Azure-Samples · ckittel · Feb 26, 2025 · Feb 26, 2025
diff --git a/README.md b/README.md
@@ -240,7 +240,7 @@ Most Azure resources deployed in the prior steps will incur ongoing charges unle
 az group delete -n $RESOURCE_GROUP -y
 
 # Purge the soft delete resources
-az keyvault purge -n kv-${BASE_NAME} -l $LOCATION 
+az keyvault purge -n kv-${BASE_NAME} -l $LOCATION
 az cognitiveservices account purge -g $RESOURCE_GROUP -l $LOCATION -n oai-${BASE_NAME}
 ```
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -14,7 +14,7 @@ Instead, please report them to the Microsoft Security Response Center (MSRC) at
 
 If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/security.md/msrc/pgp).
 
-You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
 
 Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
 

diff --git a/infra-as-code/bicep/acr.bicep b/infra-as-code/bicep/acr.bicep
@@ -51,14 +51,14 @@ resource acrResourceDiagSettings 'Microsoft.Insights/diagnosticSettings@2021-05-
   properties: {
     workspaceId: logWorkspace.id
     logs: [
-        {
-            categoryGroup: 'allLogs'
-            enabled: true
-            retentionPolicy: {
-                enabled: false
-                days: 0
-            }
+      {
+        categoryGroup: 'allLogs'
+        enabled: true
+        retentionPolicy: {
+          enabled: false
+          days: 0
         }
+      }
     ]
     logAnalyticsDestinationType: null
   }

diff --git a/infra-as-code/bicep/keyvault.bicep b/infra-as-code/bicep/keyvault.bicep
@@ -36,13 +36,13 @@ resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' = {
 
     tenantId: subscription().tenantId
 
-    enableRbacAuthorization: true       // Using RBAC
-    enabledForDeployment: true          // VMs can retrieve certificates
-    enabledForTemplateDeployment: true  // ARM can retrieve values
+    enableRbacAuthorization: true      // Using RBAC
+    enabledForDeployment: true         // VMs can retrieve certificates
+    enabledForTemplateDeployment: true // ARM can retrieve values
 
     enableSoftDelete: true
     softDeleteRetentionInDays: 7
-    createMode: 'default'               // Creating or updating the key vault (not recovering)
+    createMode: 'default'              // Creating or updating the key vault (not recovering)
   }
 }
 
@@ -53,14 +53,14 @@ resource keyVaultDiagSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-
   properties: {
     workspaceId: logWorkspace.id
     logs: [
-        {
-            categoryGroup: 'allLogs'
-            enabled: true
-            retentionPolicy: {
-                enabled: false
-                days: 0
-            }
+      {
+        categoryGroup: 'allLogs'
+        enabled: true
+        retentionPolicy: {
+          enabled: false
+          days: 0
         }
+      }
     ]
     logAnalyticsDestinationType: null
   }

diff --git a/infra-as-code/bicep/machinelearning.bicep b/infra-as-code/bicep/machinelearning.bicep
@@ -10,7 +10,7 @@ param baseName string
 @description('The resource group location')
 param location string = resourceGroup().location
 
-// existing resource name params 
+// existing resource name params
 param applicationInsightsName string
 param containerRegistryName string
 param keyVaultName string
@@ -153,17 +153,17 @@ resource aiHub 'Microsoft.MachineLearningServices/workspaces@2024-07-01-preview'
     tier: 'Basic'
   }
   identity: {
-    type: 'SystemAssigned'  // This resource's identity is automatically assigned priviledge access to ACR, Storage, Key Vault, and Application Insights.
+    type: 'SystemAssigned' // This resource's identity is automatically assigned priviledge access to ACR, Storage, Key Vault, and Application Insights.
   }
   properties: {
     friendlyName: 'Azure OpenAI Chat Hub'
     description: 'Hub to support the Microsoft Learn Azure OpenAI basic chat implementation. https://learn.microsoft.com/azure/architecture/ai-ml/architecture/basic-openai-e2e-chat'
-    publicNetworkAccess: 'Enabled'  // Production readiness change: The "Baseline" architecture adds ingress and egress network control over this "Basic" implementation.
