From 0e07a840c47f0f81f44a24a1a1279cbcfe549d63 Mon Sep 17 00:00:00 2001
From: Timna Brown <24630902+brown9804@users.noreply.github.com>
Date: Tue, 11 Nov 2025 22:03:32 -0600
Subject: [PATCH 1/4] Revise README for clarity on AI development phases
Updated the README to enhance clarity on the development process from basic coding to AI agents, including detailed phases and important considerations for production environments.
---
README.md | 117 +++++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 103 insertions(+), 14 deletions(-)
diff --git a/README.md b/README.md
index 0144b6d..ee4af2f 100644
--- a/README.md
+++ b/README.md
@@ -11,12 +11,6 @@ Last updated: 2025-11-03
----------
-> `How we move from basic coding all the way to AI agents?`
->
-> - We all `start with scripting`, no matter the language, it’s the first step. `Simple/complex instructions, written line by line`, to get something done
-> - Then comes `machine learning`. At this stage, we’re not reinventing the math, we’re `leveraging powerful packages built on deep statistical and mathematical foundations.` These tools let us `automate smarter processes, like reviewing claims with predictive analytics. You’re not just coding anymore; you’re building systems that learn and adapt.`
-> - `LLMs`. This is what most people mean when they say `AI.` Think of `yourself as the architect, and the LLM as your strategic engine. You can plug into it via an API/key, or through integrated services. It’s not just about automation, it’s about reasoning, understanding, and generating human-like responses.`
-> - And finally, `agents`. These are LLMs with the `ability to act`. They don’t just respond, `they take initiative. They can create code, trigger workflows, make decisions, interact with tools, with other agents. It’s where intelligence meets execution`
List of References (Click to expand)
@@ -62,9 +56,38 @@ Last updated: 2025-11-03
-> [!NOTE]
-> How to query from `Sharepoint Library`: [GPT-RAG Data Ingestion](https://github.com/Azure/gpt-rag-ingestion/tree/main)
+> In the context of developing an E2E solution or application. Each stage builds confidence (technical, functional, and strategical), until we ready to scale and support the solution in the real world. Think of them as milestones in the journey from idea to production:
+
+`Idea → PoC → PoV → MVP → Dev → Test → UAT → Prod → Continuous Improvement`
+
+
+Detailed phases (Click to expand)
+
+| Phase | Goal | What Happens | Focus | Audience | Example |
+|-------|------|--------------|-------|----------|---------|
+| **PoC (Proof of Concept)** | Validate technical feasibility | Build a minimal version to prove that the core idea or technology can work | Infrastructure setup, basic UI, simple workflows, mock data | Internal tech teams, architects | Can we integrate this new AI model into our system? |
+| **PoV (Proof of Value)** | Demonstrate business value | Expand the PoC to show how the solution aligns with business goals and KPIs | Real use cases, measurable outcomes, stakeholder engagement | Business leaders, sponsors, decision-makers | Does this solution reduce processing time by 30% as expected? |
+| **MVP (Minimum Viable Product)** | Deliver a usable product with core features | Build the smallest set of features that delivers value and can be deployed | Real users, feedback loops, iterative improvements | Early adopters, pilot users | A working app with login, dashboard, and one key feature |
+| **Dev (Development)** | Build and refine the product | Full-scale development of features, integrations, and backend logic | Code quality, version control, collaboration | Developers, QA, product managers | — |
+| **Test (System/Integration Testing)** | Ensure the system works as expected | Run automated/manual tests, fix bugs, validate integrations | Functional testing, regression testing, performance | QA teams, developers | — |
+| **UAT (User Acceptance Testing)** | Validate with real users before go-live | Business users test the system in a near-production environment | Usability, business rules, edge cases | End users, business analysts, stakeholders | — |
+| **Prod (Production)** | Go live and deliver value | Deploy the solution to the live environment for real users | Stability, monitoring, support, feedback | All users, support teams, business owners | — |
+
+> `How we move from basic coding all the way to AI agents?`
>
+> - We all `start with scripting`, no matter the language, it’s the first step. `Simple/complex instructions, written line by line`, to get something done
+> - Then comes `machine learning`. At this stage, we’re not reinventing the math, we’re `leveraging powerful packages built on deep statistical and mathematical foundations.` These tools let us `automate smarter processes, like reviewing claims with predictive analytics. You’re not just coding anymore; you’re building systems that learn and adapt.`
+> - `LLMs`. This is what most people mean when they say `AI.` Think of `yourself as the architect, and the LLM as your strategic engine. You can plug into it via an API/key, or through integrated services. It’s not just about automation, it’s about reasoning, understanding, and generating human-like responses.`
+> - And finally, `agents`. These are LLMs with the `ability to act`. They don’t just respond, `they take initiative. They can create code, trigger workflows, make decisions, interact with tools, with other agents. It’s where intelligence meets execution`
+
+
+
+> [!NOTE]
+> How to query from `Sharepoint Library`: [GPT-RAG Data Ingestion](https://github.com/Azure/gpt-rag-ingestion/tree/main)
+
+
+ Details (Click to expand)
+
> - Access & Authentication: Integration uses a `service principal accoun`t registered in Azure Entra ID to authenticate and access the SharePoint document library via Microsoft Graph API. This avoids using personal accounts for programmatic access.
