To deploy this solution accelerator, ensure you have access to an Azure subscription with the necessary permissions to create resource groups, resources, app registrations, and assign roles at the resource group level. This should include Contributor role at the subscription level and Role Based Access Control role on the subscription and/or resource group level. Follow the steps in Azure Account Set Up.
Check the Azure Products by Region page and select a region where the following services are available:
- Azure AI Foundry
- Azure OpenAI Service
- Azure Blob Storage
- Azure Container Apps
- Azure Container Registry
- Azure App Configuration
- Azure Cosmos DB
- Azure Queue Storage
- o3 Model Capacity
Here are some example regions where the services are available: East US, East US2, Australia East, UK South, France Central.
If you encounter issues running PowerShell scripts due to the policy of not being digitally signed, you can temporarily adjust the ExecutionPolicy by running the following command in an elevated PowerShell session:
Set-ExecutionPolicy -Scope Process -ExecutionPolicy BypassThis will allow the scripts to run for the current session without permanently changing your system's policy.
The infra folder of the Multi Agent Solution Accelerator contains the main.bicep Bicep script, which defines all Azure infrastructure components for this solution.
By default, the azd up command uses the main.parameters.json file to deploy the solution. This file is pre-configured for a sandbox environment — ideal for development and proof-of-concept scenarios, with minimal security and cost controls for rapid iteration.
For production deployments, the repository also provides main.waf.parameters.json, which applies a Well-Architected Framework (WAF) aligned configuration. This option enables additional Azure best practices for reliability, security, cost optimization, operational excellence, and performance efficiency, such as:
How to choose your deployment configuration:
- Use the default
main.parameters.jsonfile for a sandbox/dev environment - For a WAF-aligned, production-ready deployment, copy the contents of
main.waf.parameters.jsonintomain.parameters.jsonbefore runningazd up
By default, the solution sets the VM administrator username and password from environment variables. If you do not configure these values, a randomly generated GUID will be used for both the username and password.
To set your own VM credentials before deployment, use:
azd env set AZURE_ENV_VM_ADMIN_USERNAME <your-username>
azd env set AZURE_ENV_VM_ADMIN_PASSWORD <your-password>Tip
Always review and adjust parameter values (such as region, capacity, security settings and log analytics workspace configuration) to match your organization’s requirements before deploying. For production, ensure you have sufficient quota and follow the principle of least privilege for all identities and role assignments.
Important
The WAF-aligned configuration is under active development. More Azure Well-Architected recommendations will be added in future updates.
Pick from the options below to see step-by-step instructions for GitHub Codespaces, VS Code Dev Containers, and Local Environments.
Deploy in GitHub Codespaces
You can run this solution using GitHub Codespaces. The button will open a web-based VS Code instance in your browser:
-
Open the solution accelerator (this may take several minutes):
-
Accept the default values on the create Codespaces page.
-
Open a terminal window if it is not already open.
-
Continue with the deploying steps.
Deploy in VS Code
You can run this solution in VS Code Dev Containers, which will open the project in your local VS Code using the Dev Containers extension:
-
Start Docker Desktop (install it if not already installed).
-
Open the project:
-
In the VS Code window that opens, once the project files show up (this may take several minutes), open a terminal window.
-
Continue with the deploying steps.
Deploy in your local Environment
If you're not using one of the above options for opening the project, then you'll need to:
-
Make sure the following tools are installed:
- PowerShell (v7.0+) - available for Windows, macOS, and Linux.
- Azure Developer CLI (azd) (v1.18.0+) - version
- Python 3.9+
- Docker Desktop
- Git
-
Clone the repository or download the project code via command-line:
azd init -t microsoft/Container-Migration-Solution-Accelerator/
-
Open the project folder in your terminal or editor.
-
Continue with the deploying steps.
Consider the following settings during your deployment to modify specific settings:
Configurable Deployment Settings
When you start the deployment, most parameters will have default values, but you can update the following settings by following the steps here:
| Setting | Description | Default Value |
|---|---|---|
| Azure Region | The region where resources will be created. | Resource Group location |
| Secondary Location | A less busy region for Azure Cosmos DB, useful in case of availability constraints. | |
| Deployment Type | Select from a drop-down list. | GlobalStandard |
| o3 Model | Choose from o3. | o3 |
| o3 Model Version | o3 model version used in the deployment. | 2025-04-16 |
| o3 Model Deployment Capacity | Configure capacity for o3 models. | 200k |
[Optional] Quota Recommendations
By default, the o3 model capacity in deployment is set to 200k tokens.
We recommend increasing the capacity to 500k tokens, if available, for optimal performance.
To adjust quota settings, follow these steps.
Reusing an Existing Log Analytics Workspace
Guide to get your Existing Workspace ID
Reusing an Existing Azure AI Foundry Project
Guide to get your Existing Project ID
Once you've opened the project in Codespaces, Dev Containers, or locally, you can deploy it to Azure by following these steps:
-
Login to Azure:
azd auth login
azd auth login --tenant-id <tenant-id>
Note: To retrieve the Tenant ID required for local deployment, you can go to Tenant Properties in Azure Portal from the resource list. Alternatively, follow these steps:
- Open the Azure Portal.
- Navigate to Azure Active Directory from the left-hand menu.
- Under the Overview section, locate the Tenant ID field. Copy the value displayed.
-
Provision and deploy all the resources:
azd up
-
Provide an
azdenvironment name (e.g., "conmig"). -
Select a subscription from your Azure account and choose a location that has quota for all the resources.
- This deployment will take 4-6 minutes to provision the resources in your account and set up the solution with sample data.
- If you encounter an error or timeout during deployment, changing the location may help, as there could be availability constraints for the resources.
-
Once the deployment has completed successfully, open the Azure Portal, go to the deployed resource group, find the container app with "frontend" in the name, and get the app URL from
Application URI.Important Note : Before accessing the application, ensure that all Post Deployment Steps are fully completed, as they are critical for the proper configuration of Data Ingestion and Authentication functionalities.
-
Use the application by uploading other GKE or EKS container workload configuration YAML files. Sample input files can be found in the data folder.
-
After exploring the application, you can delete the resources by running
azd downcommand.
-
Add Authentication Provider
- Follow steps in App Authentication to configure authenitcation in app service. Note that Authentication changes can take up to 10 minutes.
-
Deleting Resources After a Failed Deployment
- Follow steps in Delete Resource Group if your deployment fails and/or you need to clean up the resources.
If you encounter any issues during the deployment process, please refer troubleshooting document for detailed steps and solutions.
To help you get started, here's the Sample Workflow you can follow to try it out.