fix: SFI changes: TLS1.2 Support for SQL and Increased Quota for Azure AI GPT-4o deployment to avoid rate limiting

fix: SFI changes: TLS1.2 Support for SQL and Increased Quota for Azure AI GPT-4o deployment to avoid rate limiting

Author: Avijit-Microsoft

infra/deploy_sql_db.bicep

@@ -7,28 +7,29 @@ param keyVaultName string
 param managedIdentityObjectId string
 param managedIdentityName string
 
-var serverName = '${ solutionName }-sql-server'
-var sqlDBName = '${ solutionName }-sql-db'
+var serverName = '${solutionName }-sql-server'
+var sqlDBName = '${solutionName }-sql-db'
 var location = solutionLocation
 var administratorLogin = 'sqladmin'
 var administratorLoginPassword = 'TestPassword_1234'
 
 resource sqlServer 'Microsoft.Sql/servers@2023-08-01-preview' = {
   name: serverName
   location: location
-  kind:'v12.0'
+  kind: 'v12.0'
   properties: {
-      publicNetworkAccess: 'Enabled'
-      version: '12.0'
-      restrictOutboundNetworkAccess: 'Disabled'
-      administrators: {
-        login: managedIdentityName
-        sid: managedIdentityObjectId
-        tenantId: subscription().tenantId
-        administratorType: 'ActiveDirectory'
-        azureADOnlyAuthentication: true
-      }
+    publicNetworkAccess: 'Enabled'
+    version: '12.0'
+    restrictOutboundNetworkAccess: 'Disabled'
+    minimalTlsVersion: '1.2' // Enforce TLS 1.2 to comply with Azure policy
+    administrators: {
+      login: managedIdentityName
+      sid: managedIdentityObjectId
+      tenantId: subscription().tenantId
+      administratorType: 'ActiveDirectory'
+      azureADOnlyAuthentication: true
     }
+  }
 }
 
 resource firewallRule 'Microsoft.Sql/servers/firewallRules@2023-08-01-preview' = {
@@ -59,11 +60,11 @@ resource sqlDB 'Microsoft.Sql/servers/databases@2023-08-01-preview' = {
     family: 'Gen5'
     capacity: 2
   }
-  kind:'v12.0,user,vcore,serverless'
+  kind: 'v12.0,user,vcore,serverless'
   properties: {
     collation: 'SQL_Latin1_General_CP1_CI_AS'
-    autoPauseDelay:60
-    minCapacity:1
+    autoPauseDelay: 60
+    minCapacity: 1
     readScale: 'Disabled'
     zoneRedundant: false
   }
@@ -77,7 +78,7 @@ resource sqldbServerEntry 'Microsoft.KeyVault/vaults/secrets@2021-11-01-preview'
   parent: keyVault
   name: 'SQLDB-SERVER'
   properties: {
-    value: '${serverName}.database.windows.net'
+    value: '${serverName}${environment().suffixes.sqlServerHostname}'
   }
 }
 

infra/main.bicep

@@ -8,10 +8,7 @@ param environmentName string
 
 @minLength(1)
 @description('Location for the Content Understanding service deployment:')
-@allowed(['swedencentral' 
-'australiaeast'
-])
-
+@allowed(['swedencentral', 'australiaeast'])
 @metadata({
   azd: {
     type: 'location'
@@ -58,7 +55,6 @@ param gptDeploymentCapacity int = 30
 ])
 param embeddingModel string = 'text-embedding-ada-002'
 
-
 @minValue(10)
 @description('Capacity of the Embedding Model deployment')
 param embeddingDeploymentCapacity int = 80
@@ -73,7 +69,6 @@ var resourceGroupLocation = resourceGroup().location
 var solutionLocation = resourceGroupLocation
 var baseUrl = 'https://raw.githubusercontent.com/microsoft/Conversation-Knowledge-Mining-Solution-Accelerator/main/'
 
