Introduction

Ayfie Personal Assistant is an advanced AI-powered web application that enables users to upload, analyze, and interact with data of almost any file format, including Office documents and PDFs, facilitating queries and discussions related to the uploaded content.

Here are a few important concepts to be aware of when managing the standalone Personal Assistant application.

Two Components

Ayfie Personal Assistant consists of two components, of which one, the part that includes the UI, is referred to as the Ayfie Personal Assistant Application. Since Azure Marketplace refers to both components as applications, this can lead to some confusion. It is thus important to understand that Ayfie Personal Assistant: is made up of these two components:

• Storage - Ayfie Personal Assistant Storage: a static, one time installed, secure document storage environment.

• Application - Ayfie Personal Assistant Application: a dynamic UI component that will change over time as features are being updated or added

Private Plan vs. Public Offering

There are two ways of purchasing Ayfie Personal Assistant: via a private plan or via a public offering. As the installation and configuration is slightly different for the two cases, one will need to know how the product was purchased.

• Private plan - the contract is with Ayfie and one orders a single user in Microsoft Azure regardless of the number of actual users.

• Public offering - the contract is with Microsoft and one configures the number of users in Microsoft Azure in accordance with the actual number of users.

Technically, there is no problem installing and configuring Ayfie Personal Assistant as a public offering even if one purchased it via a private plan. However, that would significantly increase the monthly cost without any added benefit.

Resource Groups

A resource groups is what is used to group and administrate customer resources in Azure. The two Ayfie components Ayfie Personal Assistant Storage and Ayfie Personal Assistant Application could be placed in one resource group together with other non-Ayfie resources, or in a resource group just by themselves, or split across two different resource groups. Further, these resource groups could be given any name one see fit. However, it is recommended that each of them are given a dedicated resource group and that they are not mixed with other resources. It is also recommended naming the resource groups rg-ayfie-pa-storage and rg-ayfie-pa-application. Using these exact named resource groups will simplify later upgrades to newer versions of Ayfie Personal Assistant as well as any future interactions with Ayfie support.

Version Upgrades

Version upgrades are not done as “upgrades” but rather as an uninstall operation (of the old version) followed by an install operation (of the new version). As of version 2.9, Personal Assistant consists of two components (see above) and only the application component is “upgraded” (uninstalled and installed), the storage component is left as-is.

Custom Domain vs. Random URL

The URL to access Personal Assistant can be either a custom domain of your choosing (for instance pa.mycompany.com) or whatever random URL provided by Azure AI services. The former approach is what is most common. In either case this has to be followed up whenever one upgrade to a new version of Personal Assistant, either by making sure to reuse the same Service Principle (the Entra ID application) or by updating the callback_url if one uses the default URL provided by Azure AI services.

Prerequisites

The prerequisites come in two groups:

• System prerequisites - Obtain the required subscription rights to do the installation

• Admin user prerequisites - Obtain the required user permissions to run the install process

System Prerequisites

These are the system prerequisites:

• Obtain an Azure Subscription

  • An active Azure subscription is required. To register a new subscription, go to the Azure website.

    • At times, Microsoft may impose subscription type specific limitations on their OpenAI services, particularly concerning the amount of data (referred to as the token quota) that can be exchanged during chat interactions. Please see this Microsoft documentation on token quotas for details on which subscription types that may have such restrictions.

  • If one has a contract directly with Ayfie (a.k.a. private plan) please send the Subscription ID to your Ayfie contact.

• Get Azure OpenAI Approval

  • The Azure subscription needs to be approved for Azure Open AI. How to do that is described in Ayfie Personal Assistant - How to Request Access to the Azure OpenAI Service.

• Enable two Providers

  • In the Azure subscription settings, ensure that the two providers below are enabled. How to do that is described in Ayfie Personal Assistant - How to Add Providers to an Azure Subscription.

    • Microsoft.App: Required for deploying applications within Azure.

    • Microsoft.ContainerService: Required for managing container-based services within Azure.

