# Intro to Azure ML Services
Microsoft Azure provides the Azure Machine Learning service - a cloud-based platform for running experiments at scale to train predictive models from data, and publish the trained models as services.

Data scientists can use Azure Machine Learning throughout the entire machine learning lifecycle to:

- Ingest and prepare data.
- Run experiments to explore data and train predictive models.
- Deploy and manage trained models as web services.

Software engineers may interact with Azure Machine Learning in the following ways:

- Using Automated Machine Learning or Azure Machine Learning designer to train machine learning models and deploy them as REST services that can be integrated into AI-enabled applications.
- Collaborating with data scientists to deploy models based on common frameworks such as Scikit-Learn, PyTorch, and TensorFlow as web services, and consume them in applications.
- Using Azure Machine Learning SDKs or command-line interface (CLI) scripts to orchestrate DevOps processes that manage versioning, deployment, and testing of machine learning models as part of an overall application delivery solution.

Azure AI Services are cloud-based services that encapsulate AI capabilities. Rather than a single product, you should think of Azure AI Services as a set of individual services that you can use as building blocks to compose sophisticated, intelligent applications.
For details see: https://learn.microsoft.com/en-us/training/modules/prepare-to-develop-ai-solutions-azure/7-understand-capabilities-of-azure-cognitive-services


# Provision and manage Azure AI Services
Azure AI Services are building blocks of AI functionality that you can integrate into your applications. In this class, you'll learn how to provision, secure. monitor, and deploy Azure AI Services resources and use them to build intelligent solutions.

## Create and consume Azure AI Services
Azure AI Services enable developers to easily add AI capabilities into their applications. Learn how to create and consume these services.

Azure AI Services are cloud-based services that encapsulate AI capabilities. Rather than a single product, you should think of Azure AI Services as a set of individual services that you can use as building blocks to compose sophisticated, intelligent applications.

For details of services visit:
https://learn.microsoft.com/en-us/training/modules/create-manage-cognitive-services/1-introduction

You'll learn how to:

- Provision Azure AI service resources in an Azure subscription.
- Identify endpoints, keys, and locations required to consume an Azure AI service resource.
- Use a REST API to consume an Azure AI service.
- Use an SDK to consume an Azure AI service.

## Provision an Azure AI Services Resource
Azure AI Services are cloud-based services that encapsulate artificial intelligence capabilities you can incorporate into your applications. You can provision individual Azure AI services resources for specific APIs (for example, Language or Vision), or you can provision a single Azure AI Services resource that provides access to multiple Azure AI services APIs through a single endpoint and key. In this case, you’ll use a single Azure AI Services resource.

1. Open the Azure portal at https://portal.azure.com, and sign in using the Microsoft account associated with your Azure subscription.
2. In the top search bar, search for Azure AI services, select Azure AI Services, and create an Azure AI services multi-service account resource with the following settings:
  - Subscription: Your Azure subscription
  - Resource group: Choose or create a resource group (if you are using a restricted subscription, you may not have permission to create a new resource group - use the one provided)
  - Region: Choose any available region
  - Name: Enter a unique name
  - Pricing tier: Standard S0
3. Select the required checkboxes and create the resource.
4. Wait for deployment to complete, and then view the deployment details.
5. Go to the resource and view its Keys and Endpoint page. This page contains the information that you will need to connect to your resource and use it from applications you develop. Specifically:
  - An HTTP endpoint to which client applications can send requests.
  - Two keys that can be used for authentication (client applications can use either key to authenticate).
  - The location where the resource is hosted. This is required for requests to some (but not all) APIs.


## Use a REST Interface
The Azure AI services APIs are REST-based, so you can consume them by submitting JSON requests over HTTP. In this example, you’ll explore a console application that uses the Language REST API to perform language detection; but the basic principle is the same for all of the APIs supported by the Azure AI Services resource.

1. Open the `.env` configuration file and update the configuration values it contains to reflect the endpoint and an authentication key for your Azure AI services resource. Save your changes.

2. Code in the Main function retrieves the endpoint and key for your Azure AI services resource - these will be used to send REST requests to the Text Analytics service. The program accepts user input, and uses the GetLanguage function to call the Text Analytics language detection REST API for your Azure AI services endpoint to detect the language of the text that was entered. The request sent to the API consists of a JSON object containing the input data - in this case, a collection of document objects, each of which has an id and text. The key for your service is included in the request header to authenticate your client application. The response from the service is a JSON object, which the client application can parse.