-
 // ========== Managed Identity ========== //
 module managedIdentityModule 'deploy_managed_identity.bicep' = {
   name: 'deploy_managed_identity'
@@ -90,7 +85,7 @@ module kvault 'deploy_keyvault.bicep' = {
   params: {
     solutionName: solutionPrefix
     solutionLocation: resourceGroupLocation
-    managedIdentityObjectId:managedIdentityModule.outputs.managedIdentityOutput.objectId
+    managedIdentityObjectId: managedIdentityModule.outputs.managedIdentityOutput.objectId
   }
   scope: resourceGroup(resourceGroup().name)
 }
@@ -109,7 +104,7 @@ module aifoundry 'deploy_ai_foundry.bicep' = {
     gptDeploymentCapacity: gptDeploymentCapacity
     embeddingModel: embeddingModel
     embeddingDeploymentCapacity: embeddingDeploymentCapacity
-    managedIdentityObjectId:managedIdentityModule.outputs.managedIdentityOutput.objectId
+    managedIdentityObjectId: managedIdentityModule.outputs.managedIdentityOutput.objectId
   }
   scope: resourceGroup(resourceGroup().name)
 }
@@ -121,7 +116,7 @@ module storageAccount 'deploy_storage_account.bicep' = {
     solutionName: solutionPrefix
     solutionLocation: solutionLocation
     keyVaultName: kvault.outputs.keyvaultName
-    managedIdentityObjectId:managedIdentityModule.outputs.managedIdentityOutput.objectId
+    managedIdentityObjectId: managedIdentityModule.outputs.managedIdentityOutput.objectId
   }
   scope: resourceGroup(resourceGroup().name)
 }
@@ -158,23 +153,23 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
 
 //========== Deployment script to upload sample data ========== //
 module uploadFiles 'deploy_post_deployment_scripts.bicep' = {
-  name : 'deploy_post_deployment_scripts'
-  params:{
+  name: 'deploy_post_deployment_scripts'
+  params: {
     solutionName: solutionPrefix
     solutionLocation: secondaryLocation
     baseUrl: baseUrl
     storageAccountName: storageAccount.outputs.storageName
     containerName: storageAccount.outputs.storageContainer
-    managedIdentityObjectId:managedIdentityModule.outputs.managedIdentityOutput.id
-    managedIdentityClientId:managedIdentityModule.outputs.managedIdentityOutput.clientId
-    keyVaultName:aifoundry.outputs.keyvaultName
+    managedIdentityObjectId: managedIdentityModule.outputs.managedIdentityOutput.id
+    managedIdentityClientId: managedIdentityModule.outputs.managedIdentityOutput.clientId
+    keyVaultName: aifoundry.outputs.keyvaultName
     logAnalyticsWorkspaceResourceName: aifoundry.outputs.logAnalyticsWorkspaceResourceName
     sqlServerName: sqlDBModule.outputs.sqlServerName
     sqlDbName: sqlDBModule.outputs.sqlDbName
     sqlUsers: [
       {
-        principalId: managedIdentityModule.outputs.managedIdentityBackendAppOutput.clientId  // Replace with actual Principal ID
-        principalName: managedIdentityModule.outputs.managedIdentityBackendAppOutput.name    // Replace with actual user email or name
+        principalId: managedIdentityModule.outputs.managedIdentityBackendAppOutput.clientId // Replace with actual Principal ID
+        principalName: managedIdentityModule.outputs.managedIdentityBackendAppOutput.name // Replace with actual user email or name
         databaseRoles: ['db_datareader', 'db_datawriter']
       }
     ]
@@ -188,52 +183,52 @@ module hostingplan 'deploy_app_service_plan.bicep' = {
   }
 }
 