Admin User Prerequisites

The user that is to carries out the Ayfie Personal Assistant install process must have these roles and permissions:

• Azure Subscription Management Owner and Key Vault Administrator

  • Verifying Subscription Owner and Key Vault Administrator Roles

• Permission to Create and Manage Entra ID Enterprise Applications

• Permission to Alter DNS Configuration

  • The user must have permissions to alter DNS records for custom domain setup (only required if the auto generated URL used by users to access the application is to be changed to something more readable and user friendly).

After completing all system and admin user prerequisites listed above, one can proceed with the installation of Ayfie Personal Assistant.

Installing Ayfie Personal Assistant

The installation of Ayfie Personal Assistant consists of these operations that will be covered in the next few sections:

• Obtain and configure the storage component of Ayfie Personal Assistant

• Obtain and configure the application component of Ayfie Personal Assistant

• Post-Deployment configuration

Obtain and Configure the Storage Component

Obtain the Storage Component

1. Go to the Microsoft Azure Portal at

2. In the search box enter Marketplace and select it from the search results

3. At the Marketplace page, use the Marketplace search box to search for “Ayfie Personal Assistant Storage”

4. Select the Ayfie Personal Assistant Storage from the search result

5. Chose plan “Storage” and then click the Create button

Configure & Deploy the Storage Component

Once the Create Storage page appears, fill in the details:

Open

• Select the subscription from the dropdown (Ayfie Development in the example above)

• Create a new resource group (recommended) or select an existing one. The name rg-ayfie-pa-storage is recommended.

• Select one of the regions from the dropdown menu.

  • The region of storage component determines what laws and regulation that will govern the data being stored.

  • The region of the application component determines which language models that are available. Not all language models are available in all regions.

  • Even though it is possible to have the two components spread across two different regions, that is not recommended.

  • Customers from EU countries should for legal reasons select one of the two EU regions.

  • These are the best performing GPT-4 LLM by region at the time of this writing:

    • France Central (GPT-4 1106-Preview)

    • Sweden Central (GPT-4o)

    • UK South (GPT-4 1106-Preview)

    • Canada East (GPT-4 1106-Preview)

• Check the checkbox to verify you have been granted access to Azure OpenAI with selected subscription (circled in yellow above)

• Click the white Next or the blue Review + create button. This will take one to the Review + create page.

Open

• Review the summary. Go back and correct anything found to be wrong.

• Click the Create button at the bottom of the page when ready to deploy Ayfie Personal Assistant

It typically takes some 10-15 minutes for the Managed Application to deploy its more than 15 Azure resources.

Obtain and Configure the Application

Obtain the Application Component

These are the two ways of configuring Ayfie Personal Assistant Application in Microsoft Azure Marketplace:

• As a private plan

• As a public offering

If in doubt, one should consult on how to find out what one has. Most of the steps are the same for the two alternatives. The difference is in step 2 and 5 below (indicated with bold font) and with green markings in the screenshot below where one follow the red arrows all the way for the public offering and swap to green for the private plan.

1. Go to the Microsoft Azure Portal at

2. In the search box enter Marketplace and select it from the search results

3. If you have a private plan select Private plans in in the left side menu (circled in green), otherwise use the search box to look up the “Ayfie Personal Assistant” applications

4. Select the Ayfie Personal Assistant Application box

5. If you have a private plan, select the plan from the dropdown (see green arrow below), otherwise select the number of users you want to license (red arrow). Then click the Create button.

From this point of in the procedure, there is no difference between having a private plan or a public offering.

Configure the Application Component

To complete the creation of the Ayfie Personal Assistant Application component, one will visit these 4 page tabs one by one in the given order:

• Basic

• User Authentication

• Application Settings

• Review + create

The Basic Tab

The page title in the graphics below ends with Private Plan. if one is using a public offering, then the title will instead be Create N users, where N is the number of users one selected from the dropdown on the previous page. The graphics in this section will show both title types.

• Select the subscription from the dropdown (Ayfie Development in the example above).

• Create a new resource group (recommended) or select an existing one. The recommended name for the group is rg-ayfie-pa-application.

