updated readme and paramters

Author: AjitPadhi-Microsoft

docs/DeploymentGuide.md

@@ -22,7 +22,45 @@ Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
 
 This will allow the scripts to run for the current session without permanently changing your system's policy.
 
+## Deployment Options & Steps
+
+### Sandbox or WAF Aligned Deployment Options
+
+The [`infra`](../infra) folder of the Multi Agent Solution Accelerator contains the [`main.bicep`](../infra/main.bicep) Bicep script, which defines all Azure infrastructure components for this solution.
+
+By default, the `azd up` command uses the [`main.parameters.json`](../infra/main.parameters.json) file to deploy the solution. This file is pre-configured for a **sandbox environment** — ideal for development and proof-of-concept scenarios, with minimal security and cost controls for rapid iteration.
+
+For **production deployments**, the repository also provides [`main.waf.parameters.json`](../infra/main.waf.parameters.json), which applies a [Well-Architected Framework (WAF) aligned](https://learn.microsoft.com/en-us/azure/well-architected/) configuration. This option enables additional Azure best practices for reliability, security, cost optimization, operational excellence, and performance efficiency, such as:
+
+  - Enhanced network security (e.g., Network protection with private endpoints)
+  - Stricter access controls and managed identities
+  - Logging, monitoring, and diagnostics enabled by default
+  - Resource tagging and cost management recommendations
+
+**How to choose your deployment configuration:**
+
+* Use the default `main.parameters.json` file for a **sandbox/dev environment**
+* For a **WAF-aligned, production-ready deployment**, copy the contents of `main.waf.parameters.json` into `main.parameters.json` before running `azd up`
+
+---
+
+### VM Credentials Configuration
+
+By default, the solution sets the VM administrator username and password from environment variables.
+
+To set your own VM credentials before deployment, use:
+
+```sh
+azd env set AZURE_ENV_VM_ADMIN_USERNAME <your-username>
+azd env set AZURE_ENV_VM_ADMIN_PASSWORD <your-password>
+```
+
+> [!TIP]
+> Always review and adjust parameter values (such as region, capacity, security settings and log analytics workspace configuration) to match your organization’s requirements before deploying. For production, ensure you have sufficient quota and follow the principle of least privilege for all identities and role assignments.
+
 
+> [!IMPORTANT]
+> The WAF-aligned configuration is under active development. More Azure Well-Architected recommendations will be added in future updates.
 
 ## Deployment Options & Steps
 

infra/main.bicep

@@ -15,7 +15,7 @@ param solutionName string = 'docgen'
 param solutionUniqueText string = substring(uniqueString(subscription().id, resourceGroup().name, solutionName), 0, 5)
 
 @description('Optional. Azure location for the solution. If not provided, it defaults to the resource group location.')
-param AZURE_LOCATION string = ''
+param location string = ''
 
 @minLength(3)
 @description('Optional. Secondary location for databases creation(example:eastus2):')
@@ -101,19 +101,19 @@ param vmAdminPassword string?
 param tags resourceInput<'Microsoft.Resources/resourceGroups@2025-04-01'>.tags = {}
 
 @description('Optional. Enable monitoring applicable resources, aligned with the Well Architected Framework recommendations. This setting enables Application Insights and Log Analytics and configures all the resources applicable resources to send logs. Defaults to false.')
-param enableMonitoring bool = true
+param enableMonitoring bool = false
 
 @description('Optional. Enable scalability for applicable resources, aligned with the Well Architected Framework recommendations. Defaults to false.')
-param enableScalability bool = true
+param enableScalability bool = false
 
 @description('Optional. Enable redundancy for applicable resources, aligned with the Well Architected Framework recommendations. Defaults to false.')
 param enableRedundancy bool = false
 
 @description('Optional. Enable private networking for applicable resources, aligned with the Well Architected Framework recommendations. Defaults to false.')
-param enablePrivateNetworking bool = true
+param enablePrivateNetworking bool = false
 
 @description('Optional. The Container Registry hostname where the docker images are located.')
-param acrName string = 'testapwaf'
+param acrName string = 'testapwaf'  // byocgacontainerreg
 
 @description('Optional. Image Tag.')
 param imageTag string = 'waf'
@@ -128,7 +128,7 @@ param enablePurgeProtection bool = false
 // Variables      //
 // ============== //
 
-var solutionLocation = empty(AZURE_LOCATION) ? resourceGroup().location : AZURE_LOCATION
+var solutionLocation = empty(location) ? resourceGroup().location : location
 var solutionSuffix = toLower(trim(replace(
   replace(
     replace(replace(replace(replace('${solutionName}${solutionUniqueText}', '-', ''), '_', ''), '.', ''), '/', ''),

