Skip to content

docs: Readme updates26367 #626

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: dev-v3
Choose a base branch
from
Open

docs: Readme updates26367 #626

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
13fc800
Refactor code structure for improved readability and maintainability
Kingshuk-Microsoft Nov 13, 2025
b7c426f
Update Deployment Guide: Clarify VS Code Dev Containers section and a…
Kingshuk-Microsoft Nov 14, 2025
16b4fca
docs: Refactored the deployment guide
Prajwal-Microsoft Nov 18, 2025
62bd519
docs: Updated links & reordered steps
Prajwal-Microsoft Nov 18, 2025
926b02a
docs: Added failure related instructions
Prajwal-Microsoft Nov 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
178 changes: 106 additions & 72 deletions docs/DeploymentGuide.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@

To deploy this solution accelerator, ensure you have access to an [Azure subscription](https://azure.microsoft.com/free/) with the necessary permissions to create **resource groups, resources, app registrations, and assign roles at the resource group level**. This should include Contributor role at the subscription level and Role Based Access Control role on the subscription and/or resource group level. Follow the steps in [Azure Account Set Up](../docs/AzureAccountSetUp.md).

> **Note:** When you deploy this solution, you will automatically be granted access to interact with the Cosmos DB database that stores your application data. Specifically, you'll have permissions to:
> - Read database information and settings
> - Create, modify, and delete data storage containers (think of these as folders for organizing your data)
> - Add, view, update, and remove individual data records within those containers

Check the [Azure Products by Region](https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=all&regions=all) page and select a **region** where the following services are available:

- [Azure AI Foundry](https://learn.microsoft.com/en-us/azure/ai-foundry/)
Expand Down Expand Up @@ -53,62 +58,6 @@ Upgrade commands by OS:

## Deployment Options & Steps

### Sandbox or WAF Aligned Deployment Options

The [`infra`](../infra) folder of the Multi Agent Solution Accelerator contains the [`main.bicep`](../infra/main.bicep) Bicep script, which defines all Azure infrastructure components for this solution.

By default, the `azd up` command uses the [`main.parameters.json`](../infra/main.parameters.json) file to deploy the solution. This file is pre-configured for a **sandbox environment** — ideal for development and proof-of-concept scenarios, with minimal security and cost controls for rapid iteration.

For **production deployments**, the repository also provides [`main.waf.parameters.json`](../infra/main.waf.parameters.json), which applies a [Well-Architected Framework (WAF) aligned](https://learn.microsoft.com/en-us/azure/well-architected/) configuration. This option enables additional Azure best practices for reliability, security, cost optimization, operational excellence, and performance efficiency, such as:

**Prerequisite** — Enable the Microsoft.Compute/EncryptionAtHost feature for every subscription (and region, if required) where you plan to deploy VMs or VM scale sets with `encryptionAtHost: true`. Repeat the registration steps below for each target subscription (and for each region when applicable). This step is required for **WAF-aligned** (production) deployments.

Steps to enable the feature:
1. Set the target subscription:
Run: <code>az account set --subscription "&lt;YourSubscriptionId&gt;"</code>
2. Register the feature (one time per subscription):
Run: <code>az feature register --name EncryptionAtHost --namespace Microsoft.Compute</code>
3. Wait until registration completes and shows "Registered":
Run: <code>az feature show --name EncryptionAtHost --namespace Microsoft.Compute --query properties.state -o tsv</code>
4. Refresh the provider (if required):
Run: <code>az provider register --namespace Microsoft.Compute</code>
5. Re-run the deployment after registration is complete.

Note: Feature registration can take several minutes. Ensure the feature is registered before attempting deployments that require encryptionAtHost.

Reference: Azure Host Encryption — https://learn.microsoft.com/azure/virtual-machines/disks-enable-host-based-encryption-portal?tabs=azure-cli

- Enhanced network security (e.g., Network protection with private endpoints)
- Stricter access controls and managed identities
- Logging, monitoring, and diagnostics enabled by default
- Resource tagging and cost management recommendations

**How to choose your deployment configuration:**

* Use the default `main.parameters.json` file for a **sandbox/dev environment**
* For a **WAF-aligned, production-ready deployment**, copy the contents of `main.waf.parameters.json` into `main.parameters.json` before running `azd up`

---

### VM Credentials Configuration

By default, the solution sets the VM administrator username and password from environment variables.
If you do not configure these values, a randomly generated GUID will be used for both the username and password.

To set your own VM credentials before deployment, use:

```sh
azd env set AZURE_ENV_VM_ADMIN_USERNAME <your-username>
azd env set AZURE_ENV_VM_ADMIN_PASSWORD <your-password>
```

> [!TIP]
> Always review and adjust parameter values (such as region, capacity, security settings and log analytics workspace configuration) to match your organization’s requirements before deploying. For production, ensure you have sufficient quota and follow the principle of least privilege for all identities and role assignments.


> [!IMPORTANT]
> The WAF-aligned configuration is under active development. More Azure Well-Architected recommendations will be added in future updates.