• Select the region. Normally one would select the same region as earlier selected for the storage component, but if this is done as part of an upgrade one may have to select another region if one as part of the upgrade is changing to a new language model that is not available in the same region.

• Select the storage resource group from earlier (that is rg-ayfie-pa-storage if one created it using the recommended name)

• Give the managed application a name, for instance the recommended name AyfiePersonalAssistant as in the example above.

• Click Next to get to the next page tab

The User Authentication Tab

User access to Ayfie Personal Assistance is managed by Entra ID via a Service Principal.

• One can use a Service Principal that already exists or create a new one.

  • Note: If upgrading, make sure to use the exact same Enterprise Application as in for previous version, otherwise it may cause issues with stored documents and chat history

• Depending on which of the two options one chose, clicking the Make selection link will either bring up a search pane with existing Service Principals to choose from, or a form to register a new Service Principal. The screenshot above shows the case of creating a new one.

• Give the Service Principal (the Entra ID application) a name, for instance AyfiePersonalAssistantApp as in the graphics above.

• Select the single tenant option (this would cover the case of all users being employees of the customer)

• Click the Register button. This will take one away from the page. After having completed the registration, just redo the first few steps to get back to this place.

• Verify that one has created or selected a Service Principal by checking of the check box

• Click Next (circled in red) to get to the Authentication page

The Application Settings Tab

The “Application Settings” tab has the following optional settings which allows you to:

• Enable and set Custom Domain (instead of a generated URL)

• Enable and set Data Retention Policy (if not enabled we will keep all documents for as long the application is installed)

These settings are not possible to change post deployment. That would require one to uninstall and install as explained in chapter “Upgrading to a Newer Version of Ayfie Personal Assistant”

Custom Domain (red box)

When deploying Ayfie Personal Assistant one is always given an URL which users can use to access the frontend. This URL will adhere to the format: https://chat-ui.random-part.region-name.azurecontainerapps.io.

If one instead would like users to access the application with a specific custom URL, then do as described below, otherwise skip this page by clicking the Next button directly:

• Check the “Configure custom domain”

• Check the “Verify if you have access to DNS record for you domain”

• Add the custom domain, e.g. “pa.my-domain.com” to the input field

• Click the white Next or the blue Review + create button. This will take one to the Review + create page.

Data Retention Policy (green box)

If one want to reduce the storage cost, be compliant with internal policies for data storage or if one want to avoid a potential long list of files in the user interface of Personal Assistant, one can enable Data Retention Policy. This can be set to an integer between 7 and 100. This feature will then remove all files permanently from Personal Assistant if the file is older and haven’t been used in any chat for the past number of days specified.

• Check the “Enable data retention policy”

• Enter the number of days before files are deleted due to inactivity

The Review + Create Tab

• Review the summary of one’s choices from the previous two tabs and go back and correct anything found to be wrong.

• Click the Create button at the bottom of the page when ready to deploy Ayfie Personal Assistant

It typically takes some 10-15 minutes for the Managed Application to deploy its more than 10 Azure resources.

Post-Deployment Configuration

The last step of the previous section created and deployed the Personal Assistant and all its resources. Once it is fully deployed (reported above to take some 15-20 minutes), there are two post-configuration steps:

• Obtain the Callback URL

• Set the Entra ID application up with the Callback URL

• Limit Users Access If Required

• Custom domain configuration

Obtain the Callback URL

Retrieve the callback URL:

1. Go to the Microsoft Azure Portal at

2. In the search box enter Managed Applications and select it from the search results

3. At the Managed Applications page, click AyfiePersonalAssistant (the name we gave it in the previous section)

4. Under Settings, Click Parameters and Outputs in the left vertical menu

5. Copy the the values of your_personal_assistant_url and callback_url to a notepad as you will be needing these later in this procedure.