3. When prompted, enter some text and review the language that is detected by the service, which is returned in the JSON response. For example, try entering “Hello”, “Bonjour”, and “Gracias”.
4. When you have finished testing the application, enter “quit” to stop the program.

In [4]:
from dotenv import load_dotenv
import os
import http.client, base64, json, urllib
from urllib import request, parse, error

def main():
    global cog_endpoint
    global cog_key

    try:
        # Get Configuration Settings
        load_dotenv()
        cog_endpoint = os.getenv('COG_SERVICE_ENDPOINT')
        cog_key = os.getenv('COG_SERVICE_KEY')

        # Get user input (until they enter "quit")
        userText =''
        while userText.lower() != 'q':
            userText = input('Enter some text ("q" to stop)\n')
            if userText.lower() != 'q':
                GetLanguage(userText)


    except Exception as ex:
        print(ex)

In [5]:
def GetLanguage(text):
    try:
        # Construct the JSON request body (a collection of documents, each with an ID and text)
        jsonBody = {
            "documents":[
                {"id": 1,
                 "text": text}
            ]
        }

        # Let's take a look at the JSON we'll send to the service
        print(json.dumps(jsonBody, indent=2))

        # Make an HTTP request to the REST interface
        uri = cog_endpoint.rstrip('/').replace('https://', '')
        conn = http.client.HTTPSConnection(uri)

        # Add the authentication key to the request header
        headers = {
            'Content-Type': 'application/json',
            'Ocp-Apim-Subscription-Key': cog_key
        }

        # Use the Text Analytics language API
        conn.request("POST", "/text/analytics/v3.1/languages?", str(jsonBody).encode('utf-8'), headers)

        # Send the request
        response = conn.getresponse()
        data = response.read().decode("UTF-8")

        # If the call was successful, get the response
        if response.status == 200:

            # Display the JSON response in full (just so we can see it)
            results = json.loads(data)
            print(json.dumps(results, indent=2))

            # Extract the detected language name for each document
            for document in results["documents"]:
                print("\nLanguage:", document["detectedLanguage"]["name"])

        else:
            # Something went wrong, write the whole response
            print(data)

        conn.close()


    except Exception as ex:
        print(ex)


In [6]:
main()

{
  "documents": [
    {
      "id": 1,
      "text": "What"
    }
  ]
}
{
  "documents": [
    {
      "id": "1",
      "detectedLanguage": {
        "name": "English",
        "iso6391Name": "en",
        "confidenceScore": 1.0
      },
    }
  ],
  "errors": [],
  "modelVersion": "2022-10-01"
}

Language: English


## Use an SDK
You can write code that consumes Azure AI services REST APIs directly, but there are software development kits (SDKs) for many popular programming languages, including Microsoft C#, Python, and Node.js. Using an SDK can greatly simplify development of applications that consume Azure AI services.

1. Install the Text Analytics SDK package by running the command below:

  ```
    pip install azure-ai-textanalytics==5.3.0
  ```

2. Update the configuration values `.env` file contains to reflect the endpoint and an authentication key for your Azure AI services resource. Save your changes.

3. Review the code below, noting the following details:

  - The namespace for the SDK you installed is imported
  - Code in the Main function retrieves the endpoint and key for your Azure AI services resource - these will be used with the SDK to create a client for the Text Analytics service.
  - The GetLanguage function uses the SDK to create a client for the service, and then uses the client to detect the language of the text that was entered.


In [7]:
from dotenv import load_dotenv
import os
from azure.ai.textanalytics import TextAnalyticsClient
from azure.core.credentials import AzureKeyCredential

def main():
    global cog_endpoint
    global cog_key

    try:
        # Get Configuration Settings
        load_dotenv()
        cog_endpoint = os.getenv('COG_SERVICE_ENDPOINT')
        cog_key = os.getenv('COG_SERVICE_KEY')

        # Get user input (until they enter "quit")
        userText =''
        while userText.lower() != 'q':
            userText = input('\nEnter some text ("q" to stop)\n')
            if userText.lower() != 'q':
                language = GetLanguage(userText)
                print('Language:', language)

    except Exception as ex:
        print(ex)


In [8]:
def GetLanguage(text):

    # Create client using endpoint and key
    credential = AzureKeyCredential(cog_key)
    client = TextAnalyticsClient(endpoint=cog_endpoint, credential=credential)

    # Call the service to get the detected language
    detectedLanguage = client.detect_language(documents = [text])[0]
    return detectedLanguage.primary_language.name


In [9]:
main()

Language: French



4. When prompted, enter some text and review the language that is detected by the service. For example, try entering “Goodbye”, “Au revoir”, and “Hasta la vista”.
5. When you have finished testing the application, enter “quit” to stop the program.



