MENU: FEATURES | QUICK DEPLOY | GETTING STARTED | DEVELOPMENT | DEPLOYMENT | TRACING AND MONITORING | DEVELOPMENT OPTIONS | GUIDANCE | TROUBLESHOOTING
This solution deploys a web-based chat application with an AI agent running in Azure Container Apps. The agent leverages the Azure AI Agent service and utilizes Azure AI Search for knowledge retrieval from uploaded files, enabling it to generate responses with citations. The solution also includes built-in monitoring capabilities with tracing to ensure easier troubleshooting and optimized performance.
This solution creates an Azure AI Foundry hub, project and connected resources including Azure AI Services, AI Search and more. For more details about the resources that are created, view the resources documentation. There are options to enable Retrieval-Augmented Generation (RAG) and use logging, tracing, and monitoring.
Instructions are provided for deployment through GitHub Codespaces, VS Code Dev Containers, and your local development environment.
 |
 |
|---|
Github Codespaces and Dev Containers both allow you to download and deploy the code for development. Deploy to Azure will create the resources for later deployment. Detailed instructions for options to deploy this solution can be found in deployment.
If you do not have an Azure Subscription, you can sign up for a free Azure account and create an Azure Subscription.
To deploy this Azure environment successfully, your Azure account (the account you authenticate with) must have the following permissions and prerequisites on the targeted Azure Subscription:
- Microsoft.Authorization/roleAssignments/write permissions at the subscription scope.
(typically included if you have Role Based Access Control Administrator, User Access Administrator, or Owner role) - Microsoft.Resources/deployments/write permissions at the subscription scope.
You can view the permissions for your account and subscription by going to Azure portal, clicking 'Subscriptions' under 'Navigation' and then choosing your subscription from the list. If you try to search for your subscription and it does not come up, make sure no filters are selected. After selecting your subscription, select 'Access control (IAM)' and you can see the roles that are assigned to your account for this subscription. If you want to see more information about the roles, you can go to the 'Role assignments' tab and search by your account name and then click the role you want to view more information about.
Make sure the following tools are installed:
- Azure Developer CLI (azd) Install or update to the latest version. Instructions can be found on the linked page.
- Python 3.9+
- Git
- Docker Desktop
Download the project code:
git clone https://github.com/jakeatmsft/fsi-azure-ai-agents-deploy.gitAt this point you could make changes to the code if required. However, no changes are needed to deploy and test the app as shown in the next step.
When you start a deployment, most parameters will have default values. You can change the following default settings:
| Setting | Description | Default value |
|---|---|---|
| Azure Region | Select a region with quota which supports your selected model. | |
| Model | Choose from the list of models supported by Azure AI Agent Service for your selected region | gpt-4o-mini |
| Model Format | Choose from OpenAI or Microsoft, depending on your model | OpenAI |
| Model Deployment Capacity | Configure capacity for your model. Recommended value is 100k. | 50k |
| Embedding Model | Choose from text-embedding-3-large, text-embedding-3-small, and text-embedding-ada-002. | text-embedding-3-small |
| Embedding Model Capacity | Configure capacity for your embedding model. | 50k |
| Knowledge Retrieval | Choose from OpenAI's file search or including Azure AI Search Index. | OpenAI's file search |
For a detailed description of customizable fields and instructions, view the deployment customization guide.
By default, the template uses model gpt-4o-mini, version 2024-07-18 for text generation and text-embedding-3-small version 1 for embeddings. If you want to personalize your agent, you can change the default configuration for your agent. Additional details on changing your agent can be found in customizing model deployments. For more information on the Azure OpenAI models and non-Microsoft models that can be used in your deployment, view the list of models supported by Azure AI Agent Service.
To specify the model (e.g. gpt-4o-mini, gpt-4o) that is deployed for the agent when azd up is called, set the following environment variables:
azd env set AZURE_AI_AGENT_MODEL_NAME <MODEL_NAME>
azd env set AZURE_AI_AGENT_MODEL_VERSION <MODEL_VERSION>By default, the template deploys OpenAI's file search for agent's knowledge retrieval. An agent also can perform search using the search index, deployed in Azure AI Search resource. The semantic index search represents so-called hybrid search i.e. it uses LLM to search for the relevant context in the provided index as well as embedding similarity search. This index is built from the embeddings.csv file, containing the embeddings vectors, followed by the contexts.
To use index search, please set the local environment variable USE_AZURE_AI_SEARCH_SERVICE to true during the azd up command. In this case the Azure AI Search resource will be deployed and used.
If you want to enable logging to a file, uncomment the following line in Dockerfile located in the src directory:
ENV APP_LOG_FILE=app.log
By default the file name app.log is used. You can provide your own file name by replacing app.log with the desired log file name.
NOTE! Any changes to the Dockerfile require a re-deployment in order for the changes to take effect.
