This guide walks you through deploying the Document Knowledge Mining Solution Accelerator to Azure. The deployment process takes approximately 8-10 minutes for the default Development/Testing configuration and includes both infrastructure provisioning and application setup.
🆘 Need Help? If you encounter any issues during deployment, check our Troubleshooting Guide for solutions to common problems.
Ensure you have access to an Azure subscription with the following permissions:
| Required Permission/Role | Scope | Purpose |
|---|---|---|
| Contributor | Subscription level | Create and manage Azure resources |
| User Access Administrator | Subscription level | Manage user access and role assignments |
| Role Based Access Control | Subscription/Resource Group level | Configure RBAC permissions |
| App Registration Creation | Azure Active Directory | Create and configure authentication |
🔍 How to Check Your Permissions:
- Go to Azure Portal
- Navigate to Subscriptions (search for "subscriptions" in the top search bar)
- Click on your target subscription
- In the left menu, click Access control (IAM)
- Scroll down to see the table with your assigned roles - you should see:
- Contributor
- User Access Administrator
- Role Based Access Control Administrator (or similar RBAC role)
For App Registration permissions:
- Go to Microsoft Entra ID → Manage → App registrations
- Try clicking New registration
- If you can access this page, you have the required permissions
- Cancel without creating an app registration
📖 Detailed Setup: Follow Azure Account Set Up for complete configuration.
Required Azure Services:
- Azure OpenAI Service
- Azure AI Search
- Azure AI Document Intelligence
- Azure Container Registry
- Azure Kubernetes Service
- Azure App Service
- Azure Blob Storage
- Azure Queue Storage
- Azure Cosmos DB
Recommended Regions: Central US, Australia East, UK South, Japan East
🔍 Check Availability: Use Azure Products by Region to verify service availability.
💡 RECOMMENDED: Check your Azure OpenAI quota availability before deployment for optimal planning.
📖 Follow: Quota Check Instructions to ensure sufficient capacity.
Recommended Configuration:
- Default: 200k tokens (minimum)
- Optimal: 500k tokens (recommended for best performance)
Note: When you run
azd up, the deployment will automatically show you regions with available quota, so this pre-check is optional but helpful for planning purposes. You can customize these settings later in Step 3.3: Advanced Configuration.
📖 Adjust Quota: Follow Azure AI Model Quota Settings if needed.
Required Tools:
-
Microsoft.Compute Registration Ensure that Microsoft.Compute is registered in your Azure subscription by following these steps:
- Log in to your Azure Portal.
- Navigate to your active Azure subscription.
- Go to Settings and select Resource Providers.
- Check for Microsoft.Compute and click Register if it is not already registered.
Setup Steps:
- Install all required deployment tools listed above
- Clone the repository:
azd init -t microsoft/Document-Knowledge-Mining-Solution-Accelerator
- Open the project folder in your terminal
- Proceed to Step 3: Configure Deployment Settings
PowerShell Users: If you encounter script execution issues, run:
Set-ExecutionPolicy -Scope Process -ExecutionPolicy BypassReview the configuration options below. You can customize any settings that meet your needs, or leave them as defaults to proceed with a standard deployment.
| Aspect | Development/Testing (Default) | Production |
|---|---|---|
| Configuration File | main.parameters.json (sandbox) |
Copy main.waf.parameters.json to main.parameters.json |
| Security Controls | Minimal (for rapid iteration) | Enhanced (production best practices) |
| Cost | Lower costs | Cost optimized |
| Use Case | POCs, development, testing | Production workloads |
| Framework | Basic configuration | Well-Architected Framework |
| Features | Core functionality | Reliability, security, operational excellence |
To use production configuration:
Copy the contents from the production configuration file to your main parameters file:
- Navigate to the
infrafolder in your project - Open
main.waf.parameters.jsonin a text editor (like Notepad, VS Code, etc.) - Select all content (Ctrl+A) and copy it (Ctrl+C)
- Open
main.parameters.jsonin the same text editor - Select all existing content (Ctrl+A) and paste the copied content (Ctrl+V)
- Save the file (Ctrl+S)
Note: This section only applies if you selected Production deployment type in section 3.1. VMs are not deployed in the default Development/Testing configuration.