## Manage Azure AI Services Security
If you don’t already have one in your subscription, you’ll need to provision an **Azure AI Services** resource as mentioned above.

## Manage authentication keys
When you created your Azure AI services resource, two authentication keys were generated. You can manage these in the Azure portal or by using the Azure command line interface (CLI).

1. In the Azure portal, go to your Azure AI services resource and view its **Keys and Endpoint** page. This page contains the information that you will need to connect to your resource and use it from applications you develop. Specifically:
    - An HTTP *endpoint* to which client applications can send requests.
    - Two keys that can be used for authentication (client applications can use either of the keys. A common practice is to use one for development, and another for production. You can easily regenerate the development key after developers have finished their work to prevent continued access).
    - The location where the resource is hosted. This is required for requests to some (but not all) APIs.
2. Run the following command to sign into your Azure subscription by using the Azure CLI.

    ```
        az login
    ```
    A web browser tab will open and prompt you to sign into Azure. Do so, and then close the browser tab and return to Visual Studio Code.

In [10]:
!az login

[93mA web browser has been opened at https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with `az login --use-device-code`.[0m
[
  {
    "cloudName": "AzureCloud",
    "homeTenantId": "9f29c0ee-e759-4225-8eb9-8ad87ca0802e",
    "id": "037c30a5-5ce7-43c3-b964-703eeb6b0dd7",
    "isDefault": true,
    "managedByTenants": [],
    "name": "Azure subscription 1",
    "state": "Enabled",
    "tenantId": "9f29c0ee-e759-4225-8eb9-8ad87ca0802e",
    "user": {
      "name": "nomantanveer021@gmail.com",
      "type": "user"
    }
  }
]


3. Now you can use the following command to get the list of Azure AI services keys, replacing <resourceName> with the name of your Azure AI services resource, and <resourceGroup> with the name of the resource group in which you created it.

In [11]:
!az cognitiveservices account keys list --name cogntive-srvc-2 --resource-group demo

{
  "key1": "c4e32354854548679076355bef22fa19",
  "key2": "2df24400b1fe490488a3313bc9eebba9"
}


In [13]:
!curl -X POST "https://cogntive-srvc-2.cognitiveservices.azure.com/text/analytics/v3.0/languages?" -H "Content-Type: application/json" -H "Ocp-Apim-Subscription-Key: c4e32354854548679076355bef22fa19" --data-ascii "{'documents':[{'id':1,'text':'hello'}]}"



The command returns a JSON document containing information about the language detected in the input data (which should be English).

1. If a key becomes compromised, or the developers who have it no longer require access, you can regenerate it in the portal or by using the Azure CLI. Run the following command to regenerate your key1 key (replacing <resourceName> and <resourceGroup> for your resource).

    ```
    az cognitiveservices account keys regenerate --name <resourceName> --resource-group <resourceGroup> --key-name key1
    ```
The list of keys for your Azure AI services resource is returned - note that key1 has changed since you last retrieved them.

In [18]:
# !az cognitiveservices account keys regenerate --name cogntive-srvc-2 --resource-group demo --key-name key1

{
  "key1": "c4e32354854548679076355bef22fa19",
  "key2": "2df24400b1fe490488a3313bc9eebba9"
}


## Secure key access with Azure Key Vault
You can develop applications that consume Azure AI services by using a key for authentication. However, this means that the application code must be able to obtain the key. One option is to store the key in an environment variable or a configuration file where the application is deployed, but this approach leaves the key vulnerable to unauthorized access. A better approach when developing applications on Azure is to store the key securely in Azure Key Vault, and provide access to the key through a managed identity (in other words, a user account used by the application itself).

