Update content, add federated example#25
Merged
Conversation
…reation Same workaround as multi-party samples to satisfy subscription policy 'Require regional isolation scope on user-assigned managed identities' (policy def: e9c7fbf7-b3ad-4226-a696-9bffd9d360a4). Uses preview API 2025-01-31-preview instead of az identity create which doesn't support the isolationScope property.
…n PostgreSQL demo ## Summary Applies the same managed identity creation workaround used in the multi-party samples to the ACI PostgreSQL demo. ## Problem The subscription policy "Require regional isolation scope on user-assigned managed identities" (policy def: `e9c7fbf7-b3ad-4226-a696-9bffd9d360a4`) denies `az identity create` because the CLI uses API version `2023-01-31` which doesn't support the `isolationScope` property. ## Fix Uses `az rest` with the preview API (`2025-01-31-preview`) to set `isolationScope=Regional` and satisfy the policy, matching the approach already in place for: - `multi-party-samples/advanced-app/Deploy-MultiParty.ps1` - `multi-party-samples/demo-app/Deploy-SimpleDemo.ps1` - `multi-party-samples/advanced-app-finance-openAI/Deploy-MultiFinanceAI.ps1`
fix: use REST API with isolationScope=Regional for managed identity in PostgreSQL demo
Four-party demo (Contoso, Fabrikam, Wingtip Toys, Woodgrove Bank) with: - AMD SEV-SNP confidential containers on ACI - Cross-company Secure Key Release (SKR) via federated release policies - Woodgrove Bank analytics partner with access to all partner keys - Security policy generation via az confcom acipolicygen - Parallel deployment of 4 confidential containers - AKS virtual node deployment mode (-AKS flag) - Interactive web UI with attestation demos
- Add collapsible architecture diagram (Woodgrove-only) with SVG - Add TTS 'Explain It' narration with full playback controls - Fix narration duration to dynamically estimate from word count - Change TTS voice preference to English woman (en-GB) - Add DEMO-SCRIPT.md with presentation walkthrough - Update Dockerfile to include static/ directory
- Add opening section for architecture diagram and Explain It TTS narration - Add Explain This attestation flyout walkthrough - Extend duration to ~4 minutes to cover new features - Add setup commands and UI Features Reference table - Fix overlapping section timestamps
- Condense from ~4 min to ~3 min with 8 timed sections - Embed TTS narration text directly in talk track instead of playing audio - Add missing sections: Container OS lockout, Container Image Info, Live Encryption, Cross-Company Key Isolation, per-company Demographics - Remove inaccurate button references (List Saved Data, Save Data, Retrieve Key) - Expand UI Features Reference table from 8 to 15 entries - Add Operator lockout and Key isolation to Key Takeaways
- Added Wingtip Toys company branding (coral gradient, teddy bear icon, 'Toy Retail Data Protection' subtitle) so the header displays properly like Contoso and Fabrikam - Removed the 'Raw Decrypted Partner Records' section from Woodgrove (HTML, JS function, and display toggle) as it was not needed - Updated README demo script to reflect coral theme color
- Remove Woodgrove partner Key Vault access policies from deploy script - Remove partner key release endpoints and code from app.py - Remove blob storage cleanup from deploy script - Update Woodgrove ARM template (remove partner AKV endpoint params) - Regenerate architecture diagram (no partner KV arrows, no blob) - Update README: remove data flow diagrams, blob references, partner key troubleshooting, and stale API endpoint docs
…mple SECURITY-POLICY.md - README.md: add aka.ms/accsamples redirect callout, aka.ms/accdocs 'learn more' link, broaden AI-assisted note across samples and link to GitHub Copilot + VS Code, June 2026 What's New section featuring the federated demo. - multi-party-samples/README.md: regenerate as 5-sample index with comparison table, per-sample summaries, decision guide, split ACI/CVM prerequisites. - advanced-app-federated/README-MultiParty.md: regenerate with current 4-party model (Contoso/Fabrikam/Wingtip/Woodgrove), refreshed API endpoint table, troubleshooting, cross-links. - SECURITY-POLICY.md (advanced-app, advanced-app-finance-openAI, advanced-app-federated): differentiate previously-identical files with sample-specific Sample Context sections, update env_rules examples (OpenAI vars for finance-openAI; Wingtip vars for federated), refresh trust-chain wording. - advanced-app-federated/deployment-template-wingtip.json: regenerate ccePolicy hash.
docs(multi-party): READMEs, SECURITY-POLICY per-sample context, repo redirect, AI note
vinfnet
added a commit
that referenced
this pull request
Jun 26, 2026
Fix CVM attestation reliability and NAT egress validation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
Does this introduce a breaking change?
Pull Request Type
What kind of change does this Pull Request introduce?
How to Test
What to Check
Verify that the following are valid
Other Information