+    publicNetworkAccess: 'Enabled' // Production readiness change: The "Baseline" architecture adds ingress and egress network control over this "Basic" implementation.
     ipAllowlist: []
     serverlessComputeSettings: null
     enableServiceSideCMKEncryption: false
     managedNetwork: {
-      isolationMode: 'Disabled'  // Production readiness change: The "Baseline" architecture adds ingress and egress network control over this "Basic" implementation.
+      isolationMode: 'Disabled' // Production readiness change: The "Baseline" architecture adds ingress and egress network control over this "Basic" implementation.
     }
     allowRoleAssignmentOnRG: false // Require role assignments at the resource level.
     v1LegacyMode: false
@@ -221,7 +221,7 @@ resource aiHubDiagSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-pre
 }
 
 // ---- Chat project ----
- 
+
 @description('This is a container for the chat project.')
 resource chatProject 'Microsoft.MachineLearningServices/workspaces@2024-04-01' = {
   name: 'aiproj-chat'
@@ -232,7 +232,7 @@ resource chatProject 'Microsoft.MachineLearningServices/workspaces@2024-04-01' =
     tier: 'Basic'
   }
   identity: {
-    type: 'SystemAssigned'  // This resource's identity is automatically assigned priviledge access to ACR, Storage, Key Vault, and Application Insights.
+    type: 'SystemAssigned' // This resource's identity is automatically assigned priviledge access to ACR, Storage, Key Vault, and Application Insights.
   }
   properties: {
     friendlyName: 'Chat with Wikipedia project'
@@ -293,7 +293,7 @@ resource chatProjectDiagSettings 'Microsoft.Insights/diagnosticSettings@2021-05-
     workspaceId: logWorkspace.id
     logs: [
       {
-        categoryGroup: 'allLogs'  // Production readiness change: In production, this is probably excessive. Please tune to just the log streams that add value to your workload's operations.
+        categoryGroup: 'allLogs' // Production readiness change: In production, this is probably excessive. Please tune to just the log streams that add value to your workload's operations.
         enabled: true
         retentionPolicy: {
           enabled: false

diff --git a/infra-as-code/bicep/modules/keyvaultRoleAssignment.bicep b/infra-as-code/bicep/modules/keyvaultRoleAssignment.bicep
@@ -1,8 +1,8 @@
 /*
   This template creates a role assignment for a managed identity to access secrets in key vault.
 
-  To ensure that each deployment has a unique role assignment ID, you can use the guid() function with a seed value that is based in part on the 
-  managed identity's principal ID. However, because Azure Resource Manager requires each resource's name to be available at the beginning of the deployment, 
+  To ensure that each deployment has a unique role assignment ID, you can use the guid() function with a seed value that is based in part on the
+  managed identity's principal ID. However, because Azure Resource Manager requires each resource's name to be available at the beginning of the deployment,
   you can't use this approach in the same Bicep file that defines the managed identity. This sample uses a Bicep module to work around this issue.
 */
 @description('The Id of the role definition.')

diff --git a/infra-as-code/bicep/openai.bicep b/infra-as-code/bicep/openai.bicep
@@ -22,7 +22,7 @@ resource openAiAccount 'Microsoft.CognitiveServices/accounts@2023-10-01-preview'
   kind: 'OpenAI'
   properties: {
     customSubDomainName: 'oai-${baseName}'
-    publicNetworkAccess: 'Enabled'  // Production readiness change: This sample uses identity as the perimeter. Production scenarios should layer in network perimeter control as well.
+    publicNetworkAccess: 'Enabled' // Production readiness change: This sample uses identity as the perimeter. Production scenarios should layer in network perimeter control as well.
     disableLocalAuth: true
   }
   sku: {

diff --git a/infra-as-code/bicep/webapp.bicep b/infra-as-code/bicep/webapp.bicep
@@ -23,7 +23,7 @@ resource logWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' exis
   name: logWorkspaceName
 }
 
-// Built-in Azure RBAC role that is applied to a Key Vault to grant secrets content read permissions. 
+// Built-in Azure RBAC role that is applied to a Key Vault to grant secrets content read permissions.
 resource keyVaultSecretsUserRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
   name: '4633458b-17de-408a-b874-0445c86b69e6'
   scope: subscription()