To create an app registration in the Azure portal for interactive device authentication and set up the necessary scopes to read the user's profile from Microsoft Graph, follow these detailed steps:

### Step 1: Sign in to the Azure Portal
1. Open a web browser and go to the [Azure Portal](https://portal.azure.com/).
2. Sign in with your Azure account credentials.

### Step 2: Navigate to Azure Active Directory
1. In the Azure portal, select **Azure Active Directory** from the left-hand navigation pane.

### Step 3: Register a New Application
1. In the Azure Active Directory pane, select **App registrations**.
2. Click on **New registration** at the top of the App registrations pane.
3. Fill in the following details:
   - **Name**: Enter a name for your application (e.g., "Interactive Device Auth App").
   - **Supported account types**: Choose the account types that your application will support. Typically, for organizational use, select "Accounts in this organizational directory only".
   - **Redirect URI (optional)**: Leave this blank for now as it's not required for device code flow.
4. Click **Register** to create the app registration.

### Step 4: Configure API Permissions
1. After registration, you will be redirected to the app's **Overview** page.
2. In the left-hand menu, select **API permissions**.
3. Click on **Add a permission**.
4. Select **Microsoft Graph**.
5. Choose **Delegated permissions**.
6. In the search box, type `User.Read` and select the **User.Read** permission which allows the app to sign in and read the user's profile.
7. Click **Add permissions**.

### Step 5: Generate a Client Secret
1. In the left-hand menu, select **Certificates & secrets**.
2. Under **Client secrets**, click on **New client secret**.
3. Add a description for the client secret (e.g., "ClientSecret1") and set an expiration period.
4. Click **Add**.
5. Copy the client secret value and save it securely. You will need it when configuring your application to authenticate using the device code flow.

### Step 6: Note Down Application (Client) ID and Directory (Tenant) ID
1. Go back to the **Overview** section of your app.
2. Note down the **Application (client) ID** and **Directory (tenant) ID**. These values are required for authentication.

### Step 7: Implement Device Code Flow in Your Application
1. Use the [Microsoft Authentication Library (MSAL)](https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-overview) for your preferred programming language to implement the device code flow.
2. In your application code, configure MSAL with your client ID, client secret, and tenant ID.
3. Use the `DeviceCodeProvider` to request an access token with the `User.Read` scope.

For more detailed guidance on implementing the device code flow and using the Microsoft Graph API, refer to the official Microsoft documentation:
- [Register an application with the Microsoft identity platform](https://learn.microsoft.com/en-us/graph/auth-register-app-v2)
- [Authentication and authorization basics](https://learn.microsoft.com/en-us/graph/auth/auth-concepts)

These steps should help you set up an app registration for interactive device authentication with the necessary permissions to read the user's profile from Microsoft Graph. 

## First steps
- First, download AntRunLib from Nuget
- At least once, setup the enviroment using **[0-AI-settings](0-AI-settings.ipynb)**

In [1]:
#r "nuget: AntRunnerLib, 0.6.5"

using AntRunnerLib;
using AntRunnerLib.Identity;
using static AntRunnerLib.ClientUtility;
using System.IO;

#!import config/Settings.cs 

var envVariables = Settings.GetEnvironmentVariables();
foreach (var kvp in envVariables)
{
    Environment.SetEnvironmentVariable(kvp.Key, kvp.Value);
}

var config = AzureOpenAIConfigFactory.Get();
var client = GetOpenAIClient(config);