> - Data Ingestion Flow: The RAG system connects to the SharePoint library using the provided credentials, retrieves documents (mainly PDFs), and processes them for indexing.
> - Code Structure: Key integration logic resides in files such as:
@@ -86,11 +109,19 @@ SharePoint Site → Metadata Streamer → Document Downloader → Chunker → Az
Deleted Items Checker → Purge Deleted Items
```
+
+
> [!NOTE]
> How to query from `SQL on prem?`:
+
+
+ Details (Click to expand)
+
> This process `involved converting natural language to SQL, where we integrated the SQL database with the Agentic framework. When a user submits a query from the frontend, the system extracts relevant schema details from the AI search index to generate a SQL query with a few example cases. The query is then executed on the SQL server to fetch the records, and the results are displayed in natural language on the UI using an LLM.` Here more about how it works: [GPT-RAG Orchestrator](https://github.com/Azure/gpt-rag-orchestrator)
+
+
> [!IMPORTANT]
> Disclaimer: This repository contains example of a Retrieval-Augmented Generation (RAG) chat bot with a basic architecture (designed for scenarios without network isolation), and a standard Zero-Trust Architecture deployment. This is `just a guide`. It is not an official solution. For official guidance, support, or more detailed information. Please refer [RAG with Zero-Trust – Architecture Reference to Microsoft's official documentation](https://github.com/Azure/GPT-RAG) or contact Microsoft directly: [Microsoft Sales and Support](https://support.microsoft.com/contactus?ContactUsExperienceEntryPointAssetId=S.HP.SMC-HOME)
@@ -134,6 +165,11 @@ SharePoint Site → Metadata Streamer → Document Downloader → Chunker → Az
### Important Considerations for Production Environment
+
+Click to expand
+
+> Some considerations:
+
Public Network Site
@@ -189,6 +225,9 @@ SharePoint Site → Metadata Streamer → Document Downloader → Chunker → Az
+
+
+
## Zero Trust Architecture
> Zero Trust AI architecture in Microsoft Azure is a `security framework designed to protect data, applications, and infrastructure by assuming that threats can come from both inside and outside the network`. This model operates on the principle of "never trust, always verify", meaning `every access request is thoroughly authenticated and authorized based on all available data points, regardless of its origin. The architecture integrates multiple layers of security, including strong identity verification, device compliance checks, and least privilege access, ensuring that only authorized users and devices can access sensitive resources`. By continuously monitoring and validating each request, Zero Trust AI architecture helps organizations minimize risks and enhance their overall security posture.
@@ -214,6 +253,11 @@ From [Standard Zero-Trust Architecture](https://github.com/Azure/GPT-RAG/blob/ma
> The Azure Developer CLI (azd) is an `open-source tool` designed to streamline the end-to-end developer workflow on Azure. It provides `high-level commands` that simplify common developer tasks such as `project initialization, infrastructure provisioning, code deployment, and monitoring`.
+
+ Details (Click to expand)
+
+> More detailed technical information:
+
Key Features
@@ -270,14 +314,24 @@ From [Standard Zero-Trust Architecture](https://github.com/Azure/GPT-RAG/blob/ma
+
+
### Step 0.2: Install PowerShell 7
> PowerShell 7 `complements Azure Developer CLI (azd) by providing robust automation capabilities that enhance the development and deployment workflows on Azure`. With PowerShell 7, you can `automate tasks such as provisioning resources, deploying applications, and managing configurations, which are integral to azd's operations.` For instance, you can use PowerShell scripts to automate the azd provision command, ensuring consistent infrastructure setup across different environments. PowerShell 7's ability to execute commands remotely aligns with azd's remote environment support, allowing seamless management of Azure resources from any location. By integrating PowerShell 7 scripts into azd workflows, developers can streamline their processes, improve efficiency, and maintain greater control over their Azure deployments.
