Plan and Manage Azure AI Solutions

Technical Implementation Focus

This section covers infrastructure as code, security implementation, and monitoring integration.

Infrastructure as Code

Azure CLI Deployment

# Create Azure AI resource with custom subdomain
az cognitiveservices account create \
    --name myai-service \
    --resource-group myai-rg \
    --kind TextAnalytics \
    --sku S0 \
    --location eastus \
    --custom-domain myai-custom \
    --yes

Bicep Template

resource aiService 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
  name: 'myai-service'
  location: location
  sku: {
    name: 'S0'
  }
  kind: 'TextAnalytics'
  properties: {
    customSubDomainName: 'myai-custom'
    networkAcls: {
      defaultAction: 'Deny'
      virtualNetworkRules: [
        {
          id: subnet.id
          ignoreMissingVnetServiceEndpoint: false
        }
      ]
    }
    publicNetworkAccess: 'Enabled'
  }
}

SDK Implementation

const { DefaultAzureCredential } = require("@azure/identity");
const { AzureKeyCredential, TextAnalyticsClient } = require("@azure/ai-text-analytics");

// Use managed identity
const credential = new DefaultAzureCredential();
const client = new TextAnalyticsClient(
    "https://myai-custom.cognitiveservices.azure.com/",
    credential
);

Best Practices & Common Pitfalls

Always use managed identities over access keys when possible
Implement proper retry policies with exponential backoff
Use diagnostic settings to capture all API calls
Implement proper error handling for quota limits
Use Azure Policy to enforce compliance

Practice Questions

Question 1:

Which authentication method provides the most secure way to access Azure AI services from an Azure Function?

A) Access keys in application settings

B) System-assigned managed identity

C) Service principal with client secret

D) Shared access signatures

Answer: B

System-assigned managed identity provides automatic credential management and rotation.