microsoft · Roopan-Microsoft · Sep 29, 2025 · Sep 3, 2025 · Sep 3, 2025 · Sep 3, 2025
@@ -106,8 +106,8 @@ jobs:
 
           az deployment group create \
             --resource-group ${{ env.RESOURCE_GROUP_NAME }} \
-            --template-file infra/bicep/main.bicep \
-            --parameters solutionPrefix=${{ env.SOLUTION_PREFIX }} createdBy="Pipeline" tags="{'SecurityControl':'Ignore','Purpose':'Deploying and Cleaning Up Resources for Validation','CreatedDate':'$current_date'}"
+            --template-file infra/main.bicep \
+            --parameters solutionName=${{ env.SOLUTION_PREFIX }} createdBy="Pipeline" tags="{'SecurityControl':'Ignore','Purpose':'Deploying and Cleaning Up Resources for Validation','CreatedDate':'$current_date'}"
       - name: List KeyVaults and Store in Array
         id: list_keyvaults
         run: |

@@ -75,9 +75,9 @@ https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-regi
 
 2. Click the following deployment button to create the required resources for this accelerator in your Azure Subscription.
 
-   [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fmicrosoft%2FBuild-your-own-copilot-Solution-Accelerator%2Fbyoc-researcher%2Finfra%2Fbicep%2Fmain.json)
+   [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fmicrosoft%2FBuild-your-own-copilot-Solution-Accelerator%2Fbyoc-researcher%2Finfra%2Fmain.json)
 
-3. You will need to select an Azure Subscription, create/select a Resource group, Region, and a unique Solution Prefix.
+3. You will need to select an Azure Subscription, create/select a Resource group, Region, and a unique Solution Name.
 
    ![image](docs/images/readMe/armDeployment.png)
 
@@ -93,6 +93,13 @@ The next steps are optional for additional learning. Not required to deploy the
 
 8. Optional - Follow steps in [Promptflow Safety Evaluation guide](./docs/PromptFlowSafetyEvaluation.md) to set up the safety evaluation flows.
 
+### **Deploying with Azure Developer CLI (AZD)**
+
+Follow the quick deploy steps on the deployment guide to deploy this solution using Azure Developer CLI(AZD) to your own Azure subscription.
+
+[Click here to launch the deployment guide](./docs/DeploymentGuide.md)
+<br/><br/>
+
 
 <br/>
 <br>

@@ -0,0 +1,8 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/Azure/azure-dev/main/schemas/v1.0/azure.yaml.json
+name: byoc-research-assistant
+
+requiredVersions:
+  azd: ">= 1.15.0"
+
+metadata:
+  template: byoc-research-assistant@1.0
@@ -1,4 +1,40 @@
 # AI Foundry Deployment Guide 
+
+> **Important**: For WAF-aligned production deployments, ensure you are logged into the designated virtual machine before proceeding with the below steps.
+
+### Accessing the Virtual Machine via Azure Bastion
+
+For WAF-aligned production environments, you must perform these deployment steps from within the designated virtual machine. Follow these steps to connect:
+
+1. **Navigate to your Virtual Machine in Azure Portal**
+   - Go to [Azure Portal](https://portal.azure.com/)
+   - Search for "Virtual machines" in the top search bar
+   - Click on your VM named `vm-{your-deployment-prefix}` or similar
+
+2. **Connect using Azure Bastion**
+   - In your VM overview page, click the **Connect** button
+   - Select **Connect via Bastion** from the dropdown menu
+
+3. **Enter your credentials**
+   - **Username**: Use the admin username you specified during the initial deployment (e.g., `JumpboxAdminUser` or the custom username you provided)
+   - **Password**: Enter the admin password you set during the deployment process
+   - **Authentication Type**: Select "Password" 
+   - Click **Connect**
+
+4. **Wait for connection**
+   - The Bastion connection may take 30-60 seconds to establish
+   - A new browser tab will open with your VM desktop environment
+
+5. **Open a web browser in the VM**
+   - Once connected to the VM, open Microsoft Edge or Chrome
+   - Navigate to [AI Foundry](https://ai.azure.com/) from within the VM
+   - Sign in with your Azure credentials
+
+> **Troubleshooting**: If you forgot your VM credentials:
+> - You can reset the password in Azure Portal: Go to your VM → **Reset password** in the left menu
+> - Or contact your Azure administrator for assistance
+---
+
 Please follow the steps below to configure the Prompt flow endpoint in App service configuration.
 
