Project

PHI Deidentification Portal

Installation Instructions

Deployment Steps –

1. Clone or Fork repo

2. Create a new Storage Account a. az storage account create -n storageaccount -g resourcegroup --sku Standard_LRS

3. Create a Storage Account container for document uploads a. az storage container create -n container --account-name storageaccount

4. Create a new Azure AI multi-service resource a. az cognitiveservices account create --name aiservice --location location --resource-group resourcegroup --kind CognitiveServices --sku s0 --yes

5. Create a new Azure AI Search instance a. az search service create --name searchservice --resource-group resourcegroup –sku standard

6. Create the Cosmos NoSQL database a. az cosmosdb create --name cosmosdb --resource-group resourcegroup --kind GlobalDocumentDB --locations regionName = location b. az cosmosdb sql database create -g resourcegroup -a cosmosaccountname -n deid --throughput 400 c. az cosmosdb sql container create -g resourcegroup -a cosmosaccountname -d deid -n metadata --partition-key-path "/uri"

7. Create two new App Service Plans – one for the Web application and one for standard Functions a. az appservice plan create -g resourcegroup -n plan1 --sku S1 b. az appservice plan create -g resourcegroup -n plan2 --sku S1

8. Create a new Azure Function instance for the metadata sync and custom skill a. az functionapp create --resource-group resourcegroup --name functionappname --os-type Windows --runtime dotnet --storage-account storageaccount --plan plan1 b. Publish the Azure Function to the Function App Service

9. Create the Web application for the DeID Web Portal a. az webapp create --resource-group resourcegroup --name webname --runtime dotnet:8 --plan plan2 b. az resource update --resource-group resourcegroup --name scm --namespace Microsoft.Web --resource-type basicPublishingCredentialsPolicies --parent sites/webname --set properties.allow=true c. Publish the Web solution to the Web App Service d. az webapp identity assign -g resourcegroup -n webname (results used in e.) e. az role assignment create --assignee systemassignedidentityguid --role "Storage Blob Data Contributor" --scope storageaccountid f. az ad app create --display-name appid --web-redirect-uris https://{webname}.azurewebsites.net/signin-oidc g. Modify App Registration to include Group Claims (modify groupMembershipClaims property) h. Add Entra group to support Admins. Note group name for updating the web app configuration value

10. Deploy the metadata sync and custom Function app by configuring the Azure Function to pull from your forked GH repo or by cloning the repo and doing a publish.

11. Create the AI Search Index, Custom Skill and Indexer definitions (in that order) using the three JSON configuration files in the search-config folder of the Repo

12. Upload documents to the Blob Storage Container created in #3 and ensure the Indexer is running.

This project conforms to the MIT licensing terms. Code is not indended as a complete production-ready solution and no warranty is implied.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.