By default, random GUIDs are generated for VM credentials. To set custom credentials:
azd env set AZURE_ENV_VM_ADMIN_USERNAME <your-username>
azd env set AZURE_ENV_VM_ADMIN_PASSWORD <your-password>Configurable Parameters
You can customize various deployment settings before running azd up, including Azure regions, AI model configurations (deployment type, version, capacity), container registry settings, and resource names.
📖 Complete Guide: See Parameter Customization Guide for the full list of available parameters and their usage.
Reuse Existing Resources
To optimize costs and integrate with your existing Azure infrastructure, you can configure the solution to reuse compatible resources already deployed in your subscription.
Supported Resources for Reuse:
- Log Analytics Workspace: Integrate with your existing monitoring infrastructure by reusing an established Log Analytics workspace for centralized logging and monitoring. Configuration Guide
Key Benefits:
- Cost Optimization: Eliminate duplicate resource charges
- Operational Consistency: Maintain unified monitoring and AI infrastructure
- Faster Deployment: Skip resource creation for existing compatible services
- Simplified Management: Reduce the number of resources to manage and monitor
Important Considerations:
- Ensure existing resources meet the solution's requirements and are in compatible regions
- Review access permissions and configurations before reusing resources
- Consider the impact on existing workloads when sharing resources
💡 Before You Start: If you encounter any issues during deployment, check our Troubleshooting Guide for common solutions.
azd auth loginFor specific tenants:
azd auth login --tenant-id <tenant-id>Finding Tenant ID:
- Open the Azure Portal.
- Navigate to Microsoft Entra ID from the left-hand menu.
- Under the Overview section, locate the Tenant ID field. Copy the value displayed.
NOTE: If you are running the latest azd version (version 1.23.9), please run the following command.
azd config set provision.preflight offazd upDuring deployment, you'll be prompted for:
- Environment name (e.g., "dkmsa") - Must be 3-16 characters long, alphanumeric only
- Azure subscription selection
- Azure AI Deployment Location - Select a region with available Azure OpenAI Service quota for GPT-4.1-mini and text-embedding-3-large models
- Primary location - Select the region where your infrastructure resources will be deployed
- Resource group selection (create new or use existing)
Expected Duration: 8-10 minutes for default configuration
The post deployment process is very straightforward and simplified via a single deployment script that completes in approximately 20-30 minutes:
- Configure Kubernetes Infrastructure.
- Update Kubernetes configuration files with the FQDN, Container Image Path and Email address for the certificate management.
- Configure AKS (deploy Cert Manager, Ingress Controller) and Deploy Images on the kubernetes cluster.
- Docker build and push container images to Azure Container Registry.
- Display the deployment result and following instructions.
cd .\Deployment\If you deployed using azd up command:
.\resourcedeployment.ps1If you deployed using custom templates, ARM/Bicep deployments, or az deployment group commands:
.\resourcedeployment.ps1 -ResourceGroupName "<your-resource-group-name>"Note: Replace
<your-resource-group-name>with the actual name of the resource group containing your deployed Azure resources.
💡 Tip: Since this guide is for azd deployment, you'll typically use the first command without the
-ResourceGroupNameparameter.
If you run into issue with PowerShell script file not being digitally signed, you can execute below command:
powershell.exe -ExecutionPolicy Bypass -File ".\resourcedeployment.ps1"
5.1.3.1 Email - used for issuing certificates in Kubernetes clusters from the Let's Encrypt service. Email address should be valid.
5.1.3.3 GO! - Post Deployment script executes Azure Infrastructure configuration, Application code compile and publish into Kubernetes Cluster.
Let's check the message and configure your model's TPM rate higher to get better performance.
You can check the Application URL from the final console message.
Don't miss this URL information. This is the application's endpoint URL and should be used for your data importing process.
