Merge branch 'main' into dev

Harsh-Microsoft · Harsh-Microsoft · commit 7549ab3c34b9 · 2025-06-06T10:17:55.000+05:30
diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ This example focuses on a generic use case - chat with your own data, generate a
 
 <div align="center">
   
-[**SOLUTION OVERVIEW**](#solution-overview)  \| [**QUICK DEPLOY**](#quick-deploy)  \| [**BUSINESS USE CASE**](#business-use-case)  \| [**SUPPORTING DOCUMENTATION**](#supporting-documentation)
+[**SOLUTION OVERVIEW**](#solution-overview)  \| [**QUICK DEPLOY**](#quick-deploy)  \| [**BUSINESS SCENARIO**](#business-scenario)  \| [**SUPPORTING DOCUMENTATION**](#supporting-documentation)
 
 </div>
 <br/>
@@ -19,7 +19,7 @@ Solution overview
 
 It leverages Azure OpenAI Service and Azure AI Search, to identify relevant documents, summarize unstructured information, and generate document templates. 
 
-The sample data is sourced from generic AI-generated promissory notes.The documents are intended for use as sample data only.
+The sample data is sourced from generic AI-generated promissory notes. The documents are intended for use as sample data only.
 
 ### Solution architecture
 |![image](./docs/images/DocGen_Azure_AI_Foundry_Architecture.png)|
@@ -50,7 +50,7 @@ The sample data is sourced from generic AI-generated promissory notes.The docume
   Azure OpenAI Service and GPT models to help summarize the search content and answer questions.​
 
   - **Content generation** <br/>
-  Azure OpenAI Service and GPT models tohelp generate relevant content with Prompt Flow.​
+  Azure OpenAI Service and GPT models to help generate relevant content with Prompt Flow.​
      
 </details>
 
@@ -114,7 +114,7 @@ either by deleting the resource group in the Portal or running `azd down`.
 
 <br /><br />
 <h2><img src="./docs/images/readme/business-scenario.png" width="48" />
-Business use case
+Business Scenario
 </h2>
 
 
@@ -136,7 +136,7 @@ Put your data to work by reducing blank page anxiety, speeding up document draft
   Put your data to work to create any kind of document that is supported by a large data library.
 
   - **Share** <br/>
-  Share with coauthors, contributors and approvers quickly. 
+  Share with co-authors, contributors and approvers quickly. 
 
   - **Contextualize information** <br/>
   Provide context using natural language. Primary and secondary queries allow for access to supplemental detail – reducing cognitive load, increasing efficiency, and enabling focus on higher value work.
@@ -166,7 +166,7 @@ To ensure continued best practices in your own repository, we recommend that any
 
 You may want to consider additional security measures, such as:
 
-* Enabling Microsoft Defender for Cloud to [secure your Azure resources](https://learn.microsoft.com/azure/security-center/defender-for-cloud).
+* Enabling Microsoft Defender for Cloud to [secure your Azure resources](https://learn.microsoft.com/azure/defender-for-cloud).
 * Protecting the Azure Container Apps instance with a [firewall](https://learn.microsoft.com/azure/container-apps/waf-app-gateway) and/or [Virtual Network](https://learn.microsoft.com/azure/container-apps/networking?tabs=workload-profiles-env%2Cazure-cli).
 
 <br/>
@@ -191,7 +191,7 @@ Have questions, find a bug, or want to request a feature? [Submit a new issue](h
 <br/>
 
 ## Responsible AI Transparency FAQ 
-Please refer to [Transparency FAQ](./TRANSPARENCY_FAQ.md) for responsible AI transparency details of this solution accelerator.
+Please refer to [Transparency FAQ](./docs/TRANSPARENCY_FAQ.md) for responsible AI transparency details of this solution accelerator.
 
 <br/>
 
@@ -215,6 +215,6 @@ You must also comply with all domestic and international export laws and regulat
 
 You acknowledge that the Software and Microsoft Products and Services (1) are not designed, intended or made available as a medical device(s), and (2) are not designed or intended to be a substitute for professional medical advice, diagnosis, treatment, or judgment and should not be used to replace or as a substitute for professional medical advice, diagnosis, treatment, or judgment. Customer is solely responsible for displaying and/or obtaining appropriate consents, warnings, disclaimers, and acknowledgements to end users of Customer’s implementation of the Online Services.
 
-You acknowledge the Software is not subject to SOC 1 and SOC 2 compliance audits. No Microsoft technology, nor any of its component technologies, including the Software, is intended or made available as a substitute for the professional advice, opinion, or judgement of a certified financial services professional. Do not use the Software to replace, substitute, or provide professional financial advice or judgment.
+You acknowledge the Software is not subject to SOC 1 and SOC 2 compliance audits. No Microsoft technology, nor any of its component technologies, including the Software, is intended or made available as a substitute for the professional advice, opinion, or judgment of a certified financial services professional. Do not use the Software to replace, substitute, or provide professional financial advice or judgment.
 
