Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/microsoft/simplechat

Secure AI conversations with documents, video, audio, and more. Personal workspaces for focused context, group spaces for shared insight. Classify docs, reuse prompts, and extend with modular features.
https://github.com/microsoft/simplechat

ai-chatbot azure azure-openai collaboration document-chat document-classification modular rag rbac secure semantic-search

Last synced: 2 months ago
JSON representation

Secure AI conversations with documents, video, audio, and more. Personal workspaces for focused context, group spaces for shared insight. Classify docs, reuse prompts, and extend with modular features.

Awesome Lists containing this project

README 

          
![logo](./docs/images/logo-wide.png)



# Overview



The **Simple Chat Application** is a comprehensive, web-based platform designed to facilitate secure and context-aware interactions with generative AI models, specifically leveraging **Azure OpenAI**. Its central feature is **Retrieval-Augmented Generation (RAG)**, which significantly enhances AI interactions by allowing users to ground conversations in their own data. Users can upload personal ("Your Workspace") or shared group ("Group Workspaces") documents, which are processed using **Azure AI Document Intelligence**, chunked intelligently based on content type, vectorized via **Azure OpenAI Embeddings**, and indexed into **Azure AI Search** for efficient hybrid retrieval (semantic + keyword).



Built with modularity in mind, the application offers a suite of powerful **optional features** that can be enabled via administrative settings. These include integrating **Azure AI Content Safety** for governance, providing **Image Generation** capabilities (DALL-E), processing **Video** (via Azure Video Indexer) and **Audio** (via Azure Speech Service) files for RAG, implementing **Document Classification** schemes, collecting **User Feedback**, enabling **Conversation Archiving** for compliance, extracting **AI-driven Metadata**, and offering **Enhanced Citations** linked directly to source documents stored in Azure Storage.



The application utilizes **Azure Cosmos DB** for storing conversations, metadata, and settings, and is secured using **Azure Active Directory (Entra ID)** for authentication and fine-grained Role-Based Access Control (RBAC) via App Roles. Designed for enterprise use, it runs reliably on **Azure App Service** and supports deployment in both **Azure Commercial** and **Azure Government** cloud environments, offering a versatile tool for knowledge discovery, content generation, and collaborative AI-powered tasks within a secure, customizable, and Azure-native framework.



## Documentation



[Simple Chat Documentation | Simple Chat Documentation](https://microsoft.github.io/simplechat/)



## Quick Deploy



[Detailed deployment Guide](./deployers/bicep/README.md)



### Pre-Configuration:



The following procedure must be completed with a user that has permissions to create an application registration in the users Entra tenant. 



#### Create the application registration:



```powershell

cd ./deployers

```



Define your application name and your environment:



```

appName = 

```



```

environment = 

```



The following script will create an Entra Enterprise Application, with an App Registration named *\*-*\*-ar for the web service called *\*-*\*-app.  



> [!TIP]

>

> The web service name may be overriden with the `-AppServceName` parameter. 



> [!TIP]

>

> A different expiration date for the secret which defaults to 180 days with the `-SecretExpirationDays` parameter.



```powershell

.\Initialize-EntraApplication.ps1 -AppName "" -Environment ""  -AppRolesJsonPath "./azurecli/appRegistrationRoles.json"

```



> [!NOTE]

>

> Be sure to save this information as it will not be available after the window is closed.*



```========================================

App Registration Created Successfully!

Application Name:       

Client ID:              

Tenant ID:              

Service Principal ID:   

Client Secret:          

Secret Expiration:      

```



In addition, the script will note additional steps that must be taken for the app registration step to be completed.



1.  Grant Admin Consent for API Permissions:



    - Navigate to Azure Portal > Entra ID > App registrations

    - Find app: *\*

    - Go to API permissions

    - Click 'Grant admin consent for [Tenant]'



2.  Assign Users/Groups to Enterprise Application:

    - Navigate to Azure Portal > Entra ID > Enterprise applications

    - Find app: *\*

    - Go to Users and groups

    - Add user/group assignments with appropriate app roles



3.  Store the Client Secret Securely:

    - Save the client secret in Azure Key Vault or secure credential store

    - The secret value is shown above and will not be displayed again



#### Configure AZD Environment



Using the bash terminal in Visual Studio Code



```powershell

cd ./deployers

```



If you work with other Azure clouds, you may need to update your cloud like `azd config set cloud.name AzureUSGovernment` - more information here - [Use Azure Developer CLI in sovereign clouds | Microsoft Learn](https://learn.microsoft.com/en-us/azure/developer/azure-developer-cli/sovereign-clouds)



```powershell

azd config set cloud.name AzureCloud

```



This will open a browser window that the user with Owner level permissions to the target subscription will need to authenticate with.



```powershell

azd auth login

```



Use the same value for the \ that was used in the application registration.



```powershell

azd env new 

```



Select the new environment



```powershell

azd env select 

```



This step will begin the deployment process.  



```powershell

azd up 

```



## Architecture



![Architecture](./docs/images/architecture.png)



## Features



- **Chat with AI**: Interact with an AI model based on Azure OpenAI’s GPT and Thinking models.

