LUIS resource key disabled in Language Understanding Portal - azure-language-understanding

I've a payed azure subscription and defined a LUIS resource in West Europe region.
If I log in to Language Understanding portal and try to assign the resource to my LUIS app, once I've selected tenant and subscription my resource key appears grayed with the message: "Not applicable in this domain".
What does that mean ? Can I only use west US LUIS enpoints for my web application configured in west europe ? what I'm missing here ?
Thanks for help

The region in which you publish your LUIS app corresponds to the region or location you specify in the Azure portal when you create an Azure LUIS endpoint key.
https://learn.microsoft.com/en-us/azure/cognitive-services/luis/luis-reference-regions

Related

Can I use existing APP service in XYZ tenant for web api registered in Azure AD B2C of ABC tenant

I have an existing App Service in XYZ tenant. Previously my API was in XYZ tenant and using that App Service of same Tenant, now I have moved my API from Azure AD of XYZ Tenant to azure AD B2C of ABC Tenant. can I use existing App Service of a different Tenant(XYZ) in this scenario to publish the API. Can App Service be a multi-tenant.
Thanks!!
Per my understanding your app service which hosting your APIs is under subscription of XYZ tenant and use Azure AD App in this tenant to auth your APIs. And now you want to use Azure AD B2C App in another tenant(ABC tenant) to protect your APIs .
Yes, of course you can do that.You can use Azure AD apps belongs to other tenant(including Azure AD b2c tenant) to protect your APIs hosted on App Service . Which Azure subscription that your App Service belongs to just means you will be charged on that subscription, it has nothing to do with the business logic with your code on app service.
If you want to do so , at the code level , there will be some differences compared to using Azure AD applications if you use Azure AD b2c applications to protect your APIs .
This sample page will be helpful for you to modifying your codes : https://learn.microsoft.com/en-us/azure/active-directory-b2c/code-samples
If you want to design your APIs as multi-tenant by Azure AD b2c, this doc will be helpful : https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-commonaad-custom
If there is anything unclear , pls feel free to let me know and if my suggestion is helpful , pls mark me :)

Multi-tenant issue in Microsoft Graph

Currently, I developing Microsoft ChatBot that needs login via Microsoft Graph.
After I log in the error display as below.
When you registered your app, you chose one of three supported account types:
Accounts in this organizational directory only (i.e. one Azure AD tenant only)
Accounts in any organizational directory (i.e. any Azure AD tenant)
Accounts in any organizational directory and personal Microsoft accounts (i.e. any Azure AD tenant and any personal Microsoft account)
If you chose the first option, your app is not considered "multi-tenant", and you cannot use the "common" endpoint, as the error message indicates. You have two options here:
If your application is to be used by users from multiple organizations, change the intended audience to "Accounts in any organizational directory" (Azure portal > Azure Active Directory > App registrations > Authentication).
If your application is only intended to be used by one organization, then update your code to use the tenant-specific endpoint (i.e. https://login.microsoftonline.com/{tenant-id}/..., instead of https://login.microsoftonline.com/common/...).

Scale out Microsoft bot framework app in multi region environment

I am setting up the MS Bot framework service environment in Azure. I was able to successfully set up the channel which connects to single bot service for a single app. Now, we would like to scale this environment globally (all over the world) and we would like to setup multi-region environments. When a user connects from the channel app (MS Team) then they should be able to connect to their nearest Azure region and get the response back. How can we set up the geographic load balancer for Microsoft bot framework web app bot service?
We tried to set up the traffic manager however we have constraint since Microsoft bot channel registration service has Microsoft APP ID (ClientID) and Password and it can only connect to only one messaging endpoint URL
Actual results:
Microsoft Bot channel registration app cannot connect to more than one messaging endpoints of the different region and how can we load balance MS Bot Service.
Expected results:
How can we load balance (latency by region) MS Bot Application?
Sample Scale out diagram
Amit,
Azure bots typically run as Azure App Services. The Azure App Service has built in scaling capabilities. Depending on the pricing tier you select for the App Service, you can scale out to as many as 20 instances. You can go to 100 instances if you're in an 'Isolated' tier. You can also scale up to add memory and cpu. That's some really powerful resources you can bring it to.
I realize that you're trying to reduce latency but I wanted to point the scaling feature out first. You have another challenge I don't think if possible to overcome at this time.
If MS Teams is the only channel you're users will be using, then trying to manage traffic on your own is probably going to be ineffective. You're constraint is going to be where the MS Teams service is located. Teams is what's talking to your bot, not the user directly.
The path is something like this:
User -> MS Teams -> Azure Bot Service -> Azure App Service.
Since you have no control over the Teams to Bot connection, you cant manage the traffic.
You could deploy multiple bots to different regions, then instruct your users to connect to the appropriate regional bot channel in Teams. This isn't an automatic traffic management but would at least provide some of the region support you're looking for.

Cortana channel cannot be added

I am having an issue after migrating my Bot to Azure. I have a Bot that is up and running on Cortana Chanel as well. I previously published it only for me ‘Deployed to self’ so I can see it on my Cortana Canvas but now I want to publish it for group of people but I am unable to do it from Azure portal. Whenever I click on ‘Edit’ button of Cortana Channel through Azure Portal following error prompts me:
As per the error they are expecting me to use my Microsoft Personal Account (i.e. Hotmail or Outlook Account) but unfortunately in my case it’s not possible. I have azure subscriptions in my office account not in my personal account that’s why I migrated all my bots to my office account and now trying to configure it for other peoples (i.e. Deployment for Group) but because of the above error I could not do it. As I know previously it was very straight forward all we have to go to ‘Cortana Dashboard’ and there is an option of deployment by which we can easily publish our skill sets to the group of people by just adding there email address.
Could you please help me how can I resolve this issue? All I want to use my azure account (i.e. my company account) to configure the Cortana channel and other things like Deployment to Group of peoples.

Why is it mandatory to use Azure Active Directory for accessing CRM online instance through Web API from outside CRM?

I am curious to know why we always need to register our CRM online instance on an Azure Active Directory in order to authenticate the Web API while accessing from outside CRM domain.
That is, for example, if I need to access CRM online instance through another website using CRM's Web API endpoint, then I must register my CRM instance to Azure Active Directory.
Though I am aware that, its a very nominal charge to create an Azure Active Directory, still I would need to subscribe to Azure even if I just want to perform some general research for CRM connectivity through Web API.
Why this is must? Are there any security considerations behind this?
Why can't we use the same authentication mechanism as we used to do with Organization service?
Any details on this will be much appreciated.
The CRM WebAPI uses OAuth2 and Azure AD is the only currently supported authentication platform to provide this (Windows Server 2016 will support OAuth2 for on-premise).
The Organisation service is a WCF service and as such uses SOAP for authentication and authorization. This is an entirely different technology stack that brings it's own set of problems, many of which the OAuth2 protocol tries to solve in this scenario.
Although you manage your CRM Online users through the Office 365 portal the underlying technology for these accounts is also Azure AD. Check if you can use this existing AD tenant created as part of your subscription rather than having to create another.
If you are using CRM online you already have aan Azure Active Directory. If you haven't already done so, you can signup for an Azure subscription and import the underlying AAD into your Azure subscription. You will need a credit card, but as far is I know using the Azure AD is free.

Resources