PHI Deidentification Portal
Installation Instructions
Deployment Steps –
-
Clone or Fork repo
-
Create a new Storage Account
a. az storage account create -n storageaccount -g resourcegroup --sku Standard_LRS -
Create a Storage Account container for document uploads
a. az storage container create -n container --account-name storageaccount -
Create a new Azure AI multi-service resource
a. az cognitiveservices account create --name aiservice --location location --resource-group resourcegroup --kind CognitiveServices --sku s0 --yes -
Create a new Azure AI Search instance
a. az search service create --name searchservice --resource-group resourcegroup –sku standard -
Create the Cosmos NoSQL database
a. az cosmosdb create --name cosmosdb --resource-group resourcegroup --kind GlobalDocumentDB --locations regionName = location
b. az cosmosdb sql database create -g resourcegroup -a cosmosaccountname -n deid --throughput 400
c. az cosmosdb sql container create -g resourcegroup -a cosmosaccountname -d deid -n metadata --partition-key-path "/Uri" -
Create two new App Service Plans – one for the Web application and one for standard Functions
a. az appservice plan create -g resourcegroup -n plan1 --sku S1
b. az appservice plan create -g resourcegroup -n plan2 --sku S1 -
Create a new Azure Function instance for the metadata sync and custom skill
a. az functionapp create --resource-group resourcegroup --name functionappname --os-type Windows --runtime dotnet --storage-account storageaccount --plan plan1
b. Publish the Azure Function to the Function App Service
C. (Azure managed identity security for Storage) az role assignment create --assignee systemassignedidentityguid --role "Storage Blob Data Contributor" --scope storageaccountid -
Create the Web application for the DeID Web Portal
a. az webapp create --resource-group resourcegroup --name webname --runtime dotnet:8 --plan plan2
b. az resource update --resource-group resourcegroup --name scm --namespace Microsoft.Web --resource-type basicPublishingCredentialsPolicies --parent sites/webname --set properties.allow=true
c. Publish the Web solution to the Web App Service
d. az webapp identity assign -g resourcegroup -n webname (results used in e.)
e. (Azure managed identity security for Storage) az role assignment create --assignee systemassignedidentityguid --role "Storage Blob Data Contributor" --scope storageaccountid
f. az ad app create --display-name appid --web-redirect-uris https://{webname}.azurewebsites.net/signin-oidc --enable-id-token-issuance true
g. Modify App Registration to include Group Claims (modify groupMembershipClaims property)
h. Add Entra group to support Admins. Note group name for updating the web app configuration value
i. (Azure managed identity security for Cosmos) az cosmosdb sql role assignment create -g resourcegroup -a cosmosaccountname --role-definition-name "Cosmos DB Built-in Data Contributor" -scope "/" --principal-id systemassignedidentityguid -
Deploy the metadata sync and custom Function app by configuring the Azure Function to pull from your forked GH repo or by cloning the repo and doing a publish.
-
Create the AI Search Index, Custom Skill and Indexer definitions (in that order) using the three JSON configuration files in the search-config folder of the Repo
-
Upload documents to the Blob Storage Container created in #3 and ensure the Indexer is running.
This project conforms to the MIT licensing terms. Code is not indended as a complete production-ready solution and no warranty is implied.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.