Set the Entra ID application up with the Callback URL

Configure the Entra ID application to do single sign-on access control for a single-page application:

1. Go to the Microsoft Azure Portal at

2. In the search box enter Enterprise Applications and select it from the search results

3. Search for and click the Service Principle we created earlier (in this documentation we named it AyfiePersonalAssistantApp)

4. At the Enterprise Applications page, select the Single sign-on menu option in the vertical left side menu

5. Click Go to application up in the right corner of the first item listed

6. Select Authentication in the vertical left side menu

7. Click Add a platform and then select Single-page application up to the right of the page

8. Only if an upgrade and not a brand new installation: Make sure to remove any previously used web application platform by clicking the trash can icon up in the right corner

9. Enter the callback_url we saved earlier in the top text input field and then check of the two boxes at the bottom for Access tokens and ID tokens before clicking Configure:

10. Click the blue Save button at the bottom of the page

Granting Permissions for the Application

To enable Ayfie Personal Assistant to interact with Microsoft Graph on behalf of users, one has to grant admin consent for the required permissions.

1. Under the Security part of the vertical menu to the left, Select Permissions

2. Click on Grant admin consent for [Your Organization].

3. A new web browser window is shown, click Accept.

Limit User Access for Personal Assistant

See following chapters in the guide

• Update the app to require user assignment

• Assign the app to users and groups to restrict access

Custom Domain Configuration

If a custom domain was configured earlier, then that has to be followed up with a corresponding DNS configuration as shown here:

Step 1 and 2 below is not shown in the graphic above.

1. Go to the Microsoft Azure Portal at https://portal.azure.com

2. In the search box enter Resource Groups and select it from the search results

3. Search for and select resource group rg-ayfie-pa-application (or whatever other name that it was given)

4. Click the managed application AyfiePersonalAssistant (or whatever other name that it was given)

5. Click the managed resource group link mrg-ayfie_personal_assistan-<timestamp> (or whatever other name that it was given) up to the right

6. Within this group, find and click on the 'chat-ui' resource to access its settings.

7. In the 'chat-ui' resource, look for the 'Custom Domain' section in the navigation pane on the left side of the screen.

8. Click on the 'Add custom domain' button to start the domain setup process.

9. When prompted, choose 'Managed certificate' as your first option (circled in purple) to ensure your domain is secured with an SSL certificate managed by Azure.

10. In the 'Domain' field (circled in green), type in the exact domain name you specified during the deployment of the Ayfie Personal Assistant Application.

11. For the record type, leave it set to “CNAME”

12. Add the two records provided in the 'Domain validation' section (circled in orange) to your domain's DNS settings. These records are crucial for proving ownership of the domain and for the SSL certificate to be issued.

13. Once you've updated your domain's DNS settings, click the 'Validate' button in Azure to check if the records are correctly configured.

14. If the validation is successful, the domain status should eventually update from “No binding” to 'Secured', indicating that your custom domain is now properly set up and protected with an SSL certificate.

Accessing Ayfie Personal Assistant

• Enter the 'your_personal_assistant_url' in the browser to access the Ayfie Personal Assistant website and start conversing about uploaded documents.

• Note: Managed Applications installed via Azure Marketplace does not allow one to change the DNS of this application. That means one has these options:

  • Use the 'your_personal_assistant_url' as is

  • Configure an alias with a redirect to the 'your_personal_assistant_url'

Uninstalling Ayfie Personal Assistant

Personal Assistant consists of two components:

• Ayfie Personal Assistant Application

• Ayfie Personal Assistant Storage

There are two different uninstall scenarios:

• One wants to uninstall Personal Assistant completely for not using it any longer

  • Uninstall both components

• One wants to uninstall Personal Assistant as part of an upgrade to a newer version of Personal Assistant

  • Only uninstall the application component, leave the storage component with chat history and uploaded documents in place

The following graphic shows how to start the operation of uninstalling Ayfie Personal Assistant:

The next graphic shows how one can check the status of the delete operation by clicking the notification icon up in the right corner of the browser window:

The uninstallation process may take anywhere from 3 to 20 minutes.

Upgrading to a Newer Version of Ayfie Personal Assistant

Ayfie Personal Assistant is in Microsoft terminology a Managed Application. Managed Applications cannot be upgraded per se; the old version must first be uninstalled before the new version can be installed.