-BY ACCESSING OR USING THE SOFTWARE, YOU ACKNOWLEDGE THAT THE SOFTWARE IS NOT DESIGNED OR INTENDED TO SUPPORT ANY USE IN WHICH A SERVICE INTERRUPTION, DEFECT, ERROR, OR OTHER FAILURE OF THE SOFTWARE COULD RESULT IN THE DEATH OR SERIOUS BODILY INJURY OF ANY PERSON OR IN PHYSICAL OR ENVIRONMENTAL DAMAGE (COLLECTIVELY, “HIGH-RISK USE”), AND THAT YOU WILL ENSURE THAT, IN THE EVENT OF ANY INTERRUPTION, DEFECT, ERROR, OR OTHER FAILURE OF THE SOFTWARE, THE SAFETY OF PEOPLE, PROPERTY, AND THE ENVIRONMENT ARE NOT REDUCED BELOW A LEVEL THAT IS REASONABLY, APPROPRIATE, AND LEGAL, WHETHER IN GENERAL OR IN A SPECIFIC INDUSTRY. BY ACCESSING THE SOFTWARE, YOU FURTHER ACKNOWLEDGE THAT YOUR HIGH-RISK USE OF THE SOFTWARE IS AT YOUR OWN RISK.  
+BY ACCESSING OR USING THE SOFTWARE, YOU ACKNOWLEDGE THAT THE SOFTWARE IS NOT DESIGNED OR INTENDED TO SUPPORT ANY USE IN WHICH A SERVICE INTERRUPTION, DEFECT, ERROR, OR OTHER FAILURE OF THE SOFTWARE COULD RESULT IN THE DEATH OR SERIOUS BODILY INJURY OF ANY PERSON OR IN PHYSICAL OR ENVIRONMENTAL DAMAGE (COLLECTIVELY, “HIGH-RISK USE”), AND THAT YOU WILL ENSURE THAT, IN THE EVENT OF ANY INTERRUPTION, DEFECT, ERROR, OR OTHER FAILURE OF THE SOFTWARE, THE SAFETY OF PEOPLE, PROPERTY, AND THE ENVIRONMENT ARE NOT REDUCED BELOW A LEVEL THAT IS REASONABLY, APPROPRIATE, AND LEGAL, WHETHER IN GENERAL OR IN A SPECIFIC INDUSTRY. BY ACCESSING THE SOFTWARE, YOU FURTHER ACKNOWLEDGE THAT YOUR HIGH-RISK USE OF THE SOFTWARE IS AT YOUR OWN RISK.  
diff --git a/docs/AppAuthentication.md b/docs/AppAuthentication.md
@@ -1,53 +1,32 @@
-## Add Authentication in Azure App Service configuration
+# Set Up Authentication in Azure App Service
+
+This document provides step-by-step instructions to configure Azure App Registrations for a front-end application.
+
+## Prerequisites
+
+- Access to **Microsoft Entra ID**
+- Necessary permissions to create and manage **App Registrations**
+  
+## Step 1: Add Authentication in Azure App Service configuration
 1. Click on `Authentication` from left menu.
 
   ![Authentication](images/AppAuthentication.png)
 
-2. Click on `+ Add Provider` to see a list of identity providers.
+2. Click on `+ Add identity provider` to see a list of identity providers.
 
   ![Authentication Identity](images/AppAuthenticationIdentity.png)
 
-3. Click on `+ Add Provider` to see a list of identity providers.
+3. Click on `Identity Provider` dropdown to see a list of identity providers.
 
   ![Add Provider](images/AppAuthIdentityProvider.png)
 
-4. Select the first option `Microsoft Entra Id` from the drop-down list.
+4. Select the first option `Microsoft Entra Id` from the drop-down list and select `client secret expiration` under App registration.
+> NOTE: If `Create new app registration` is disabled, then go to [Create new app registration](/docs/create_new_app_registration.md) and come back to this step to complete the app authentication.
  
  ![Add Provider](images/AppAuthIdentityProviderAdd.png)
 
 5. Accept the default values and click on `Add` button to go back to the previous page with the identity provider added.
 
  ![Add Provider](images/AppAuthIdentityProviderAdded.png)
 
- ### Creating a new App Registration
-1. Click on `Home` and select `Microsoft Entra ID`.
-
-![Microsoft Entra ID](images/MicrosoftEntraID.png)
-
-2. Click on `App registrations`.
-
-![App registrations](images/Appregistrations.png)
-
-3. Click on `+ New registration`.
-
-![New Registrations](images/NewRegistration.png)
-
-4. Provide the `Name`, select supported account types as `Accounts in this organizational directory only(Contoso only - Single tenant)`, select platform as `Web`, enter/select the `URL` and register.
-
-![Add Details](images/AddDetails.png)
-
-5. After application is created sucessfully, then click on `Add a Redirect URL`.
-
-![Redirect URL](images/AddRedirectURL.png)
-
-6. Click on `+ Add a platform`.
-
-![+ Add platform](images/AddPlatform.png)
-
-7. Click on `Web`.
-
-![Web](images/Web.png)
-
-8. Enter the `web app URL` (Provide the app service name in place of XXXX) and Save. Then go back to [Step 4] and follow from _Point 4_ choose `Pick an existing app registration in this directory` from the Add an Identity Provider page and provide the newly registered App Name.
-
-![Add Details](images/WebAppURL.png)
+6. You have successfully added app authentication, and now required to log in to access the application.
diff --git a/docs/AzureSemanticSearchRegion.md b/docs/AzureSemanticSearchRegion.md
@@ -2,6 +2,6 @@
 
 Steps to Check Semantic Search Availability
 1. Open the [Semantic Search Availability](https://learn.microsoft.com/en-us/azure/search/search-region-support) page.
-2. Scroll down to the **"Availability by Region"** section.
-3. Use the table to find supported regions for **Azure AI Search** and its **Semantic Search** feature.
-4. If your target region is not listed, choose a supported region for deployment.
+2. Scroll down to the **"Azure Public regions"** section.
+3. Use the table to find supported regions for **Azure AI Search** and its **Semantic ranker** feature.
+4. If your target region is not listed, choose a supported region for deployment.
diff --git a/docs/DeploymentGuide.md b/docs/DeploymentGuide.md
@@ -166,7 +166,7 @@ Once you've opened the project in [Codespaces](#github-codespaces), [Dev Contain
     ```
     If you don't have azd env then you need to pass parameters along with the command. Then the command will look like the following:
     ```shell 
-    bash ./infra/scripts/process_sample_data.sh <Storage-Account-name> <Storgae-Account-container-name> <Key-Vault-name> <CosmosDB-Account-name> <Resource-Group-name>
+    bash ./infra/scripts/process_sample_data.sh <Storage-Account-name> <Storage-Account-container-name> <Key-Vault-name> <CosmosDB-Account-name> <Resource-Group-name>
     ```
 
 6. Open the [Azure Portal](https://portal.azure.com/), go to the deployed resource group, find the App Service and get the app URL from `Default domain`.
diff --git a/docs/create_new_app_registration.md b/docs/create_new_app_registration.md
@@ -0,0 +1,35 @@
+# Creating a new App Registration
+
+1. Click on `Home` and select `Microsoft Entra ID`.
+
+![Microsoft Entra ID](images/MicrosoftEntraID.png)
+
+2. Click on `App registrations`.
+
+![App registrations](images/Appregistrations.png)
+
+3. Click on `+ New registration`.
+
+![New Registrations](images/NewRegistration.png)
+
+4. Provide the `Name`, select supported account types as `Accounts in this organizational directory only(Contoso only - Single tenant)`, select platform as `Web`, enter/select the `URL` and register.
+
+![Add Details](images/AddDetails.png)
+
+5. After application is created successfully, then click on `Add a Redirect URL`.
+
+![Redirect URL](images/AddRedirectURL.png)
+
+6. Click on `+ Add a platform`.
+
+![+ Add platform](images/AddPlatform.png)
+
+7. Click on `Web`.
+
+![Web](images/Web.png)
+
+8. Enter the `web app URL` (Provide the app service name in place of XXXX) and Save. Then go back to [Set Up Authentication in Azure App Service](/docs/AppAuthentication.md) Step 1 page and follow from _Point 4_ choose `Pick an existing app registration in this directory` from the Add an Identity Provider page and provide the newly registered App Name.
+
+E.g. <<https://<< appservicename >>.azurewebsites.net/.auth/login/aad/callback>>
+
+![Add Details](images/WebAppURL.png)
diff --git a/infra/deploy_ai_foundry.bicep b/infra/deploy_ai_foundry.bicep
@@ -32,6 +32,7 @@ var aiSearchName = '${abbrs.ai.aiSearch}${solutionName}'
 var workspaceName = '${abbrs.managementGovernance.logAnalyticsWorkspace}${solutionName}'
 
 var useExisting = !empty(existingLogAnalyticsWorkspaceId)
+var existingLawSubscription = useExisting ? split(existingLogAnalyticsWorkspaceId, '/')[2] : ''
 var existingLawResourceGroup = useExisting ? split(existingLogAnalyticsWorkspaceId, '/')[4] : ''
 var existingLawName = useExisting ? split(existingLogAnalyticsWorkspaceId, '/')[8] : ''
 
@@ -66,7 +67,7 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
 
 resource existingLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' existing = if (useExisting) {
   name: existingLawName
-  scope: resourceGroup(existingLawResourceGroup)
+  scope: resourceGroup(existingLawSubscription, existingLawResourceGroup)
 }
 
 resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2023-09-01' = if (!useExisting) {