+
+ Visual reference here (Click to expand)
+
+
+
### Step 1: Download the repository
+
+ Details (Click to expand)
+
> Standard orchestrator
```
@@ -292,6 +346,8 @@ From [Standard Zero-Trust Architecture](https://github.com/Azure/GPT-RAG/blob/ma
+
+
> [!IMPORTANT]
> Update the information in the `GPT-RAG_SolutionAccelerator/infra/main.parameters.json` file, and make sure to save your changes before proceeding with the infrastructure deployment.
@@ -299,14 +355,22 @@ From [Standard Zero-Trust Architecture](https://github.com/Azure/GPT-RAG/blob/ma
> Azure network isolation is a security strategy that segments a network into distinct subnets or segments, each functioning as its own small network. This approach enhances security by preventing unauthorized access and data leakage. In Azure, network isolation can be achieved using Virtual Networks (VNets), Network Security Groups (NSGs), and Private Link, allowing precise control over inbound and outbound traffic.
+
+ Details (Click to expand)
+
```
azd env set AZURE_NETWORK_ISOLATION true
```
+
+
### Step 3: Login to Azure
+
+ Details (Click to expand)
+
> Make sure you log in to both:
1. Azure Developer CLI:
@@ -323,10 +387,15 @@ From [Standard Zero-Trust Architecture](https://github.com/Azure/GPT-RAG/blob/ma
+
+
### Step 4: Deploy the insfrastructure
> `azd provision` command in Azure Developer CLI (azd) automates the deployment of necessary Azure resources for an application. It uses infrastructure-as-code templates to set up Azure services, ensuring consistent and repeatable deployments across different environments.
+
+ Details (Click to expand)
+
```
azd provision
```
@@ -343,8 +412,15 @@ From [Standard Zero-Trust Architecture](https://github.com/Azure/GPT-RAG/blob/ma
+
+
### Step 5: VM login
+> AI/Data Science VM
+
+
+ Details (Click to expand)
+
1. To proceed with the deployment, use the Virtual Machine connected via Bastion (set up in step 4).
@@ -355,14 +431,24 @@ From [Standard Zero-Trust Architecture](https://github.com/Azure/GPT-RAG/blob/ma
+
+
### Step 6: Install PowerShell 7 in the vm
+
+ Details (Click to expand)
+
> After logging into Windows, [install PowerShell](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.4#installing-the-msi-package), as all other necessary components are already set up on the VM.
+
+
### Step 7: Update azd on the VM
+
+ Details (Click to expand)
+
> Launch the `Command Prompt` and enter the following command to update azd to its latest version:
```
@@ -371,9 +457,13 @@ From [Standard Zero-Trust Architecture](https://github.com/Azure/GPT-RAG/blob/ma
+
+
### Step 8: Application deployment
-> [!NOTE]
+
+ Details (Click to expand)
+
> Please review these configurations:
>
> - RemoteFX USB Device Redirection: Allows USB devices connected to your local computer to be used in the remote desktop session.`You can access and use local USB devices like storage drives, printers, or other peripherals directly from the remote session.`
@@ -396,7 +486,6 @@ From [Standard Zero-Trust Architecture](https://github.com/Azure/GPT-RAG/blob/ma
-> [!IMPORTANT]
> When executing the `azd init for the app` and `azd env refresh` commands, ensure that the `environment name, subscription, and region are consistent` with those used during the `initial infrastructure provisioning`.
3. Sets up a new project using the Azure GPT-RAG template: `azd init -t azure/gpt-rag`
@@ -405,7 +494,6 @@ From [Standard Zero-Trust Architecture](https://github.com/Azure/GPT-RAG/blob/ma
4. Logs you into Azure Developer CLI: `azd auth login`.
-> [!NOTE]
> Ensure your admin account is correctly configured with Authenticator.
@@ -445,8 +533,7 @@ From [Standard Zero-Trust Architecture](https://github.com/Azure/GPT-RAG/blob/ma
-> [!NOTE]
-> **If you encounter an error with `azd deploy`:**
+> **If you find an error with `azd deploy`:**
```
ERROR: getting target resource: getting default resource groups for environment:
@@ -467,8 +554,10 @@ gpt-rag-resource-group: resource not found: 0 resource groups with prefix or suf
> For example:
> If `main.parameters.json` contains `"location": "westus2"`, make sure your environment has `AZURE_LOCATION=westus2`.
+
+
> [!NOTE]
-> A `golden dataset` for RAG is your trusted, `curated set of documents or files that the system retrieves from when answering questions`. It’s a clean, accurate, and `representative subset of all possible data free of noise and errors`, so the model always pulls reliable context. Is a `subset of files, for example, and known Q&A pairs chosen from the larger data source.` These are the “benchmark” `questions where the correct answers are already known`, so they can be `used later to measure system accuracy and performance`. Other `expert users are free to ask additional questions during testing, but those will still pull context from the same curated files in the golden dataset (subset datasource)`. In short, it’s the trusted evaluation set for your proof of concept for example.