-module backend_docker 'deploy_backend_docker.bicep'= {
+module backend_docker 'deploy_backend_docker.bicep' = {
   name: 'deploy_backend_docker'
   params: {
     imageTag: imageTag
     appServicePlanId: hostingplan.outputs.name
     applicationInsightsId: aifoundry.outputs.applicationInsightsId
-    azureOpenAIKey:keyVault.getSecret('AZURE-OPENAI-KEY')
-    azureAiProjectConnString:keyVault.getSecret('AZURE-AI-PROJECT-CONN-STRING')
-    azureSearchAdminKey:keyVault.getSecret('AZURE-SEARCH-KEY')
+    azureOpenAIKey: keyVault.getSecret('AZURE-OPENAI-KEY')
+    azureAiProjectConnString: keyVault.getSecret('AZURE-AI-PROJECT-CONN-STRING')
+    azureSearchAdminKey: keyVault.getSecret('AZURE-SEARCH-KEY')
     solutionName: solutionPrefix
     userassignedIdentityId: managedIdentityModule.outputs.managedIdentityBackendAppOutput.id
     aiProjectName: aifoundry.outputs.aiProjectName
-    appSettings:{
-        AZURE_OPEN_AI_DEPLOYMENT_MODEL:gptModelName
-        AZURE_OPEN_AI_ENDPOINT:aifoundry.outputs.aiServicesTarget
-        AZURE_OPENAI_API_VERSION: azureOpenAIApiVersion
-        AZURE_OPENAI_RESOURCE:aifoundry.outputs.aiServicesName
-        USE_CHAT_HISTORY_ENABLED:'True'
-        AZURE_COSMOSDB_ACCOUNT: cosmosDBModule.outputs.cosmosAccountName
-        AZURE_COSMOSDB_CONVERSATIONS_CONTAINER: cosmosDBModule.outputs.cosmosContainerName
-        AZURE_COSMOSDB_DATABASE: cosmosDBModule.outputs.cosmosDatabaseName
-        AZURE_COSMOSDB_ENABLE_FEEDBACK:'True'
-        SQLDB_DATABASE:sqlDBModule.outputs.sqlDbName
-        SQLDB_SERVER: sqlDBModule.outputs.sqlServerName
-        SQLDB_USERNAME: sqlDBModule.outputs.sqlDbUser
-        SQLDB_USER_MID: managedIdentityModule.outputs.managedIdentityBackendAppOutput.clientId
+    appSettings: {
+      AZURE_OPEN_AI_DEPLOYMENT_MODEL: gptModelName
+      AZURE_OPEN_AI_ENDPOINT: aifoundry.outputs.aiServicesTarget
+      AZURE_OPENAI_API_VERSION: azureOpenAIApiVersion
+      AZURE_OPENAI_RESOURCE: aifoundry.outputs.aiServicesName
+      USE_CHAT_HISTORY_ENABLED: 'True'
+      AZURE_COSMOSDB_ACCOUNT: cosmosDBModule.outputs.cosmosAccountName
+      AZURE_COSMOSDB_CONVERSATIONS_CONTAINER: cosmosDBModule.outputs.cosmosContainerName
+      AZURE_COSMOSDB_DATABASE: cosmosDBModule.outputs.cosmosDatabaseName
+      AZURE_COSMOSDB_ENABLE_FEEDBACK: 'True'
+      SQLDB_DATABASE: sqlDBModule.outputs.sqlDbName
+      SQLDB_SERVER: sqlDBModule.outputs.sqlServerName
+      SQLDB_USERNAME: sqlDBModule.outputs.sqlDbUser
+      SQLDB_USER_MID: managedIdentityModule.outputs.managedIdentityBackendAppOutput.clientId
 
-        OPENAI_API_VERSION: azureOpenAIApiVersion
-        AZURE_AI_SEARCH_ENDPOINT: aifoundry.outputs.aiSearchTarget
-        AZURE_AI_SEARCH_INDEX: 'call_transcripts_index'
-        USE_AI_PROJECT_CLIENT:'False'
-        DISPLAY_CHART_DEFAULT:'False'
-      }
+      OPENAI_API_VERSION: azureOpenAIApiVersion
+      AZURE_AI_SEARCH_ENDPOINT: aifoundry.outputs.aiSearchTarget
+      AZURE_AI_SEARCH_INDEX: 'call_transcripts_index'
+      USE_AI_PROJECT_CLIENT: 'False'
+      DISPLAY_CHART_DEFAULT: 'False'
+    }
   }
   scope: resourceGroup(resourceGroup().name)
 }
 