Create Content Filter - Please follow below steps
- Navigate to project in Azure OpenAI, then go to Azure AI Foundry, select Safety + security
- Click on Create Content Filter and set the filters to a high threshold for the following categories:
Hate, Sexual, Self-harm, Violence- Please select the checkbox of profanity
- Leave all other configurations at their default settings and click on create
Capacity Note:
- The deployment script creates models with a setting of 1 token per minute (TPM) rate limit.
- Faster performance can be achieved by increasing the TPM limit with Azure AI Foundry.
- Capacity varies for regional quota limits as well as for provisioned throughput.
- As a starting point, we recommend the following quota threshold be set up for this service run.
| Model Name | TPM Threshold |
|---|---|
| GPT-4.1-mini | 100K TPM |
| text-embedding-3-large | 200K TPM |
⚠️ Warning: Insufficient quota can cause failures during the upload process. Please ensure you have the recommended capacity or request for additional capacity before start uploading the files.
5.3.1 Browse to the project in Azure AI Foundry, and select each of the 2 models within the Deployments menu:
After increasing the TPM limit for each model, let's upload and process the sample documents.
Execute this command:
- Access your application using the URL from Step 5.1.3.4
- Confirm the application loads successfully
- Verify you can sign in with your authenticated account
Follow the detailed workflow to test the migration functionality:
Quick Test Steps:
- Login to the application using the URL from Step 5.1.3.4
- In "Chat with documents" options, ask any questions related to uploaded documents
- Click on "Details" of any document and go to "chat" option
- Ask questions according to document content
- Review the responses
📖 Sample Questions: For a comprehensive list of test scenarios and example questions, see Sample Questions Guide
azd downNote: If you deployed with
enableRedundancy=trueand Log Analytics workspace replication is enabled, you must first disable replication before runningazd downelse resource group delete will fail. Follow the steps in Handling Log Analytics Workspace Deletion with Replication Enabled, wait until replication returnsfalse, then runazd down.
If deployment fails or you need to clean up manually:
- Follow Delete Resource Group Guide
If your deployment failed or encountered errors, here are the steps to recover:
Recover from Failed Deployment
If your deployment failed or encountered errors:
- Try a different region: Create a new environment and select a different Azure region during deployment
- Clean up and retry: Use
azd downto remove failed resources, thenazd upto redeploy - Check troubleshooting: Review Troubleshooting Guide for specific error solutions
- Fresh start: Create a completely new environment with a different name
Example Recovery Workflow:
# Remove failed deployment (optional)
azd down
# Create new environment (3-16 chars, alphanumeric only)
azd env new dkmsaretry
# Deploy with different settings/region
azd upIf you need to deploy to a different region, test different configurations, or create additional environments:
Create a New Environment
Create Environment Explicitly:
# Create a new named environment (3-16 characters, alphanumeric only)
azd env new <new-environment-name>
# Select the new environment
azd env select <new-environment-name>
# Deploy to the new environment
azd upExample:
# Create a new environment for production (valid: 3-16 chars)
azd env new dkmsaprod
# Switch to the new environment
azd env select dkmsaprod
# Deploy with fresh settings
azd upEnvironment Name Requirements:
- Length: 3-16 characters
- Characters: Alphanumeric only (letters and numbers)
- Valid examples:
dkmsa,test123,myappdev,prod2024- Invalid examples:
co(too short),my-very-long-environment-name(too long),test_env(underscore not allowed),myapp-dev(hyphen not allowed)
Switch Between Environments
List Available Environments:
azd env listSwitch to Different Environment:
azd env select <environment-name>View Current Environment:
azd env get-values- Use descriptive names:
dkmsadev,dkmsaprod,dkmsatest(remember: 3-16 chars, alphanumeric only) - Different regions: Deploy to multiple regions for testing quota availability
- Separate configurations: Each environment can have different parameter settings
- Clean up unused environments: Use
azd downto remove environments you no longer need
Now that your deployment is complete and tested, explore these resources to enhance your experience:
📚 Learn More:
- Technical Architecture - Understand the system design and components
- Local Development Setup - Set up your local development environment
- Sample Questions - Example prompts to test the solution
- 🐛 Issues: Check Troubleshooting Guide
- 💬 Support: Review Support Guidelines
- 🔧 Development: See Contributing Guide