 ## Step 1: OpenAI Foundry Project

@@ -0,0 +1,39 @@
+## [Optional]: Customizing resource names 
+
+By default this template will use the environment name as the prefix to prevent naming collisions within Azure. The parameters below show the default values. You only need to run the statements below if you need to change the values. 
+
+
+> To override any of the parameters, run `azd env set <PARAMETER_NAME> <VALUE>` before running `azd up`. On the first azd command, it will prompt you for the environment name. Be sure to choose 3-20 charaters alphanumeric unique name. 
+
+## Parameters
+
+| Name                          | Type    | Default Value       | Purpose                                                                                              |
+| -----------------------------| ------- | ------------------- | ---------------------------------------------------------------------------------------------------- |
+| `AZURE_ENV_NAME`            | string  | `azdtemp`           | Used as a prefix for all resource names to ensure uniqueness across environments.                    |
+| `AZURE_LOCATION`            | string  | `<User selects during deployment>`         | Sets the Azure region for resource deployment.  |
+| `AZURE_OPENAI_MODEL_DEPLOYMENT_TYPE`             | string  | `Standard`    | Change the Model Deployment Type (allowed values: Standard, GlobalStandard).                         |
+| `AZURE_OPENAI_DEPLOYMENT_MODEL`               | string  | `gpt-35-turbo`            | Set the GPT model name (allowed values: `gpt-35-turbo`, `gpt-4`, `gpt-4o`).                                                      |
+| `AZURE_OPENAI_API_VERSION`     | string  | `0125`        | Set the Azure OpenAI model version.                                       |
+| `AZURE_OPENAI_DEPLOYMENT_MODEL_CAPACITY`     | integer | `30`               | Set the model capacity for GPT deployment. Choose based on your Azure quota and usage needs.         |
+| `AZURE_OPENAI_EMBEDDING_MODEL`            | string  | `text-embedding-ada-002`  | Set the model name used for embeddings.                                                              |
+| `AZURE_OPENAI_EMBEDDING_MODEL_VERSION`            | string  | `2`  | Set the version for the embedding model.                                                              |
+| `AZURE_OPENAI_EMBEDDING_MODEL_CAPACITY` | integer | `45`              | Set the capacity for embedding model deployment.                                                     |
+| `AZURE_ENV_IMAGETAG`                  | string  | `latest`            | Set the container image tag (allowed values: `latest`, `dev`, `hotfix`).                                             |
+| `AZURE_ENV_ENABLE_TELEMETRY`                  | boolean  | `true`            | Enable or disable telemetry collection for the deployment.                                             |
+| `AZURE_ENV_VM_ADMIN_USERNAME`            | string  | `<Set when enablePrivateNetworking=true>`         | Admin username for the jumpbox VM when private networking is enabled.   |
+| `AZURE_ENV_VM_ADMIN_PASSWORD`            | string  | `<Set when enablePrivateNetworking=true>`         | Admin password for the jumpbox VM when private networking is enabled.   |
+
+
+## How to Set a Parameter
+To customize any of the above values, run the following command **before** `azd up`:
+
+```bash
+azd env set <PARAMETER_NAME> <VALUE>
+
+```
+
+**Example:**
+
+```bash
+azd env set AZURE_LOCATION westus2
+```
@@ -0,0 +1,78 @@
+# Deployment Guide 
+
+## Deployment Options
+
+### Sandbox or WAF Aligned Deployment Options
+
+The [`infra`](../infra) folder of the Build-your-own-copilot-Solution-Accelerator contains the [`main.bicep`](../infra/main.bicep) Bicep script, which defines all Azure infrastructure components for this solution.
+
+By default, the `azd up` command uses the [`main.parameters.json`](../infra/main.parameters.json) file to deploy the solution. This file is pre-configured for a **sandbox environment** — ideal for development and proof-of-concept scenarios, with minimal security and cost controls for rapid iteration.
+
+For **production deployments**, the repository also provides [`main.waf.parameters.json`](../infra/main.waf.parameters.json), which applies a [Well-Architected Framework (WAF) aligned](https://learn.microsoft.com/en-us/azure/well-architected/) configuration. This option enables additional Azure best practices for reliability, security, cost optimization, operational excellence, and performance efficiency, such as:
+
+  - Enhanced network security (e.g., Network protection with private endpoints)
+  - Stricter access controls and managed identities
+  - Logging, monitoring, and diagnostics enabled by default
+  - Resource tagging and cost management recommendations
+
+---
+
+**How to choose your deployment configuration:**
+
+* Use the default `main.parameters.json` file for a **sandbox/dev environment**
+* For a **WAF-aligned, production-ready deployment**, copy the contents of `main.waf.parameters.json` into `main.parameters.json` before running `azd up`
+
+### VM Credentials Configuration
+
+By default, the solution sets the VM administrator username and password from environment variables.
+
+To set your own VM credentials before deployment, use:
+
+```sh
+azd env set AZURE_ENV_VM_ADMIN_USERNAME <your-username>
+azd env set AZURE_ENV_VM_ADMIN_PASSWORD <your-password>
+```
+
+> [!TIP]
+> Always review and adjust parameter values (such as region, capacity, security settings and log analytics workspace configuration) to match your organization’s requirements before deploying. For production, ensure you have sufficient quota and follow the principle of least privilege for all identities and role assignments.
+
+
+> [!IMPORTANT]
+> The WAF-aligned configuration is under active development. More Azure Well-Architected recommendations will be added in future updates.
+
+---
+
+### Deploying with AZD
+
+Once you've opened the project in locally, you can deploy it to Azure by following these steps:
+
+1. Login to Azure:
+
+    ```shell
+    azd auth login
+    ```
+
+    #### To authenticate with Azure Developer CLI (`azd`), use the following command with your **Tenant ID**:
+
+    ```sh
+    azd auth login --tenant-id <tenant-id>
+    ```
+
+2. Provision and deploy all the resources:
+
+    ```shell
+    azd up
+    ```
+
+3. Provide an `azd` environment name (e.g., "resass").
+4. Select a subscription from your Azure account and choose a location that has quota for all the resources. 
+    -- This deployment will take *15-20 minutes* to provision the resources in your account and set up the solution with sample data.
+    - If you encounter an error or timeout during deployment, changing the location may help, as there could be availability constraints for the resources.
+
+5. When Deployment is complete, follow steps in [AI Foundry Deployment guide](./AIFoundryDeployment.md) to configure the grant draft proposal endpoint.
+
+5. Open the [Azure Portal](https://portal.azure.com/), go to the deployed resource group, find the App Service, and get the app URL from `Default domain`.
+
+6. If you are done trying out the application, you can delete the resources by running `azd down`.
+
+---