- **RAG with Hybrid Search**: Upload documents and perform hybrid searches (vector + keyword), retrieving relevant information from your files to augment AI responses.

- **Document Management**: Upload, store, and manage multiple versions of documents—personal ("Your Workspace") or group-level ("Group Workspaces").

- **Group Management**: Create and join groups to share access to group-specific documents, enabling collaboration with Role-Based Access Control (RBAC).

- **Ephemeral (Single-Convo) Documents**: Upload temporary documents available only during the current chat session, without persistent storage in Azure AI Search.

- **Conversation Archiving (Optional)**: Retain copies of user conversations—even after deletion from the UI—in a dedicated Cosmos DB container for audit, compliance, or legal requirements.

- **Content Safety (Optional)**: Integrate Azure AI Content Safety to review every user message *before* it reaches AI models, search indexes, or image generation services. Enforce custom filters and compliance policies, with an optional `SafetyAdmin` role for viewing violations.

- **Feedback System (Optional)**: Allow users to rate AI responses (thumbs up/down) and provide contextual comments on negative feedback. Includes user and admin dashboards, governed by an optional `FeedbackAdmin` role.

- **Bing Web Search (Optional)**: Augment AI responses with live Bing search results, providing up-to-date information. Configurable via Admin Settings.

- **Image Generation (Optional)**: Enable on-demand image creation using Azure OpenAI's DALL-E models, controlled via Admin Settings.

- **Video Extraction (Optional)**: Utilize Azure Video Indexer to transcribe speech and perform Optical Character Recognition (OCR) on video frames. Segments are timestamp-chunked for precise retrieval and enhanced citations linking back to the video timecode.

- **Audio Extraction (Optional)**: Leverage Azure Speech Service to transcribe audio files into timestamped text chunks, making audio content searchable and enabling enhanced citations linked to audio timecodes.

- **Document Classification (Optional)**: Admins define custom classification types and associated colors. Users tag uploaded documents with these labels, which flow through to AI conversations, providing lineage and insight into data sensitivity or type.

- **Enhanced Citation (Optional)**: Store processed, chunked files in Azure Storage (organized into user- and document-scoped folders). Display interactive citations in the UI—showing page numbers or timestamps—that link directly to the source document preview.

- **Metadata Extraction (Optional)**: Apply an AI model (configurable GPT model via Admin Settings) to automatically generate keywords, two-sentence summaries, and infer author/date for uploaded documents. Allows manual override for richer search context.

- **File Processing Logs (Optional)**: Enable verbose logging for all ingestion pipelines (workspaces and ephemeral chat uploads) to aid in debugging, monitoring, and auditing file processing steps.

- **Redis Cache (Optional)**: Integrate Azure Cache for Redis to provide a distributed, high-performance session store. This enables true horizontal scaling and high availability by decoupling user sessions from individual app instances.

- **Authentication & RBAC**: Secure access via Azure Active Directory (Entra ID) using MSAL. Supports Managed Identities for Azure service authentication, group-based controls, and custom application roles (`Admin`, `User`, `CreateGroup`, `SafetyAdmin`, `FeedbackAdmin`).

- **Supported File Types**:



  -   **Text**: `txt`, `md`, `html`, `json`, `xml`, `yaml`, `yml`, `log`

  -   **Documents**: `pdf`, `doc`, `docm`, `docx`, `pptx`, `xlsx`, `xlsm`, `xls`, `csv`

  -   **Images**: `jpg`, `jpeg`, `png`, `bmp`, `tiff`, `tif`, `heif`

  -   **Video**: `mp4`, `mov`, `avi`, `wmv`, `mkv`, `flv`, `mxf`, `gxf`, `ts`, `ps`, `3gp`, `3gpp`, `mpg`, `asf`, `m4v`, `isma`, `ismv`, `dvr-ms`

  -   **Audio**: `wav`, `m4a`