+> A `golden dataset` for RAG is your trusted `curated set of documents or files that the system retrieves from when answering questions`. It’s a clean, accurate, and `representative subset of all possible data free of noise and errors`, so the model always pulls reliable context. Is a `subset of files, for example, and known Q&A pairs chosen from the larger data source.` These are the “benchmark” `questions where the correct answers are already known`, so they can be `used later to measure system accuracy and performance`. Other `expert users are free to ask additional questions during testing, but those will still pull context from the same curated files in the golden dataset (subset datasource)`. In short, it’s the trusted evaluation set for your proof of concept for example.
From f23c709b773ee18bdf344661ac502ee9c4a4547c Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
Date: Wed, 12 Nov 2025 04:03:48 +0000
Subject: [PATCH 2/4] Update last modified date in Markdown files
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index ee4af2f..daf879d 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ Costa Rica
[](https://github.com/)
[brown9804](https://github.com/brown9804)
-Last updated: 2025-11-03
+Last updated: 2025-11-12
----------
From 77098f76ad919d71700b94a6db8b1985820e9026 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
Date: Wed, 12 Nov 2025 04:03:51 +0000
Subject: [PATCH 3/4] Update visitor count
---
0_RAG_Overview.md | 4 ++--
1_PrivateArchitecture.md | 4 ++--
2_ZeroTrustOverview.md | 4 ++--
3_PricingDemos/0_Doc-Intellig.md | 4 ++--
3_PricingDemos/1_AI-Search.md | 4 ++--
3_PricingDemos/2_AOAI-AIFoundry.md | 4 ++--
3_PricingDemos/README.md | 4 ++--
4_Which_Copilot_toChoose.md | 4 ++--
5_AI_Initial_Questions.md | 4 ++--
README.md | 4 ++--
how-modify.md | 4 ++--
how-redeploy-app.md | 4 ++--
terraform-infrastructure/README.md | 4 ++--
troubleshooting.md | 4 ++--
14 files changed, 28 insertions(+), 28 deletions(-)
diff --git a/0_RAG_Overview.md b/0_RAG_Overview.md
index 58a029f..ca6190e 100644
--- a/0_RAG_Overview.md
+++ b/0_RAG_Overview.md
@@ -147,7 +147,7 @@ graph LR
-
-
Refresh Date: 2025-11-03
+
+
Refresh Date: 2025-11-12
-
-
Refresh Date: 2025-11-03
+
+
Refresh Date: 2025-11-12
-
-
Refresh Date: 2025-11-03
+
+
Refresh Date: 2025-11-12
-
-
Refresh Date: 2025-11-03
+
+
Refresh Date: 2025-11-12
-
-
Refresh Date: 2025-11-03
+
+
Refresh Date: 2025-11-12
-
-
Refresh Date: 2025-11-03
+
+
Refresh Date: 2025-11-12
-
-
Refresh Date: 2025-11-03
+
+
Refresh Date: 2025-11-12
-
-
Refresh Date: 2025-11-03
+
+
Refresh Date: 2025-11-12
-
-
Refresh Date: 2025-11-03
+
+
Refresh Date: 2025-11-12
-
-
Refresh Date: 2025-11-03
+
+
Refresh Date: 2025-11-12
-
-
Refresh Date: 2025-11-03
+
+
Refresh Date: 2025-11-12
-
-
Refresh Date: 2025-11-03
+
+
Refresh Date: 2025-11-12
-
-
Refresh Date: 2025-11-03
+
+
Refresh Date: 2025-11-12
-
-
Refresh Date: 2025-11-03
+
+
Refresh Date: 2025-11-12
List of References (Click to expand)
@@ -227,7 +226,6 @@ SharePoint Site → Metadata Streamer → Document Downloader → Chunker → Az
-
## Zero Trust Architecture
> Zero Trust AI architecture in Microsoft Azure is a `security framework designed to protect data, applications, and infrastructure by assuming that threats can come from both inside and outside the network`. This model operates on the principle of "never trust, always verify", meaning `every access request is thoroughly authenticated and authorized based on all available data points, regardless of its origin. The architecture integrates multiple layers of security, including strong identity verification, device compliance checks, and least privilege access, ensuring that only authorized users and devices can access sensitive resources`. By continuously monitoring and validating each request, Zero Trust AI architecture helps organizations minimize risks and enhance their overall security posture.