### Create a key vault and add a secret
First, you need to create a key vault and add a secret for the Azure AI services key.
1. Make a note of the key1 value for your Azure AI services resource (or copy it to the clipboard).
2. In the Azure portal, on the Home page, select the `＋Create a resource` button, search for Key Vault, and create a Key Vault resource with the following settings:
    - Basics tab
        - **Subscription**: Your Azure subscription
        - **Resource** group: The same resource group as your Azure AI service resource
        - **Key** vault name: Enter a unique name
        - **Region**: The same region as your Azure AI service resource
        - **Pricing** tier: Standard
    - Access configuration tab
        - **Permission model**: Vault access policy
        - Scroll down to the **Access policies** section and select your user using the checkbox on the left.
3. Wait for deployment to complete and then go to your key vault resource.
4. In the left navigation pane, select Secrets (in the Objects section).
5. Select + Generate/Import and add a new secret with the following settings:
    - **Upload** options: Manual
    - **Name**: Cognitive-Services-Key (it’s important to match this exactly, because later you’ll run code that retrieves the secret based on this name)
    - **Value**: Your key1 Azure AI services key

### Create a service principal
To access the secret in the key vault, your application must use a service principal that has access to the secret. You’ll use the Azure command line interface (CLI) to create the service principal, find its object ID, and grant access to the secret in Azure Vault.

1. Return to terminal for the cloned folder, run the following Azure CLI command, replacing <spName> with a unique suitable name for an application identity (for example, ai-app with your initials appended on the end; the name must be unique within your tenant). Also replace <subscriptionId> and <resourceGroup> with the correct values for your subscription ID and the resource group containing your Azure AI services and key vault resources:
    ```
    az ad sp create-for-rbac -n "api://<spName>" --role owner --scopes subscriptions/<subscriptionId>/resourceGroups/<resourceGroup>
    ```

In [14]:
# To get subscription ID
!az account show

{
  "environmentName": "AzureCloud",
  "homeTenantId": "9f29c0ee-e759-4225-8eb9-8ad87ca0802e",
  "id": "037c30a5-5ce7-43c3-b964-703eeb6b0dd7",
  "isDefault": true,
  "managedByTenants": [],
  "name": "Azure subscription 1",
  "state": "Enabled",
  "tenantId": "9f29c0ee-e759-4225-8eb9-8ad87ca0802e",
  "user": {
    "name": "nomantanveer021@gmail.com",
    "type": "user"
  }
}


In [15]:
!az ad sp create-for-rbac -n "api://ai-app-nt" --role owner --scopes subscriptions/037c30a5-5ce7-43c3-b964-703eeb6b0dd7/resourceGroups/demo

[93mFound an existing application instance: (id) 210656e3-78ab-4ac4-b35d-ad229121ebf5. We will patch it.[0m
[93mCreating 'owner' role assignment under scope 'subscriptions/037c30a5-5ce7-43c3-b964-703eeb6b0dd7/resourceGroups/demo'[0m
[93m  Role assignment already exists.
[0m
[93mThe output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. For more information, see https://aka.ms/azadsp-cli[0m
{
  "appId": "e6630e16-5d98-440e-8977-c8031fc05fd6",
  "displayName": "api://ai-app-nt",
  "password": "7Ks8Q~ptk~IwH3~yqL0PNdcnqm~e3JVT0Wxbob5b",
  "tenant": "9f29c0ee-e759-4225-8eb9-8ad87ca0802e"
}


Make a note of the **appId**, **password**, and **tenant** values - you will need them later (if you close this terminal, you won’t be able to retrieve the password; so it’s important to note the values now - you can paste the output into a new text file in Visual Studio Code to ensure you can find the values you need later!)
1. To get the **object ID** of your service principal, run the following Azure CLI command, replacing *<appId>* with the value of your service principal’s app ID. If running the following command gives no response, you may be using a different version of Azure CLI; replace `objectId` with `id` if that is the case.
    ```
        az ad sp show --id <appId> --query objectId --out tsv
    ```

In [16]:
!az ad sp show --id e6630e16-5d98-440e-8977-c8031fc05fd6 --query id --out tsv

5c4996a3-147f-4b6a-8f4b-4e8c1227accc


2. To assign permission for your new service principal to access secrets in your Key Vault, run the following Azure CLI command, replacing <keyVaultName> with the name of your Azure Key Vault resource and <objectId> with the value of your service principal’s object ID.