The provided file logging implementation is intended for development purposes only, specifically for testing with a single client/worker. It should not be used in production environments after the R&D phase.
To enable tracing to Azure Monitor, modify the value of ENABLE_AZURE_MONITOR_TRACING environment variable to true in Dockerfile found in src directory:
ENV ENABLE_AZURE_MONITOR_TRACING=true
Note that the optional App Insights resource is required for tracing to Azure Monitor (it is created by default).
To enable message contents to be included in the traces, set the following environment variable to true in the same Dockerfile. Note that the messages may contain personally identifiable information.
ENV AZURE_TRACING_GEN_AI_CONTENT_RECORDING_ENABLED=true
The default for the model capacity in deployment is 50k tokens. For optimal performance, it is recommended to increase to 100k tokens. You can change the capacity by following the steps in setting capacity and deployment SKU.
- Navigate to the Azure AI Foundry Portal
- Select the AI Project you are using for this template if you are not already in the project.
- Select Management center from the bottom left navigation menu
- Select Quota, click the GlobalStandard dropdown and select the model and region you are using for this accelerator to see your available quota. Please note GPT-4o mini and text-embedding-ada-002 are used as default.
- Request more quota or delete any unused model deployments as needed.
Pick from the options below to see step-by-step instructions for: GitHub Codespaces, VS Code Dev Containers, and Local Environments.
GitHub Codespaces
You can run this template virtually by using GitHub Codespaces. The button will open a web-based VS Code instance in your browser:
-
Open the template (this may take several minutes):
-
Open a terminal window
-
Continue with the deploying steps
VS Code Dev Containers
A related option is VS Code Dev Containers, which will open the project in your local VS Code using the Dev Containers extension:
-
Start Docker Desktop (install it if not already installed Docker Desktop)
-
Open the project:
-
In the VS Code window that opens, once the project files show up (this may take several minutes), open a terminal window.
-
Continue with the deploying steps
Local Environment
- Confirm that you have the required tools installed from the prerequisites section and the code downloaded from the code section
- Open the project folder in your terminal or editor
- Continue with the deploying steps
Local Development Server
You can optionally use a local development server to test app changes locally. Make sure you first deployed the app to Azure before running the development server.
-
Create a Python virtual environment and activate it.
On Windows:
python -m venv .venv .venv\scripts\activate
On Linux:
python3 -m venv .venv source .venv/bin/activate -
Navigate to the
srcdirectory:cd src -
Install required Python packages:
python -m pip install -r requirements.txt
-
Run the local server:
python -m uvicorn "api.main:create_app" --factory --reload -
Click 'http://127.0.0.1:8000' in the terminal, which should open a new tab in the browser.
-
Enter your message in the box.
Once you've opened the project in Codespaces or in Dev Containers or locally, you can deploy it to Azure following the following steps.
-
Login to Azure:
azd auth login
-
(Optional) If you would like to customize the deployment to disable resources, customize resource names, customize the models or increase quota, you can follow those steps now.
-
Provision and deploy all the resources by running the following in get-started-with-ai-agents directory:
azd up
-
You will be prompted to provide an
azdenvironment name (like "azureaiapp"), select a subscription from your Azure account, and select a location which has quota for all the resources. Then, it will provision the resources in your account and deploy the latest code.- For guidance on selecting a region with quota and model availability, follow the instructions in the quota recommendations section and ensure that your model is available in your selected region by checking the list of models supported by Azure AI Agent Service
- This deployment will take 8-12 minutes to provision the resources in your account and set up the solution with sample data.
- If you get an error or timeout with deployment, changing the location can help, as there may be availability constraints for the resources. You can do this by running
azd downand deleting the.azurefolder from your code, and then runningazd upagain and selecting a new region.
NOTE! If you get authorization failed and/or permission related errors during the deployment, please refer to the Azure account requirements in the Prerequisites section. If you were recently granted these permissions, it may take a few minutes for the authorization to apply.
-
When
azdhas finished deploying, you'll see an endpoint URI in the command output. Visit that URI, and you should see the app! 🎉You can view information about your deployment with:
azd show
-
If you make further modification to the app code, you can deploy the updated version with:
azd deploy
You can get more detailed output with the
--debugparameter.azd deploy --debug
Important:
Check carefully for any errors during deployment and the startup phase of the Azure Container App. If the container fails to start correctly after deployment, the application changes you made will not take effect, and Azure Container Apps will continue serving requests from the previous stable revision.
-
You can optionally use a local development server to test app changes locally. To do so, follow the steps in local deployment server after your app is deployed.
-
When you are done using your application, you can now delete the resources by running
azd down. This may take up to 20 minutes.
azd down.
You can view console logs in Azure portal. You can get the link to the resource group with the azd tool:
azd showOr if you want to navigate from the Azure portal main page, select your resource group from the 'Recent' list, or by clicking the 'Resource groups' and searching your resource group there.