However, Ayfie Personal Assistant Storage ensures that data is preserved during upgrades. Therefore, it is crucial to only uninstall and reinstall the Managed Application Ayfie Personal Assistant Application. The Managed Application Ayfie Personal Assistant Storage must remain in place as-is.

Here are the 3 steps to “upgrade” to a later version:

1. Retrieve the Client ID of the application:

   1. Go to the Microsoft Azure Portal at

   2. In the search box enter Managed Applications and select it from the search results

   3. At the Managed Applications page, click AyfiePersonalAssistant (or whatever other name one chose to give the application in a previous section above)

   4. Under Settings, Click Parameters and Outputs in the left vertical menu

   5. Navigate to Settings and select Parameters and outputs

   6. Copy the Client ID, it will be needed in step 4 below

2. Uninstall the current version as described in chapter Uninstalling the Ayfie Personal Assistant

3. Force an immediate deletion of any resources that are marked for deletion but that have still not been deleted as shown in the screenshot below.

4. Do the installation from scratch as described in chapter Installing Ayfie Personal Assistant (but skip installing the storage component that was not uninstalled):

   1. If opting to re-use the existing "Service Principal" (Entra ID application) and one does not use a custom domain name, ensure to update the 'callback_url' as described in earlier section Set the Entra ID application up with the Callback URL. The same applies if one is upgrading from a Personal Assistant version prior to version 2.14.

   2. If Custom Domain is configured with the same value as in past versions, one is required to follow the steps within earlier section Custom Domain Configuration.

Troubleshooting

Deploying Ayfie Personal Assistant may encounter issues, and this section provides guidance on identifying and resolving common errors.

If you are unable to troubleshoot or fix the issue, please contact our support at support-nordics@ayfie.com

Error Notification

To know the status of an ongoing or completed deployment or other operation, click the bell icon to the right of the top bar.\

To the right in the graphic above we see a successful application creation followed by a failed deployment (last action listed at the top). By clicking on the title we can get to more detailed information as shown with the error descriptions shown to the left.

Microsoft provides a long list of errors and their causes at. Not all of them are relevant to the deployment of Ayfie Personal Assisitant. Later in this section we will address the error message that are more relevant to our product.

Common Deployment Errors

In the following we will list some error that we see from time to time when deploying the Ayfie Personal Assistant:

• Configuration error: If one has installed Ayfie Personal Assistant Application with wrong settings (e.g. Enterprise Application, Data Retention or Custom Domain) we do not support modifying this post-deployment. One would therefore need to reinstall as written in Upgrading to a Newer Version of Ayfie Personal Assistant

• User chat and file upload history is gone after upgrade: This will occur when the Enterprise Application/ClientID is not the same across upgrades. One would therefore need to reinstall as written in Upgrading to a Newer Version of Ayfie Personal Assistant

• InsuffientQuota - this is an error that one normally would not see for a first time deployment, but is not uncommon during later re-deployments like for instance during upgrades. What normally causes this error is that one has forgotten to liberate Open AI resources that has been marked for deletion, but that has actually not been physically deleted. The fix is to do step 2 of the 3 steps procedure given in section Upgrading to a Newer Version of Ayfie Personal Assistant above. Another fix is to select another region as the quota is per region.

• “Random” deployments failures - sometimes Azure fails to deploy all of the resources. This is often caused by temporary issues at Azure and can usually be fixed by simply clicking the green circled Redeploy option in the graphic below. The error message in theses cases is typical without any details (see red circled example of this below):

Logs

Several containers now support extracting logs (some are locked down and not possible to extract logs from). The logs is specific to Ayfie related products and technology and would require one to forward the logs to Ayfie Support for further analysis.

In most cases of an error, the appropriate logs can be found in the “chat”-container:

• Navigate to the Managed Application for Ayfie PA.

• Click on the "Managed resource group."

• Within "Overview," select the resource "chat."

• Access logs under "Monitoring" and run the following queries:

  • ContainerAppConsoleLogs_CL | where ContainerName_s == "chat"
  • ContainerAppConsoleLogs_CL

• For each query result, extract the logs to CSV (all columns)

This documentation was last updated for version 2.14.1