In [17]:
!az keyvault set-policy -n kv-12 --object-id 5c4996a3-147f-4b6a-8f4b-4e8c1227accc --secret-permissions get list

[K{- Starting ..
  "id": "/subscriptions/037c30a5-5ce7-43c3-b964-703eeb6b0dd7/resourceGroups/demo/providers/Microsoft.KeyVault/vaults/kv-12",
  "location": "eastus",
  "name": "kv-12",
  "properties": {
    "accessPolicies": [
      {
        "applicationId": null,
        "objectId": "def7429e-f627-4451-9736-3baaaecc6037",
        "permissions": {
          "certificates": [
            "Get",
            "List",
            "Update",
            "Create",
            "Import",
            "Delete",
            "Recover",
            "Backup",
            "Restore",
            "ManageContacts",
            "ManageIssuers",
            "GetIssuers",
            "ListIssuers",
            "SetIssuers",
            "DeleteIssuers"
          ],
          "keys": [
            "Get",
            "List",
            "Update",
            "Create",
            "Import",
            "Delete",
            "Recover",
            "Backup",
            "Restore",
            "GetRotationPolicy"

### Install dependencies:

In [2]:
%pip install azure-ai-textanalytics==5.3.0
%pip install azure-identity==1.5.0
%pip install azure-keyvault-secrets==4.2.0

Note: you may need to restart the kernel to use updated packages.
Note: you may need to restart the kernel to use updated packages.
Note: you may need to restart the kernel to use updated packages.


### Use the service principal in an application:
Now you’re ready to use the service principal identity in an application, so it can access the secret Azure AI services key in your key vault and use it to connect to your Azure AI services resource.

1. Open the configuration file (.env) and update the configuration values it contains to reflect the following settings (restart kernel to load changes to the `.env` file):
    - The endpoint for your Azure AI Services resource
    - The name of your Azure Key Vault resource
    - The tenant for your service principal
    - The appId for your service principal
    - The password for your service principal
Save your changes.

2. Review the code below, noting the following details:
    - The namespace for the SDK you installed is imported
    - Code in the Main function retrieves the application configuration settings, and then it uses the service principal credentials to get the Azure AI services key from the key vault.
    - The GetLanguage function uses the SDK to create a client for the service, and then uses the client to detect the language of the text that was entered.

In [18]:
from dotenv import load_dotenv
import os
from azure.ai.textanalytics import TextAnalyticsClient
from azure.core.credentials import AzureKeyCredential
from azure.keyvault.secrets import SecretClient
from azure.identity import ClientSecretCredential


def main():
    global cog_endpoint
    global cog_key

    try:
        # Get Configuration Settings
        load_dotenv()
        # Does not use cognitive service key
        cog_endpoint = os.getenv('COG_SERVICE_ENDPOINT')
        key_vault_name = os.getenv('KEY_VAULT')
        app_tenant = os.getenv('TENANT_ID')
        app_id = os.getenv('APP_ID')
        app_password = os.getenv('APP_PASSWORD')

        # Get Azure AI services key from keyvault using the service principal credentials
        key_vault_uri = f"https://{key_vault_name}.vault.azure.net/"
        credential = ClientSecretCredential(app_tenant, app_id, app_password)
        keyvault_client = SecretClient(key_vault_uri, credential)
        # Make sure to match the keyvault secret name to the name of the keyvault secret you created
        secret_key = keyvault_client.get_secret("Cognitive-Services-Key1")
        cog_key = secret_key.value

        # Get user input (until they enter "quit")
        userText =''
        while userText.lower() != 'quit':
            userText = input('\nEnter some text ("quit" to stop)\n')
            if userText.lower() != 'quit':
                language = GetLanguage(userText)
                print('Language:', language)

    except Exception as ex:
        print(ex)


In [19]:
def GetLanguage(text):
    # Create client using endpoint and key
    credential = AzureKeyCredential(cog_key)
    client = TextAnalyticsClient(endpoint=cog_endpoint, credential=credential)

    # Call the service to get the detected language
    detectedLanguage = client.detect_language(documents = [text])[0]
    return detectedLanguage.primary_language.name

main()

Language: French


3. When prompted, enter some text and review the language that is detected by the service. For example, try entering “Hello”, “Bonjour”, and “Gracias”.
4. When you have finished testing the application, enter “quit” to stop the program.