-module frontend_docker 'deploy_frontend_docker.bicep'= {
+module frontend_docker 'deploy_frontend_docker.bicep' = {
   name: 'deploy_frontend_docker'
   params: {
     imageTag: imageTag
     appServicePlanId: hostingplan.outputs.name
     applicationInsightsId: aifoundry.outputs.applicationInsightsId
     solutionName: solutionPrefix
-    appSettings:{
-      APP_API_BASE_URL:backend_docker.outputs.appUrl
+    appSettings: {
+      APP_API_BASE_URL: backend_docker.outputs.appUrl
     }
   }
   scope: resourceGroup(resourceGroup().name)
@@ -276,4 +271,3 @@ output DISPLAY_CHART_DEFAULT string = 'False'
 
 output API_APP_URL string = backend_docker.outputs.appUrl
 output WEB_APP_URL string = frontend_docker.outputs.appUrl
-

infra/main.json

@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.35.1.17967",
-      "templateHash": "531222519582602266"
+      "templateHash": "4422559797427921508"
     }
   },
   "parameters": {
@@ -1481,7 +1481,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.35.1.17967",
-              "templateHash": "16772146797302961765"
+              "templateHash": "1810228841691441178"
             }
           },
           "parameters": {
@@ -1524,6 +1524,7 @@
                 "publicNetworkAccess": "Enabled",
                 "version": "12.0",
                 "restrictOutboundNetworkAccess": "Disabled",
+                "minimalTlsVersion": "1.2",
                 "administrators": {
                   "login": "[parameters('managedIdentityName')]",
                   "sid": "[parameters('managedIdentityObjectId')]",
@@ -1585,7 +1586,7 @@
               "apiVersion": "2021-11-01-preview",
               "name": "[format('{0}/{1}', parameters('keyVaultName'), 'SQLDB-SERVER')]",
               "properties": {
-                "value": "[format('{0}.database.windows.net', variables('serverName'))]"
+                "value": "[format('{0}{1}', variables('serverName'), environment().suffixes.sqlServerHostname)]"
               }
             },
             {
@@ -2026,7 +2027,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.35.1.17967",
-              "templateHash": "13726599232772586761"
+              "templateHash": "3979043666234492120"
             }
           },
           "parameters": {
@@ -2065,7 +2066,7 @@
           "variables": {
             "imageName": "[format('DOCKER|kmcontainerreg.azurecr.io/km-api:{0}', parameters('imageTag'))]",
             "name": "[format('{0}-api', parameters('solutionName'))]",
-            "reactAppLayoutConfig": "{\r\n  \"appConfig\": {\r\n    \"THREE_COLUMN\": {\r\n      \"DASHBOARD\": 50,\r\n      \"CHAT\": 33,\r\n      \"CHATHISTORY\": 17\r\n    },\r\n    \"TWO_COLUMN\": {\r\n      \"DASHBOARD_CHAT\": {\r\n        \"DASHBOARD\": 65,\r\n        \"CHAT\": 35\r\n      },\r\n      \"CHAT_CHATHISTORY\": {\r\n        \"CHAT\": 80,\r\n        \"CHATHISTORY\": 20\r\n      }\r\n    }\r\n  },\r\n  \"charts\": [\r\n    {\r\n      \"id\": \"SATISFIED\",\r\n      \"name\": \"Satisfied\",\r\n      \"type\": \"card\",\r\n      \"layout\": { \"row\": 1, \"column\": 1, \"height\": 11 }\r\n    },\r\n    {\r\n      \"id\": \"TOTAL_CALLS\",\r\n      \"name\": \"Total Calls\",\r\n      \"type\": \"card\",\r\n      \"layout\": { \"row\": 1, \"column\": 2, \"span\": 1 }\r\n    },\r\n    {\r\n      \"id\": \"AVG_HANDLING_TIME\",\r\n      \"name\": \"Average Handling Time\",\r\n      \"type\": \"card\",\r\n      \"layout\": { \"row\": 1, \"column\": 3, \"span\": 1 }\r\n    },\r\n    {\r\n      \"id\": \"SENTIMENT\",\r\n      \"name\": \"Topics Overview\",\r\n      \"type\": \"donutchart\",\r\n      \"layout\": { \"row\": 2, \"column\": 1, \"width\": 40, \"height\": 44.5 }\r\n    },\r\n    {\r\n      \"id\": \"AVG_HANDLING_TIME_BY_TOPIC\",\r\n      \"name\": \"Average Handling Time By Topic\",\r\n      \"type\": \"bar\",\r\n      \"layout\": { \"row\": 2, \"column\": 2, \"row-span\": 2, \"width\": 60 }\r\n    },\r\n    {\r\n      \"id\": \"TOPICS\",\r\n      \"name\": \"Trending Topics\",\r\n      \"type\": \"table\",\r\n      \"layout\": { \"row\": 3, \"column\": 1, \"span\": 2 }\r\n    },\r\n    {\r\n      \"id\": \"KEY_PHRASES\",\r\n      \"name\": \"Key Phrases\",\r\n      \"type\": \"wordcloud\",\r\n      \"layout\": { \"row\": 3, \"column\": 2, \"height\": 44.5 }\r\n    }\r\n  ]\r\n}"
+            "reactAppLayoutConfig": "{\n  \"appConfig\": {\n    \"THREE_COLUMN\": {\n      \"DASHBOARD\": 50,\n      \"CHAT\": 33,\n      \"CHATHISTORY\": 17\n    },\n    \"TWO_COLUMN\": {\n      \"DASHBOARD_CHAT\": {\n        \"DASHBOARD\": 65,\n        \"CHAT\": 35\n      },\n      \"CHAT_CHATHISTORY\": {\n        \"CHAT\": 80,\n        \"CHATHISTORY\": 20\n      }\n    }\n  },\n  \"charts\": [\n    {\n      \"id\": \"SATISFIED\",\n      \"name\": \"Satisfied\",\n      \"type\": \"card\",\n      \"layout\": { \"row\": 1, \"column\": 1, \"height\": 11 }\n    },\n    {\n      \"id\": \"TOTAL_CALLS\",\n      \"name\": \"Total Calls\",\n      \"type\": \"card\",\n      \"layout\": { \"row\": 1, \"column\": 2, \"span\": 1 }\n    },\n    {\n      \"id\": \"AVG_HANDLING_TIME\",\n      \"name\": \"Average Handling Time\",\n      \"type\": \"card\",\n      \"layout\": { \"row\": 1, \"column\": 3, \"span\": 1 }\n    },\n    {\n      \"id\": \"SENTIMENT\",\n      \"name\": \"Topics Overview\",\n      \"type\": \"donutchart\",\n      \"layout\": { \"row\": 2, \"column\": 1, \"width\": 40, \"height\": 44.5 }\n    },\n    {\n      \"id\": \"AVG_HANDLING_TIME_BY_TOPIC\",\n      \"name\": \"Average Handling Time By Topic\",\n      \"type\": \"bar\",\n      \"layout\": { \"row\": 2, \"column\": 2, \"row-span\": 2, \"width\": 60 }\n    },\n    {\n      \"id\": \"TOPICS\",\n      \"name\": \"Trending Topics\",\n      \"type\": \"table\",\n      \"layout\": { \"row\": 3, \"column\": 1, \"span\": 2 }\n    },\n    {\n      \"id\": \"KEY_PHRASES\",\n      \"name\": \"Key Phrases\",\n      \"type\": \"wordcloud\",\n      \"layout\": { \"row\": 3, \"column\": 2, \"height\": 44.5 }\n    }\n  ]\n}"
           },
           "resources": [
             {