Azure portal wizard

After buying from the Marketplace, Azure opens a custom Create PointOfContactAI blade in the portal. The wizard collects four sets of inputs.

Step 1 — Basics (built-in to Azure portal)

• Subscription — the Azure subscription where the resources will live.
• Resource group — Azure auto-suggests a new one (mrg-pointofcontactai-{guid} for managed apps). Accept the default; the wizard manages the lifecycle.
• Location — pick a region where Azure OpenAI is available. westus3, eastus2, and swedencentral are reliable choices.

Step 2 — Stack

• Stack name (required) — 3-12 lowercase letters + digits, e.g. acmesupport. This becomes the suffix on every resource (pocai-fa-{stackName}, pocaicd{hash}, etc.). Once set, it cannot be changed without a fresh deploy. Pick something short and recognizable.

• Allowed widget origins (required) — comma-separated list of scheme+host values your website serves from. Examples:

  • https://www.acme.com — single domain
  • https://www.acme.com,https://support.acme.com — multiple
  • * — open access (only OK during evaluation; tighten before launch)

  No paths, no trailing slashes. The list feeds both App Service CORS and the customer-runtime’s per-response Access-Control-Allow-Origin decoration.

Step 3 — AI configuration

• System prompt (optional) — prepended to every chat completion. Use it to ground the assistant in your product, set guardrails, or constrain tone. Empty = use the PointOfContactAI default (“You are a helpful customer support assistant for…”).

• Advanced — token pricing (rarely changed) — the prices we use to convert token counts to USD in the dashboard’s cost projection. Defaults track current Azure gpt-5-mini list price. Only override if you have a Microsoft pricing arrangement that differs.

Step 4 — Review + Create (built-in)

Azure summarizes everything you picked. Click Create to kick off the deploy.

What happens next

1. Azure shows a deployment progress page. The bicep template provisions ~8 resources in your RG; it takes 3-6 minutes.

2. During deployment, our orchestrator:

   • Creates an AAD app in your tenant for Teams SSO (via Microsoft Graph using your wizard consent).
   • Generates a 90-day client secret for the AAD app.

3. When deployment completes, the install-completed page shows you:

   • Your admin key (gates the dashboard and admin endpoints).
   • The AAD app secret (used by Teams SSO).
   • Both are shown once. Save them to your password manager immediately.

4. We send a welcome email to your account address with the dashboard URL, Teams setup link, and these docs.

When the deploy fails

The most common causes:

• Insufficient RBAC — the wizard creates role assignments. If you have Contributor but not User Access Administrator (and aren’t Owner), the deploy fails at the first role assignment. Troubleshoot deployment errors →
• Azure OpenAI quota — gpt-5-mini GlobalStandard SKU needs quota in the chosen region. If you’ve hit your quota, the OpenAI deployment step fails. Request quota in the portal or pick a different region.
• Graph consent declined — if the consent prompt offered Graph Application.ReadWrite.OwnedBy and you declined, the AAD app auto-create silently skips. You can run the fallback script after deploy completes.

Next

• Post-install checklist — the 5 things to verify before going live.
• Save your admin key — and learn how to rotate it.