infra/main.json

@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.37.4.10188",
-      "templateHash": "12437393349059250623"
+      "templateHash": "13399541843680484715"
     },
     "name": "Document Generation Solution Accelerator",
     "description": "CSA CTO Gold Standard Solution Accelerator for Document Generation.\n"
@@ -29,7 +29,7 @@
         "description": "Optional. A unique text value for the solution. This is used to ensure resource names are unique for global resources. Defaults to a 5-character substring of the unique string generated from the subscription ID, resource group name, and solution name."
       }
     },
-    "AZURE_LOCATION": {
+    "location": {
       "type": "string",
       "defaultValue": "",
       "metadata": {
@@ -183,14 +183,14 @@
     },
     "enableMonitoring": {
       "type": "bool",
-      "defaultValue": true,
+      "defaultValue": false,
       "metadata": {
         "description": "Optional. Enable monitoring applicable resources, aligned with the Well Architected Framework recommendations. This setting enables Application Insights and Log Analytics and configures all the resources applicable resources to send logs. Defaults to false."
       }
     },
     "enableScalability": {
       "type": "bool",
-      "defaultValue": true,
+      "defaultValue": false,
       "metadata": {
         "description": "Optional. Enable scalability for applicable resources, aligned with the Well Architected Framework recommendations. Defaults to false."
       }
@@ -204,7 +204,7 @@
     },
     "enablePrivateNetworking": {
       "type": "bool",
-      "defaultValue": true,
+      "defaultValue": false,
       "metadata": {
         "description": "Optional. Enable private networking for applicable resources, aligned with the Well Architected Framework recommendations. Defaults to false."
       }
@@ -239,7 +239,7 @@
     }
   },
   "variables": {
-    "solutionLocation": "[if(empty(parameters('AZURE_LOCATION')), resourceGroup().location, parameters('AZURE_LOCATION'))]",
+    "solutionLocation": "[if(empty(parameters('location')), resourceGroup().location, parameters('location'))]",
     "solutionSuffix": "[toLower(trim(replace(replace(replace(replace(replace(replace(format('{0}{1}', parameters('solutionName'), parameters('solutionUniqueText')), '-', ''), '_', ''), '.', ''), '/', ''), ' ', ''), '*', '')))]",
     "cosmosDbZoneRedundantHaRegionPairs": {
       "australiaeast": "uksouth",

infra/main.parameters.json

@@ -14,7 +14,7 @@
     "gptModelVersion": {
       "value": "${AZURE_ENV_MODEL_VERSION}"
     },
-    "deploymentType": {
+    "gptModelDeploymentType": {
       "value": "${AZURE_ENV_MODEL_DEPLOYMENT_TYPE}"
     },
     "gptModelName": {
@@ -23,7 +23,7 @@
     "azureOpenaiAPIVersion": {
       "value": "${AZURE_ENV_OPENAI_API_VERSION}"
     },
-    "gptDeploymentCapacity": {
+    "gptModelCapacity": {
       "value": "${AZURE_ENV_MODEL_CAPACITY}"
     },
     "embeddingModel": {

infra/main.waf.parameters.json

@@ -5,65 +5,59 @@
     "solutionName": {
       "value": "${AZURE_ENV_NAME}"
     },
-    "AZURE_LOCATION": {
+    "location": {
       "value": "${AZURE_LOCATION}"
     },
     "secondaryLocation": {
       "value": "${AZURE_ENV_SECONDARY_LOCATION}"
     },
-    "aiDeploymentsLocation": {
-      "value": "${AZURE_ENV_OPENAI_LOCATION}"
+    "gptModelVersion": {
+      "value": "${AZURE_ENV_MODEL_VERSION}"
     },
     "gptModelDeploymentType": {
       "value": "${AZURE_ENV_MODEL_DEPLOYMENT_TYPE}"
     },
     "gptModelName": {
       "value": "${AZURE_ENV_MODEL_NAME}"
     },
-    "gptModelVersion": {
-      "value": "${AZURE_ENV_MODEL_VERSION}"
+    "azureOpenaiAPIVersion": {
+      "value": "${AZURE_ENV_OPENAI_API_VERSION}"
     },
     "gptModelCapacity": {
       "value": "${AZURE_ENV_MODEL_CAPACITY}"
     },
     "embeddingModel": {
-      "value": "${AZURE_ENV_EMBEDDING_MODEL}"
+      "value": "${AZURE_ENV_EMBEDDING_MODEL_NAME}"
     },
     "embeddingDeploymentCapacity": {
-      "value": "${AZURE_ENV_EMBEDDING_DEPLOYMENT_CAPACITY}"
-    },
-    "existingLogAnalyticsWorkspaceId": {
-      "value": "${AZURE_ENV_EXISTING_LOG_ANALYTICS_WORKSPACE_ID}"
+      "value": "${AZURE_ENV_EMBEDDING_MODEL_CAPACITY}"
     },
-    "azureExistingAIProjectResourceId": {
-      "value": "${AZURE_ENV_EXISTING_AI_PROJECT_RESOURCE_ID}"
+    "imageTag": {
+      "value": "${AZURE_ENV_IMAGETAG}"
     },
-    "vmSize": {
-      "value": "${AZURE_ENV_JUMPBOX_SIZE}"
-    },
-    "vmAdminUsername": {
-      "value": "${AZURE_ENV_JUMPBOX_ADMIN_USERNAME}"
-    },
-    "vmAdminPassword": {
-      "value": "${AZURE_ENV_JUMPBOX_ADMIN_PASSWORD}"
+    "enableTelemetry": {
+      "value": "${AZURE_ENV_ENABLE_TELEMETRY}"
     },
     "enableMonitoring": {
       "value": true
     },
-    "enableScalability": {
+    "enablePrivateNetworking": {
       "value": true
     },
-    "enableRedundancy": {
+    "enableScalability": {
       "value": true
     },
-    "enablePrivateNetworking": {
-      "value": true
+    "vmAdminUsername": {
+      "value": "${AZURE_ENV_VM_ADMIN_USERNAME}"
     },
-    "enableTelemetry": {
-      "value": "${AZURE_ENV_ENABLE_TELEMETRY}"
+    "vmAdminPassword": {
+      "value": "${AZURE_ENV_VM_ADMIN_PASSWORD}"
+    },
+    "existingLogAnalyticsWorkspaceId": {
+      "value": "${AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID}"
     },
-    "enablePurgeProtection": {
-      "value": "${AZURE_ENV_ENABLE_PURGE_PROTECTION}"
+    "azureExistingAIProjectResourceId":{
+      "value": "${AZURE_EXISTING_AI_PROJECT_RESOURCE_ID}"
     }
   }
 }