### Deployment Steps

Pick from the options below to see step-by-step instructions for GitHub Codespaces, VS Code Dev Containers, Local Environments, and Bicep deployments.
Expand All @@ -129,12 +78,12 @@ You can run this solution using GitHub Codespaces. The button will open a web-ba

2. Accept the default values on the create Codespaces page.
3. Open a terminal window if it is not already open.
4. Continue with the [deploying steps](#deploying-with-azd).
4. Continue with the [deployment options](#deployment-options).

</details>

<details>
<summary><b>Deploy in VS Code</b></summary>
<summary><b>Deploy in VS Code Dev Containers</b></summary>

### VS Code Dev Containers

Expand All @@ -146,7 +95,7 @@ You can run this solution in VS Code Dev Containers, which will open the project
[![Open in Dev Containers](https://img.shields.io/static/v1?style=for-the-badge&label=Dev%20Containers&message=Open&color=blue&logo=visualstudiocode)](https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator)

3. In the VS Code window that opens, once the project files show up (this may take several minutes), open a terminal window.
4. Continue with the [deploying steps](#deploying-with-azd).
4. Continue with the [deployment options](#deployment-options).

</details>

Expand All @@ -171,12 +120,69 @@ If you're not using one of the above options for opening the project, then you'l
azd init -t microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator/
```

> **⚠️ Warning:** The `azd init` command will download and initialize the project template. If you run this command in a directory that already contains project files, it may override your existing changes. Only run this command once when setting up the project for the first time. If you need to update an existing project, consider using `git pull` or manually downloading updates instead.

3. Open the project folder in your terminal or editor.
4. Continue with the [deploying steps](#deploying-with-azd).
4. Continue with the [deployment options](#deployment-options).

</details>

<br/>
### Deployment Options

The [`infra`](../infra) folder of the Multi Agent Solution Accelerator contains the [`main.bicep`](../infra/main.bicep) Bicep script, which defines all Azure infrastructure components for this solution.

By default, the `azd up` command uses the [`main.parameters.json`](../infra/main.parameters.json) file to deploy the solution. This file is pre-configured for a **sandbox environment** — ideal for development and proof-of-concept scenarios, with minimal security and cost controls for rapid iteration.

For **production deployments**, the repository also provides [`main.waf.parameters.json`](../infra/main.waf.parameters.json), which applies a [Well-Architected Framework (WAF) aligned](https://learn.microsoft.com/en-us/azure/well-architected/) configuration. This option enables additional Azure best practices for reliability, security, cost optimization, operational excellence, and performance efficiency, such as:

**Prerequisite** — Enable the Microsoft.Compute/EncryptionAtHost feature for every subscription (and region, if required) where you plan to deploy VMs or VM scale sets with `encryptionAtHost: true`. Repeat the registration steps below for each target subscription (and for each region when applicable). This step is required for **WAF-aligned** (production) deployments.

Steps to enable the feature:
1. Set the target subscription:
Run: <code>az account set --subscription "&lt;YourSubscriptionId&gt;"</code>
2. Register the feature (one time per subscription):
Run: <code>az feature register --name EncryptionAtHost --namespace Microsoft.Compute</code>
3. Wait until registration completes and shows "Registered":
Run: <code>az feature show --name EncryptionAtHost --namespace Microsoft.Compute --query properties.state -o tsv</code>
4. Refresh the provider (if required):
Run: <code>az provider register --namespace Microsoft.Compute</code>
5. Re-run the deployment after registration is complete.

Note: Feature registration can take several minutes. Ensure the feature is registered before attempting deployments that require encryptionAtHost.

Reference: Azure Host Encryption — https://learn.microsoft.com/azure/virtual-machines/disks-enable-host-based-encryption-portal?tabs=azure-cli

- Enhanced network security (e.g., Network protection with private endpoints)
- Stricter access controls and managed identities
- Logging, monitoring, and diagnostics enabled by default
- Resource tagging and cost management recommendations

**How to choose your deployment configuration:**

* Use the default `main.parameters.json` file for a **sandbox/dev environment**
* For a **WAF-aligned, production-ready deployment**, copy the contents of `main.waf.parameters.json` into `main.parameters.json` before running `azd up`

---

### VM Credentials Configuration

By default, the solution sets the VM administrator username and password from environment variables.
If you do not configure these values, a randomly generated GUID will be used for both the username and password.

To set your own VM credentials before deployment, use:

