Challenge-5/notebooks/video_tag_generation.ipynb

@@ -117,8 +117,8 @@
     ")\n",
     "from python.content_understanding_client import AzureContentUnderstandingClient\n",
     "\n",
-    "from azure.identity import DefaultAzureCredential, get_bearer_token_provider\n",
-    "credential = DefaultAzureCredential()\n",
+    "from azure.identity import ManagedIdentityCredential, get_bearer_token_provider\n",
+    "credential = ManagedIdentityCredential()\n",
     "token_provider = get_bearer_token_provider(credential, AUTHENTICATION_URL)\n",
     "\n",
     "# The analyzer template is used to define the schema of the output\n",

docs/workshop/docs/workshop/Challenge-5/python/utility.py

@@ -5,7 +5,7 @@
 
 from openai import AzureOpenAI
 import tiktoken
-from azure.identity import DefaultAzureCredential, get_bearer_token_provider
+from azure.identity import ManagedIdentityCredential, get_bearer_token_provider
 from tenacity import retry, wait_random_exponential, stop_after_attempt
 from pydantic import BaseModel, Field
 
@@ -158,7 +158,7 @@ def __init__(
         if aoai_api_key is None or aoai_api_key == "":
             print("Using Entra ID/AAD to authenticate")
             token_provider = get_bearer_token_provider(
-                DefaultAzureCredential(), "https://cognitiveservices.azure.com/.default"
+                ManagedIdentityCredential(), "https://cognitiveservices.azure.com/.default"
             )
 
             self.client = AzureOpenAI(

docs/workshop/docs/workshop/Challenge-6/Content_safety_evaluation.ipynb

@@ -36,7 +36,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "from azure.identity import DefaultAzureCredential\n",
+    "from azure.identity import ManagedIdentityCredential\n",
     "\n",
     "azure_ai_project = {\n",
     "    \"subscription_id\": os.environ.get(\"AZURE_SUBSCRIPTION_ID\"),\n",
@@ -122,8 +122,8 @@
    "outputs": [],
    "source": [
     "from azure.ai.evaluation.simulator import AdversarialScenario\n",
-    "from azure.identity import DefaultAzureCredential\n",
-    "credential = DefaultAzureCredential()\n",
+    "from azure.identity import ManagedIdentityCredential\n",
+    "credential = ManagedIdentityCredential()\n",
     "\n",
     "scenario = AdversarialScenario.ADVERSARIAL_QA\n",
     "adversarial_simulator = AdversarialSimulator(azure_ai_project=azure_ai_project, credential=credential)\n",
@@ -150,7 +150,7 @@
     "from azure.ai.evaluation import ContentSafetyEvaluator\n",
     "import pandas as pd\n",
     "\n",
-    "credential = DefaultAzureCredential()\n",
+    "credential = ManagedIdentityCredential()\n",
     "# instantiate an evaluator with image and multi-modal support\n",
     "safety_evaluator = ContentSafetyEvaluator(credential=credential, azure_ai_project=azure_ai_project)\n",
     "\n",

infra/scripts/fabric_scripts/create_fabric_items.py

@@ -1,4 +1,4 @@
-from azure.identity import DefaultAzureCredential
+from azure.identity import ManagedIdentityCredential
 import base64
 import json
 import requests
@@ -9,7 +9,7 @@
 import time
 
 
-# credential = DefaultAzureCredential()
+# credential = ManagedIdentityCredential()
 from azure.identity import AzureCliCredential
 credential = AzureCliCredential()
 

infra/scripts/index_scripts/01_create_search_index.py

@@ -1,4 +1,4 @@
-from azure.identity import DefaultAzureCredential
+from azure.identity import ManagedIdentityCredential
 from azure.keyvault.secrets import SecretClient
 from azure.search.documents.indexes import SearchIndexClient
 from azure.search.documents.indexes.models import (
@@ -18,7 +18,6 @@
 
 # === Configuration ===
 KEY_VAULT_NAME = 'kv_to-be-replaced'
-MANAGED_IDENTITY_CLIENT_ID = 'mici_to-be-replaced'
 INDEX_NAME = "call_transcripts_index"
 
 
@@ -28,12 +27,12 @@ def get_secrets_from_kv(secret_name: str) -> str:
 
     Args:
         secret_name (str): Name of the secret.
-        credential (DefaultAzureCredential): Credential with access to Key Vault.
+        credential (ManagedIdentityCredential): Credential with access to Key Vault.
 
     Returns:
         str: The secret value.
     """
-    kv_credential = DefaultAzureCredential(managed_identity_client_id=MANAGED_IDENTITY_CLIENT_ID)
+    kv_credential = ManagedIdentityCredential()
     secret_client = SecretClient(
         vault_url=f"https://{KEY_VAULT_NAME}.vault.azure.net/",
         credential=kv_credential
@@ -49,7 +48,7 @@ def create_search_index():
     - Semantic search using prioritized fields
     """
     # Shared credential
-    credential = DefaultAzureCredential(managed_identity_client_id=MANAGED_IDENTITY_CLIENT_ID)
+    credential = ManagedIdentityCredential()
 
     # Retrieve secrets from Key Vault
     search_endpoint = get_secrets_from_kv("AZURE-SEARCH-ENDPOINT")

infra/scripts/index_scripts/02_create_cu_template_audio.py

@@ -1,15 +1,14 @@
 from pathlib import Path
 import sys
 
-from azure.identity import DefaultAzureCredential, get_bearer_token_provider
+from azure.identity import ManagedIdentityCredential, get_bearer_token_provider
 from azure.keyvault.secrets import SecretClient
 
 from content_understanding_client import AzureContentUnderstandingClient
 
 
 # === Configuration ===
 KEY_VAULT_NAME = 'kv_to-be-replaced'
-MANAGED_IDENTITY_CLIENT_ID = 'mici_to-be-replaced'
 AZURE_AI_API_VERSION = "2024-12-01-preview"
 ANALYZER_ID = "ckm-audio"
 ANALYZER_TEMPLATE_FILE = 'ckm-analyzer_config_audio.json'
@@ -27,7 +26,7 @@ def get_secrets_from_kv(secret_name: str, vault_name: str) -> str:
     Returns:
         str: The value of the secret.
     """
-    kv_credential = DefaultAzureCredential(managed_identity_client_id=MANAGED_IDENTITY_CLIENT_ID)
+    kv_credential = ManagedIdentityCredential()
     secret_client = SecretClient(
         vault_url=f"https://{vault_name}.vault.azure.net/",
         credential=kv_credential
@@ -39,7 +38,7 @@ def get_secrets_from_kv(secret_name: str, vault_name: str) -> str:
 # Fetch endpoint from Key Vault
 endpoint = get_secrets_from_kv("AZURE-OPENAI-CU-ENDPOINT", KEY_VAULT_NAME)
 
-credential = DefaultAzureCredential(managed_identity_client_id=MANAGED_IDENTITY_CLIENT_ID)
+credential = ManagedIdentityCredential()
 # Initialize Content Understanding Client
 token_provider = get_bearer_token_provider(credential, "https://cognitiveservices.azure.com/.default")
 client = AzureContentUnderstandingClient(

infra/scripts/index_scripts/02_create_cu_template_text.py

@@ -2,14 +2,13 @@
 import sys
 from pathlib import Path
 
-from azure.identity import DefaultAzureCredential, get_bearer_token_provider
+from azure.identity import ManagedIdentityCredential, get_bearer_token_provider
 from azure.keyvault.secrets import SecretClient
 from content_understanding_client import AzureContentUnderstandingClient
 
 
 # === Configuration ===
 KEY_VAULT_NAME = 'kv_to-be-replaced'
-MANAGED_IDENTITY_CLIENT_ID = 'mici_to-be-replaced'
 AZURE_AI_API_VERSION = "2024-12-01-preview"
 ANALYZER_ID = "ckm-json"
 ANALYZER_TEMPLATE_FILE = 'ckm-analyzer_config_text.json'
@@ -20,7 +19,7 @@ def get_secret(secret_name: str, vault_name: str) -> str:
     """
     Retrieve a secret value from Azure Key Vault.
     """
-    kv_credential = DefaultAzureCredential(managed_identity_client_id=MANAGED_IDENTITY_CLIENT_ID)
+    kv_credential = ManagedIdentityCredential()
     secret_client = SecretClient(vault_url=f"https://{vault_name}.vault.azure.net/", credential=kv_credential)
     return secret_client.get_secret(secret_name).value
 
@@ -30,7 +29,7 @@ def get_secret(secret_name: str, vault_name: str) -> str:
 # Get endpoint from Key Vault
 endpoint = get_secret("AZURE-OPENAI-CU-ENDPOINT", KEY_VAULT_NAME)
 
-credential = DefaultAzureCredential(managed_identity_client_id=MANAGED_IDENTITY_CLIENT_ID)
+credential = ManagedIdentityCredential()
 # Initialize Content Understanding Client
 token_provider = get_bearer_token_provider(credential, "https://cognitiveservices.azure.com/.default")
 client = AzureContentUnderstandingClient(

infra/scripts/index_scripts/03_cu_process_data_text.py

@@ -5,7 +5,7 @@
 import pyodbc
 import pandas as pd
 from datetime import datetime, timedelta
-from azure.identity import DefaultAzureCredential, get_bearer_token_provider
+from azure.identity import ManagedIdentityCredential, get_bearer_token_provider
 from azure.keyvault.secrets import SecretClient
 from azure.search.documents import SearchClient
 from azure.search.documents.indexes import SearchIndexClient
@@ -15,14 +15,13 @@
 
 # Constants and configuration
 KEY_VAULT_NAME = 'kv_to-be-replaced'
-MANAGED_IDENTITY_CLIENT_ID = 'mici_to-be-replaced'
 FILE_SYSTEM_CLIENT_NAME = "data"
 DIRECTORY = 'call_transcripts'
 AUDIO_DIRECTORY = 'audiodata'
 INDEX_NAME = "call_transcripts_index"
 
 def get_secrets_from_kv(kv_name, secret_name):
-    kv_credential = DefaultAzureCredential(managed_identity_client_id=MANAGED_IDENTITY_CLIENT_ID)
+    kv_credential = ()
     secret_client = SecretClient(vault_url=f"https://{kv_name}.vault.azure.net/", credential=kv_credential)
     return secret_client.get_secret(secret_name).value
 
@@ -40,15 +39,15 @@ def get_secrets_from_kv(kv_name, secret_name):
 
 # Azure DataLake setup
 account_url = f"https://{account_name}.dfs.core.windows.net"
-credential = DefaultAzureCredential(managed_identity_client_id=MANAGED_IDENTITY_CLIENT_ID)
+credential = ManagedIdentityCredential()
 service_client = DataLakeServiceClient(account_url, credential=credential, api_version='2023-01-03')
 file_system_client = service_client.get_file_system_client(FILE_SYSTEM_CLIENT_NAME)
 directory_name = DIRECTORY
 paths = list(file_system_client.get_paths(path=directory_name))
 print("Azure DataLake setup complete.")
 
 # Azure Search setup
-search_credential = DefaultAzureCredential(managed_identity_client_id=MANAGED_IDENTITY_CLIENT_ID)
+search_credential = ManagedIdentityCredential()
 search_client = SearchClient(search_endpoint, INDEX_NAME, search_credential)
 index_client = SearchIndexClient(endpoint=search_endpoint, credential=search_credential)
 print("Azure Search setup complete.")
@@ -65,7 +64,7 @@ def get_secrets_from_kv(kv_name, secret_name):
 
 
 # Content Understanding client
-cu_credential = DefaultAzureCredential(managed_identity_client_id=MANAGED_IDENTITY_CLIENT_ID)
+cu_credential = ManagedIdentityCredential()
 cu_token_provider = get_bearer_token_provider(cu_credential, "https://cognitiveservices.azure.com/.default")
 cu_client = AzureContentUnderstandingClient(
     endpoint=azure_ai_endpoint,
@@ -79,7 +78,7 @@ def get_secrets_from_kv(kv_name, secret_name):
 def get_embeddings(text: str, openai_api_base, openai_api_version):
     model_id = "text-embedding-ada-002"
     token_provider = get_bearer_token_provider(
-        DefaultAzureCredential(managed_identity_client_id=MANAGED_IDENTITY_CLIENT_ID),
+        ManagedIdentityCredential(),
         "https://cognitiveservices.azure.com/.default"
     )
     client = AzureOpenAI(
@@ -290,7 +289,7 @@ def call_gpt4(topics_str1, client):
     return json.loads(res.replace("```json", '').replace("```", ''))
 
 token_provider = get_bearer_token_provider(
-    DefaultAzureCredential(managed_identity_client_id=MANAGED_IDENTITY_CLIENT_ID),
+    ManagedIdentityCredential(),
     "https://cognitiveservices.azure.com/.default"
 )
 openai_client = AzureOpenAI(