After accessing you resource group in Azure portal, choose your container app from the list of resources. Then open 'Monitoring' and 'Log Stream'. Choose the 'Application' radio button to view application logs. You can choose between real-time and historical using the corresponding radio buttons. Note that it may take some time for the historical view to be updated with the latest logs.
If you enabled logging to a file, you can view the log file by choosing 'Console' under the 'Monitoring' (same location as above for the console traces), opening the default console and then for example running the following command (replace app.log with the actual name of your log file):
more app.logYou can view the App Insights tracing in Azure AI Foundry. Select your project on the Azure AI Foundry page and then click 'Tracing'.
Pricing varies per region and usage, so it isn't possible to predict exact costs for your usage. The majority of the Azure resources used in this infrastructure are on usage-based pricing tiers. However, Azure Container Registry has a fixed cost per registry per day.
You can try the Azure pricing calculator for the resources:
- Azure AI Foundry: Free tier. Pricing
- Azure AI Search: Standard tier, S1. Pricing is based on the number of documents and operations. Pricing
- Azure Storage Account: Standard tier, LRS. Pricing is based on storage and operations. Pricing
- Azure Key Vault: Standard tier. Pricing is based on the number of operations. Pricing
- Azure AI Services: S0 tier, defaults to gpt-4o-mini and text-embedding-ada-002 models. Pricing is based on token count. Pricing
- Azure Container App: Consumption tier with 0.5 CPU, 1GiB memory/storage. Pricing is based on resource allocation, and each month allows for a certain amount of free usage. Pricing
- Azure Container Registry: Basic tier. Pricing
- Log analytics: Pay-as-you-go tier. Costs based on data ingested. Pricing
azd down.
This template uses Azure AI Foundry connections to communicate between resources, which stores keys in Azure Key Vault. This template also uses Managed Identity for local development and deployment.
To ensure continued best practices in your own repository, we recommend that anyone creating solutions based on our templates ensure that the Github secret scanning setting is enabled.
You may want to consider additional security measures, such as:
- Enabling Microsoft Defender for Cloud to secure your Azure resources.
- Protecting the Azure Container Apps instance with a firewall and/or Virtual Network.
This template creates everything you need to get started with Azure AI Foundry:
- AI Hub Resource
- AI Project
- Azure AI Service: Default models deployed are gpt-4o-mini and text-embedding-ada-002, but any Azure AI models can be specified per the documentation.
- AI Search Service (Optional, enabled by default)
The template also includes dependent resources required by all AI Hub resources:
- Storage Account
- Key Vault
- Application Insights (Optional, enabled by default)
- Container Registry (Optional, enabled by default)
- If you have an issue is with timeouts or provisioning resources, changing the location of your resource group can help, as there may be availability constrains for resources. Call
azd downand remove your current resources, and delete the.azurefolder from your workspace. Then, callazd upagain and select a different region. - You may debug further using azd commands.
azd showdisplays information abour your app and resources, andazd deploy --debugenables debugging and logging while deploying the application's code to Azure. - Ensure that your az and azd tools are up to date.
- After fully deploying with azd, additional errors in the Azure Portal may indicate that your latest code has not been successfully deployed
- If your ACA does not boot up, it is possible that your deployment has failed. This could be due to quota constraints, permission issues, or resource availability. Check failures in the deployment and container app logs in the Azure Portal.
- Console traces in ACA can be found in the Azure Portal, but they may be unreliable. Use Python’s logging with INFO level, and adjust Azure HTTP logging to WARNING.
- Once your ACA is deployed, utilize the browser debugger (F12) and clear cache (CTRL+SHIFT+R). This can help debug the frontend for better traceability.
- If your agent is occasionally unresponsive, your model may have reached its rate limit. You can increase its quota by adjusting the bicep configuration or by editing the model in the Azure AI Foundry page for your project's model deployments.
- If your agent is crashing, confirm that you are using a model that you have deployed to your project.
- For easier agents configuration and streamlined integration with an existing assistants library, export the agent from Azure AI Foundry and implement a yaml-based configuration.
- This application is designed to serve multiple users on multiple browsers. This application uses cookies to ensure that the same thread is reused for conversations across multiple tabs in the same browser. If the browser is restarted, the old thread will continue to serve the user. However, if the application has a new agent after a server restart or a thread is deleted, a new thread will be created without requiring a browser refresh or signaling to the users.When users submit a message to the web server, the web server will create an agent, thread, and stream back a reply. The response contains
agent_idandthread_idin cookies. As a result, each subsequent message sent to the web server will also contain these IDs. As long as the same agent is being used in the system and the thread can be retrieved in the cookie, the same thread will be used to serve the users. - For document handling, use filename-based downloads to avoid storing files in dictionaries.
- Intermittent errors may arise when retrieving filenames for file IDs, which may be mitigated by using a single worker and fresh threads for each new assistant.
- File citation can be enhanced by automatically including filenames to reduce manual steps.