```sh
azd env set AZURE_ENV_VM_ADMIN_USERNAME <your-username>
azd env set AZURE_ENV_VM_ADMIN_PASSWORD <your-password>
```

> [!TIP]
> Always review and adjust parameter values (such as region, capacity, security settings and log analytics workspace configuration) to match your organization’s requirements before deploying. For production, ensure you have sufficient quota and follow the principle of least privilege for all identities and role assignments.


> [!IMPORTANT]
> The WAF-aligned configuration is under active development. More Azure Well-Architected recommendations will be added in future updates.


Consider the following settings during your deployment to modify specific settings:

Expand Down Expand Up @@ -219,6 +225,27 @@ To adjust quota settings, follow these [steps](./AzureGPTQuotaSettings.md).

Once you've opened the project in [Codespaces](#github-codespaces), [Dev Containers](#vs-code-dev-containers), or [locally](#local-environment), you can deploy it to Azure by following these steps:

#### Important: Environment Management for Redeployments

> **⚠️ Critical:** If you're redeploying or have deployed this solution before, you **must** create a fresh environment to avoid conflicts and deployment failures.

**Choose one of the following before deployment:**

**Option A: Create a completely new environment (Recommended)**
```shell
azd env new <new-environment-name>
```

**Option B: Reinitialize in a new directory**
```shell
# Navigate to a new directory
cd ../my-new-deployment
azd init -t microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator/
```

> **💡 Why is this needed?** Azure resources maintain state information tied to your environment. Reusing an old environment can cause naming conflicts, permission issues, and deployment failures.

#### Deployment the solution
1. Login to Azure:

```shell
Expand All @@ -243,8 +270,9 @@ Once you've opened the project in [Codespaces](#github-codespaces), [Dev Contain

- This deployment will take _4-6 minutes_ to provision the resources in your account and set up the solution with sample data.
- If you encounter an error or timeout during deployment, changing the location may help, as there could be availability constraints for the resources.
- **Upon successful completion**, you will see a success message indicating that all resources have been deployed, along with the application URL and next steps for uploading team configurations and sample data.

5. After deployment completes, you can upload Team Configurations using command printed in the terminal. The command will look like one of the following. Run the appropriate command for your shell from the project root:
5. Upload Team Configurations using command printed in the terminal. The command will look like one of the following. Run the appropriate command for your shell from the project root:

- **For Bash (Linux/macOS/WSL):**
```bash
Expand All @@ -256,7 +284,7 @@ Once you've opened the project in [Codespaces](#github-codespaces), [Dev Contain
infra\scripts\Upload-Team-Config.ps1
```

6. After deployment completes, you can index Sample Data into Search Service using command printed in the terminal. The command will look like one of the following. Run the appropriate command for your shell from the project root:
6. Index Sample Data into Search Service using command printed in the terminal. The command will look like one of the following. Run the appropriate command for your shell from the project root:

- **For Bash (Linux/macOS/WSL):**
```bash
Expand All @@ -268,7 +296,7 @@ Once you've opened the project in [Codespaces](#github-codespaces), [Dev Contain
infra\scripts\Process-Sample-Data.ps1
```

7. To upload team configurations and index sample data in one step. Run the appropriate command for your shell from the project root:
7. **[Alternative]** To upload team configurations and index sample data in one step, run the appropriate command for your shell from the project root:

- **For Bash (Linux/macOS/WSL):**
```bash
Expand All @@ -280,15 +308,25 @@ Once you've opened the project in [Codespaces](#github-codespaces), [Dev Contain
infra\scripts\Team-Config-And-Data.ps1
```

8. Once the deployment has completed successfully, open the [Azure Portal](https://portal.azure.com/), go to the deployed resource group, find the App Service, and get the app URL from `Default domain`.

9. When Deployment is complete, follow steps in [Set Up Authentication in Azure App Service](../docs/azure_app_service_auth_setup.md) to add app authentication to your web app running on Azure App Service
8. **[Optional]** Set up authentication for your web application by following the steps in [Set Up Authentication in Azure App Service](../docs/azure_app_service_auth_setup.md).

10. If you are done trying out the application, you can delete the resources by running `azd down`.
9. **Access your application:** Open the [Azure Portal](https://portal.azure.com/), go to your resource group, find the App Service that runs the frontend application, and get the application URL from the **Default domain** field.

### 🛠️ Troubleshooting
If you encounter any issues during the deployment process, please refer [troubleshooting](../docs/TroubleShootingSteps.md) document for detailed steps and solutions.

## Next Steps
Now that you've completed your deployment, you can start using the solution.

To help you get started, here are some [Sample Questions](./SampleQuestions.md) you can follow to try it out.

## Clean Up Resources
If you are done trying out the application, you can delete all resources by running:

```shell
azd down
```

# Local setup

> **Note for macOS Developers**: If you are using macOS on Apple Silicon (ARM64) the DevContainer will **not** work. This is due to a limitation with the Azure Functions Core Tools (see [here](https://github.com/Azure/azure-functions-core-tools/issues/3112)).
Expand Down Expand Up @@ -496,7 +534,3 @@ To debug the python server in the frontend directory (frontend_server.py) and re
"jinja": true
}
```
## Next Steps
Now that you've completed your deployment, you can start using the solution.

To help you get started, here are some [Sample Questions](./SampleQuestions.md) you can follow to try it out.
Binary file added docs/images/macae-non-waf.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/images/macae-post-deployment.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/images/macae-waf.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading