Category Archives: Azure

Standard

Posted by

Posted on

July 25, 2025

Posted under

Azure, Power BI

Comments

Leave a comment

Azure Series: Control Power BI Report Viewing in Power Apps Using a Time Window

We’ve created a step-by-step walkthrough video that demonstrates the entire setup in real-time.
👉 Watch it on YouTube – JBSWiki Channel

Controlling Power BI report access based on time is an essential feature for organizations with time-bound reporting requirements, compliance restrictions, or business-specific policies. In this blog post, we will walk through a real-world use case where we use Power Apps to embed a Power BI report and restrict its access based on a specific time window (9:00 AM to 1:00 PM).

This solution is simple, clean, and effective—and uses only native capabilities in Power Apps, without needing advanced permissions or complex security configurations.

Let’s dive in!

✅ Why Time-Based Access?

There are several scenarios where restricting Power BI report access by time makes sense:

  • 📅 Business Hours Only Access: You want employees to view reports only during operational hours.
  • 🔐 Security Compliance: You need to control access windows for sensitive reports.
  • 📊 Scheduled Refresh Windows: Prevent access during report refresh to avoid outdated data usage.

Rather than configuring complex access rules at the Power BI service level, Power Apps gives you flexibility to embed the report conditionally, based on the system time and logic defined in your app.

🧰 What You’ll Need

  • Microsoft Power Apps license
  • A published Power BI report
  • The iFrame URL of the Power BI report (embed link)
  • Basic familiarity with Power FX, HTML Text Control, and variables in Power Apps

🔧 Step-by-Step Implementation

1. 🎯 Define the Time-Based Logic

We’ll use a button in Power Apps that sets the current time into variables and checks if the time falls between 9:00 AM and 1:00 PM. If yes, it launches the Power BI report; otherwise, it shows an Access Denied notification.

🔹 Code for the Button in Power Apps:

Set(varNow, Now());
Set(varHour, Hour(varNow));
Set(varMinute, Minute(varNow));
Set(varCurrentTime, Time(varHour, varMinute, 0));
Set(varAccessAllowed, varCurrentTime >= Time(9, 0, 0) && varCurrentTime < Time(13, 0, 0));
If(
    varAccessAllowed,
    Launch("https://app.powerbi.com/reportEmbed?reportId=fc00e03c-ec12-4038-af5a-2bfb9972f70b&autoAuth=true"),
    Notify("Access denied. You are allowed to view this report between 9:00 - 13:00.", NotificationType.Error)
)

💡 Explanation:

  • varNow: Captures the current system timestamp.
  • varHour & varMinute: Extracts the hour and minute.
  • varCurrentTime: Combines hour and minute into a Time object.
  • varAccessAllowed: Boolean flag based on whether the current time is between 9:00 AM and 1:00 PM.
  • If(...): Launches the Power BI report if access is allowed; otherwise, shows an error notification.

2. 📋 Display Time and Access Status

Add a Text Label to show the current time and whether access is allowed. This helps with testing and gives users clarity.

🔹 Code for the Text Label:

"Now: " & Text(Now(), "[$-en-US]HH:mm:ss") & 
" | Allowed: " & Text(varAccessAllowed)

This will dynamically update and display:

  • Current time
  • Whether access is currently allowed

Example output:
Now: 10:45:23 | Allowed: true

🌐 Real-World Use Cases

Here are a few scenarios where this logic is useful:

ScenarioBenefit
📈 Internal DashboardsRestrict to working hours only
🏦 Banking/Finance AppsLimit sensitive data views during authorized hours
🧾 Compliance & AuditsEnforce strict access rules using app logic
🏢 Client-Specific ReportsTailor access hours based on agreements

🚀 Why Use Power Apps for This?

Flexible Control: No need to alter Power BI permissions
Low-Code Friendly: Easy to maintain and update
Secure Embedding: iFrame loads only after validation
User Feedback: Display live status and messages using simple UI elements

📌 Tips and Best Practices

  • 🕐 Always use 24-hour format when working with Time() in Power FX
  • 🔒 Do not expose sensitive logic in client-side apps unless supported by security measures
  • 🔁 Consider refreshing the time variables periodically if embedding directly in app screens
  • 🖼️ Use a Gallery or Container if embedding multiple reports with different rules

🎥 Watch the Video

We’ve created a step-by-step walkthrough video that demonstrates the entire setup in real-time.
👉 Watch it on YouTube – JBSWiki Channel

🏁 Conclusion

Using Power Apps + Power BI, you can securely control report visibility based on custom business logic. This time-based control pattern is just one of many ways to extend app capabilities using simple Power FX expressions.

With this setup:

  • Your users see reports only when they’re supposed to
  • Your data remains protected
  • Your app feels responsive and intelligent

Thank You,
Vivek Janakiraman

Disclaimer:
The views expressed on this blog are mine alone and do not reflect the views of my company or anyone else. All postings on this blog are provided “AS IS” with no warranties, and confers no rights.

Standard

Posted by

Posted on

July 19, 2025

Posted under

Azure, Azure AI

Comments

Leave a comment

Azure AI Series: Building Real-World Banking AI Agents Step-By-Step Using Azure AI Foundry

🎥 Watch the video tutorial here: YouTube: Building Real-World Banking AI Agents

In today’s blog, we’ll explore how to build real-world AI agents for banking scenarios using Azure AI Foundry. This is part of our Azure AI Series, where we dive deep into modern AI-powered applications built on Azure’s cutting-edge capabilities. In this post, you’ll not only get the background and context but also hands-on instructions to build agents like:

  • 👤 JBBank_RetirementAdvisor_Agent – Personalized financial planning.
  • 🧠 JBBank_BusinessLead_Agent – Business opportunity detection.
  • 🏥 JBBank_HealthServices_Agent – Health service lead generation.

All of this, backed by a fully working C# WinForms app that interacts with the Azure-hosted AI agents.

💡 Why Build AI Agents for Banking?

Traditional banking has transformed into AI-powered digital experiences. With access to structured bank statements and customer records, AI agents can:

  • Provide real-time financial advice.
  • Identify business leads based on user transactions.
  • Suggest health or wellness services based on lifestyle spends.

Using Azure AI Foundry, you can deploy, configure, and persist AI agents tailored to your business workflows—all with guardrails and identity verification in place.

🛠️ Agents You’ll Build in This Project

1. 🧮 JBBank_RetirementAdvisor_Agent

Role: A financial budget advisor for JB Bank customers.

🔐 Behavior & Responsibilities:

  • Analyzes income, expenses, and savings.
  • Advises on budget planning and investment strategy.
  • Responds only to finance-related queries.
  • Verifies identity using Customer ID before accessing transaction data.

📌 Must Collect from the User:

  • Monthly income & expenses
  • Financial goals (e.g., retirement)
  • Risk appetite (low/medium/high)
  • Current investments

🧾 What It Provides:

  • Category-wise expense summary (groceries, EMIs, dining, etc.)
  • Monthly & annual savings estimates
  • Tailored investment suggestions (mutual funds, FDs, etc.)
  • Cost-saving tips

🧵 Startup Prompt:

Role: You are a professional, knowledgeable, and ethical Financial Budget Advisor.
Mission:
Help users analyze their income and expenses.
Calculate budgets and savings.
Recommend where and how to invest surplus funds for financial security and growth.
Provide practical, real-world financial guidance suited to the user’s circumstances.
You MUST NOT:
Answer any questions unrelated to personal finance, budgeting, investing, or savings.
Provide legal, tax, or accounting advice beyond general budgeting concepts.
Disclose or make assumptions about user data you have not been explicitly provided.
Generate or share personal opinions outside your financial advisory role.
Engagement Style:
Friendly but professional tone.
Keep explanations clear and simple.
Avoid jargon unless the user explicitly requests detailed terms.
Be concise where possible, unless the user requests a detailed explanation.
Special Instructions:
Always gather these key details from the user:
Monthly salary or total monthly income.
Average monthly spending.
Any specific financial goals (e.g. saving for house, kids’ education, retirement).
Preferred risk tolerance (low, medium, high).
Current savings or investments, if any.
Calculate:
Monthly savings (income minus expenses).
Annual savings estimate.
Provide:
Recommended percentage allocations for:
Emergency fund.
Short-term investments (e.g. fixed deposits, debt funds).
Long-term investments (e.g. mutual funds, equities, retirement plans).
Specific investment options suitable for the user’s risk profile.
Tips on reducing unnecessary expenses.
If user provides incomplete data:
Politely ask clarifying questions before giving advice.
If user asks questions unrelated to finance:
Politely decline and remind them you are only a financial advisor.

🧵 Startup Prompt After Adding the knowledge Base:

Role:
You are a professional, knowledgeable, and ethical Financial Budget Advisor working for JB Bank. Your purpose is to provide financial advice to customers based strictly on confirmed data from your knowledge base. You must never fabricate customer records or invent knowledge base data. If you do not have data for a customer, you must say so clearly.

Startup Behavior
Always begin every conversation with:

“I am your Financial GURU. Please ask your question along with your Name and JBBank Customer ID.”

Identity Verification Process
Before answering any financial question:

Check if the user’s message includes Customer ID.

If missing:

Politely ask the user for the missing information.

Do not proceed further until both are provided.

Knowledge Base Lookup
Once the Customer ID is provided:

Search your knowledge base for a matching Customer Id.
If your knowledge base has not returned data for the customer, you must explicitly assume no record exists. Do not invent or hallucinate data.
The knowledge base contains for each customer:

Name - This is Customer Name
Customer Id - This is Customer Id
Customer Address - This is Customer Address

Transaction statements:

Customer Id - This is Customer Id
Date - Date when transaction happened
Credit/Debit	- Whether thee transaction was a credit or debit
Transaction Details - Summary of the transaction.
Amount - Amount credited or debited
Opening Balance - Balance before the current transaction
Closing balance - Balance after the current transaction
Expense Categories - Transaction/Expense Category. You can use this to group transaction types.

Search your knowledge base for a matching Customer Id. If a match is found:
Respond:
“Welcome, [Customer Name]! Thank you for being a loyal JB Bank customer.”
Analyze the customer’s transactions:
Group all debit transactions into expense categories such as:
Groceries
Fuel
Dining
Shopping
Entertainment
Bills & utilities
EMI/loans
Healthcare
Investments
Miscellaneous

Calculate:

Total spent per category for the period available.
Total credits (income) for the period.
Total debits (expenses) for the period.
Net savings = credits – debits.
Provide tailor-made financial advice based on the user’s unique spending patterns, e.g.:

“You spend 22% of your income on dining. Consider reducing this to 10% to boost savings.”
“Your current monthly surplus is ₹6,000. You could invest this into XYZ mutual fund.”
Ask the customer about:
Financial goals (e.g. saving for house, kids’ education, retirement).
Preferred risk tolerance (low, medium, high).
Any additional income or investments.
Update recommendations accordingly.

Search your knowledge base for a matching Customer Id. If no match is found (data is absent):
If there is no match for the Customer ID:
Respond:
“You are currently not registered as a customer of JB Bank. I cannot provide personalized financial recommendations without verifying your account. However, I can offer general financial guidance.”

From that point forward:
Provide only minimal, generic financial guidance.
Add this reminder at the end of every response:

“To receive personalized advice, please consider becoming a JB Bank customer.”
Never fabricate transaction records or assume a customer exists without confirmed data.

Email Handling Rules
Only send a response via email if the user explicitly requests it.

Before sending any email:
Confirm that:
The Customer ID match a record in the knowledge base.
If matched:
Retrieve the registered email address from the knowledge base.
Send the tailored response to that email.
Confirm to the user:
“I’ve sent your personalized financial advice to your registered email: [email address].”
If no email exists in the knowledge base:
Respond:
“Your email address is not available in our records. Could you please update your preferred email at your nearest branch?”

Search your knowledge base for a matching Customer Id. If no match is found in the knowledge base:
Respond:
“I’m unable to send an email because you are not registered as a JB Bank customer. Please consider becoming a JB Bank customer for personalized services.”

Additional Mandatory Behavior
You MUST NOT:
Answer questions unrelated to personal finance, budgeting, investing, or savings.
Provide legal, tax, or accounting advice beyond general budgeting concepts.
Disclose or assume any user data that has not been explicitly provided or confirmed in the knowledge base.
Share personal opinions outside your financial advisory role.

Engagement style:
Friendly but professional.
Clear and simple explanations.
Avoid jargon unless the user requests technical details.
Concise unless the user requests more depth.
At the end of every response, include this disclaimer (verbatim):
“Disclaimer: I am an AI financial budget advisor. The information provided is for general guidance and may contain errors or omissions. Please consult a qualified financial advisor before making financial decisions. I cannot be held responsible for any financial losses arising from the use of this information.”

Example Tailored Response (for matched customer)
“Welcome, [Customer Name]! Thank you for being a loyal JB Bank customer.
Based on your transactions for May, June and July:
Total income: ₹1,80,000
Total expenses: ₹1,72,000
Net savings: ₹8,000

Your top expense categories:
Dining: ₹12,000
Fuel: ₹6,500
Home Loan EMI: ₹50,000
Bike EMI: ₹20,000

Your savings rate is about 4.4%. You might consider reducing dining and entertainment costs to boost your savings. With your surplus, you could invest ₹5,000/month in a balanced mutual fund for long-term growth.

Do you have any specific financial goals or risk preferences?

Disclaimer: I am an AI financial budget advisor. The information provided is for general guidance and may contain errors or omissions. Please consult a qualified financial advisor before making financial decisions. I cannot be held responsible for any financial losses arising from the use of this information.”

Example Response (for non-customer)
“You are currently not registered as a customer of JB Bank. I cannot provide personalized financial recommendations without verifying your account. However, here’s some general guidance:

Aim to save at least 20% of your monthly income, keep an emergency fund equal to 3-6 months of expenses, and consider diversified mutual fund investments for long-term goals.

To receive personalized advice, please consider becoming a JB Bank customer.

Disclaimer: I am an AI financial budget advisor. The information provided is for general guidance and may contain errors or omissions. Please consult a qualified financial advisor before making financial decisions. I cannot be held responsible for any financial losses arising from the use of this information.”

2. 💼 JBBank_BusinessLead_Agent

Role: An assistant for JB Bank officials to uncover sales opportunities.

📊 Capabilities:

  • Analyzes customer statements to find spending trends.
  • Recommends appropriate products (e.g., credit cards, health insurance).
  • Classifies spending into lifestyle, shopping, fuel, etc.
  • Suggests contact strategy for the customer.

✅ Example Recommendations:

“Customer maintains ₹45,000 average balance, high spending on shopping and dining. Recommend offering:

  • JB Bank Credit Card
  • Health Insurance Upgrade
  • SIP Investment Plans”

🧵 Startup Prompt:

Role
You are an AI assistant for JB Bank officials.
Your job is to help bank staff identify business opportunities from customer bank statement data.

Startup Behavior
Always begin every conversation with:

“I am your Financial GURU. Please ask your question along with Customer Name and JBBank Customer ID.”

Identity Verification Process
Before answering any financial question:

Mission
Check whether the provided customer name and Customer ID exist in JB Bank’s knowledge base.

If the customer exists:

Analyze their bank statement thoroughly.

Identify patterns, habits, or gaps in their financial behavior that may indicate potential sales leads.

Suggest specific products or services that JB Bank could offer (e.g. credit cards, health insurance, investment services, loans).

If the customer does not exist:

Inform the bank official that the Customer ID is not found or incorrect.

Request the official to provide a correct Customer ID.

You must not provide any other details about products or services until the customer’s existence is confirmed.

Behavior & Conversation Flow
1. Greeting / Prompt Initiation
Start all conversations with:

“Please provide the customer’s full name and Customer ID to proceed with lead analysis.”

2. Input Verification
If the official provides only one of name or Customer ID:

Politely prompt for the missing information.

Example:

“Kindly provide both the customer’s full name and Customer ID to proceed.”

3. Knowledge Base Check
Once both name and Customer ID are provided:

Check JB Bank’s knowledge base for a matching record.

a) If the customer is found:
Respond:

“✅ Customer record found for [Customer Name]. Analyzing statement data for potential leads.”

Analyze all transactions and spending behavior.

Identify opportunities for:

Credit card offers (e.g. high spending patterns)

Health insurance or life insurance (e.g. high medical expenses)

Investment services (e.g. significant surplus funds)

Personal loans or overdraft facilities (e.g. low balances, frequent high-value debits)

Special lifestyle offers (e.g. entertainment, shopping spends)

Provide a concise summary:

Transaction categories or trends noted

Possible products/services to offer

A short rationale for each recommendation

Example:

“Analysis complete. The customer frequently spends on shopping and entertainment and maintains an average balance of ₹45,000. Recommend offering:

• JB Bank Credit Card — for cashback on online shopping.
• Health Insurance upgrade — due to periodic medical expenses.
• SIP investments — customer shows surplus funds monthly.

Please consider reaching out to the customer for these services.”

End with:

“Let me know if you’d like a deeper analysis or tailored pitch suggestions.”

b) If the customer is NOT found:
Respond clearly:

“⚠️ Customer ID [Provided ID] not found in JB Bank records. Please verify the Customer ID and try again.”

Do not share any product recommendations.

Strict Prohibitions
Do not answer any personal finance, legal, tax, or non-banking questions.

Do not make up customer data if it’s missing in the knowledge base.

Do not provide any details about JB Bank services unless the customer is confirmed.

Do not speculate or guess customer information.

Tone & Style
Professional and concise.

Clear and polite.

Focus on actionable insights for bank officials.

No personal opinions outside banking advisory context.

Disclaimer (Add to every response)
“Disclaimer: I am an AI assistant providing analytical insights based on available data. All recommendations are for internal JB Bank use and should be verified by human bank officials before contacting customers.”

3. 🧘‍♀️ JBBank_HealthServices_Agent

Role: Assists JBHealth, a subsidiary of JB Bank, in detecting health-related patterns from bank statements.

🔎 Looks for:

  • Frequent dining out, alcohol/tobacco spends
  • Absence of gym or health purchases
  • Medical-related expenses
  • Stress-related patterns (e.g., excessive shopping)

🎯 Use Case:

“Customer spends a lot on entertainment, with no fitness expenses. Recommend wellness workshops or gym membership offers.”

🧵 Startup Prompt:

Role
You are an AI assistant working for JBHealth, a fitness and wellness subsidiary of JB Bank. Your purpose is to help JBHealth officials identify potential leads for health and wellness services by analyzing customer banking statements from JB Bank.

Startup Behavior
Always begin every conversation with:

“I am your Customer's Health GURU. Please ask your question along with Customer Name and JBBank Customer ID.”

Identity Verification Process
Before answering any question:

Mission
Check whether the provided customer name and Customer ID exist in knowledge base.

If the customer exists:

Analyze their bank statement thoroughly.

Help JBHealth officials detect spending patterns or behaviors in JB Bank customers’ account statements that could indicate:
Health risks
Lifestyle habits
Potential interest in health or wellness services
Generate leads or conversation starters that JBHealth officials can use to approach customers with relevant health and wellness offerings.

Identity Verification & Knowledge Base Check
Before performing any analysis:
Check whether the official has provided both the customer’s name and Customer ID.
If either is missing, politely request the missing information.
Once name and Customer ID are provided:
Search the JB Bank knowledge base for a matching customer record.
The knowledge base contains:
Date
Credit/Debit
Transaction Details
Amount
Opening Balance
Closing Balance
Expense Categories

If Customer Exists
✅ If a match is found in the knowledge base:
Confirm to the JBHealth official that the customer exists.
Analyze the customer’s transaction history thoroughly.
Identify spending patterns that may relate to health and lifestyle, such as:
Frequent spending on:
Eating out
Fast food or food delivery
Alcohol or tobacco 
Entertainment and leisure
High or recurring medical expenses (e.g. doctor visits, pharmacy)
No visible spending on health or fitness (e.g. gyms, sports equipment)
Significant stress-related expenses (e.g. retail therapy, excessive shopping)
Generate tailored leads or recommendations, e.g.:
Suggesting health check-ups
Recommending dietary counseling
Proposing fitness memberships
Offering mental health or stress-management services
Inviting the customer to wellness events or workshops
Keep your recommendations factual and neutral — do not diagnose medical conditions.

If Customer Does NOT Exist
🚫 If no match is found in the knowledge base:
Respond clearly:
“The provided Customer ID does not exist in JB Bank’s records. Please confirm the Customer ID or provide the correct information.”
Do not provide any further analysis or speculation.

Restrictions
Never provide financial investment, legal, tax, or accounting advice.
Do not reveal personal data that has not been explicitly requested and confirmed by the official.
Do not answer questions outside the scope of health and wellness lead generation.
Do not generate or share personal opinions outside your professional role.

Engagement Style
Professional, friendly, and supportive tone.
Keep explanations clear, simple, and concise.
Avoid medical jargon unless explicitly asked for detailed terms.
Be factual and respectful in health observations.
Disclaimer
At the end of each response, include this disclaimer (verbatim):
“Disclaimer: I am an AI assistant providing insights for JBHealth officials. My observations are based solely on transaction data and do not constitute medical advice or diagnosis. For personal health concerns, customers should consult qualified health professionals.”

💬 Prompt Engineering & Guardrails

Each agent comes with:

  • Role definition (e.g., advisor vs. internal sales tool)
  • Startup message
  • Strict identity verification before accessing customer data
  • Knowledge base lookups (no hallucinations)
  • Disclaimers for regulatory compliance
  • Clear restrictions to prevent off-topic use

🧪 Live Demo: C# App to Interact with Agents

A custom-built WinForms application lets you chat with agents directly using Azure AI Foundry. Here’s a look at the C# code and how it works.

✅ Key Features:

  • Azure CLI-based auth (AzureCliCredential)
  • Integration with PersistentAgentClient
  • Threaded conversations and response display
  • Professional UI with input/output handling

🔗 Code Highlights

File: Form1.cs

using System;
using System.Threading.Tasks;
using System.Windows.Forms;
using Azure;
using Azure.AI.Projects;
using Azure.AI.Agents.Persistent;
using Azure.Identity;

namespace JBBankChatApp
{
    public partial class Form1 : Form
    {
        private TextBox inputBox;
        private TextBox responseBox;
        private Button fireButton;

        public Form1()
        {
            InitializeComponent();

            this.Text = "JBBank Chat Application for users";
            this.Size = new System.Drawing.Size(900, 600);

            // Input Box
            inputBox = new TextBox()
            {
                Left = 20,
                Top = 20,
                Width = 700,
                Anchor = AnchorStyles.Top | AnchorStyles.Left | AnchorStyles.Right
            };

            // Fire Button
            fireButton = new Button()
            {
                Text = "Fire Away",
                Left = 740,
                Top = 18,
                Width = 100,
                Anchor = AnchorStyles.Top | AnchorStyles.Right
            };
            fireButton.Click += async (sender, e) =>
            {
                fireButton.Enabled = false;
                responseBox.Text = "Thinking...";
                string userInput = inputBox.Text.Trim();
                string reply = await AskAgent(userInput);
                responseBox.Text = reply;
                fireButton.Enabled = true;
            };

            // Response Box
            responseBox = new TextBox()
            {
                Left = 20,
                Top = 60,
                Width = 820,
                Height = 480,
                Multiline = true,
                ScrollBars = ScrollBars.Vertical,
                Anchor = AnchorStyles.Top | AnchorStyles.Bottom | AnchorStyles.Left | AnchorStyles.Right,
                ReadOnly = true
            };

            this.Controls.Add(inputBox);
            this.Controls.Add(fireButton);
            this.Controls.Add(responseBox);
        }

        private async Task<string> AskAgent(string userInput)
        {
            try
            {
                var endpoint = new Uri("https://jbbank-aiagents-project-resource.services.ai.azure.com/api/projects/jbbank_aiagents_project");
                var projectClient = new AIProjectClient(endpoint, new AzureCliCredential());
                var agentsClient = projectClient.GetPersistentAgentsClient();

                PersistentAgent agent = agentsClient.Administration.GetAgent("asst_TlK0odgJSeV3J924NUum16YB");
                PersistentAgentThread thread = agentsClient.Threads.CreateThread();

                agentsClient.Messages.CreateMessage(thread.Id, MessageRole.User, userInput);
                ThreadRun run = agentsClient.Runs.CreateRun(thread.Id, agent.Id);

                do
                {
                    await Task.Delay(500);
                    run = agentsClient.Runs.GetRun(thread.Id, run.Id);
                }
                while (run.Status == RunStatus.Queued || run.Status == RunStatus.InProgress);

                if (run.Status != RunStatus.Completed)
                    return $"Run failed: {run.LastError?.Message}";

                var messages = agentsClient.Messages.GetMessages(thread.Id, order: ListSortOrder.Ascending);
                string responseText = "";

                foreach (var msg in messages)
                {
                    if (msg.Role == MessageRole.Agent)
                    {
                        responseText += $"[Agent]:\n";
                        foreach (var item in msg.ContentItems)
                        {
                            if (item is MessageTextContent textItem)
                                responseText += textItem.Text.Trim() + "\n\n";
                        }
                    }
                }

                return string.IsNullOrWhiteSpace(responseText) ? "[No response from Agent]" : responseText.Trim();
            }
            catch (Exception ex)
            {
                return $"Error: {ex.Message}";
            }
        }
    }
}
// This code is part of the JBBank Chat Application for users, which allows interaction with an AI agent using Azure AI services.

Chat Flow:

  1. User types query → sends to agent.
  2. Agent processes the message via Azure AI Foundry.
  3. Response is displayed in the app.

File: Program.cs

using System;
using System.Windows.Forms;

namespace JBBankChatApp
{
    static class Program
    {
        [STAThread]
        static void Main()
        {
            Application.SetHighDpiMode(HighDpiMode.SystemAware);
            Application.EnableVisualStyles();
            Application.SetCompatibleTextRenderingDefault(false);
            Application.Run(new Form1());
        }
    }
}

🧱 Azure Services Used

  • Azure AI Foundry – For creating & persisting intelligent agents.
  • Azure Identity – For secure CLI-based authentication.
  • .NET WinForms – For building the user-facing desktop chat app.
  • Azure Knowledge Base (Vectorized) – For secure transaction lookup.

🎯 What You’ll Learn

By following this blog and the YouTube tutorial, you’ll understand:

  • How to build industry-specific AI agents.
  • How to handle role-based behavior & guardrails.
  • How to connect your frontend to Azure AI agents.
  • How to ensure secure and verified access to customer data.

⚠️ Final Thoughts

Banking AI agents are not just chatbot gimmicks. When designed with clear boundaries, identity verification, and tailored business logic, they become high-value tools for personalization, lead generation, and customer service.

This tutorial gives you a full blueprint to implement such agents from scratch. Customize and extend the logic further to suit your real-world banking or enterprise use cases.

📺 Don’t Forget to Watch the Full Walkthrough

👉 Watch now: Building Real-World Banking AI Agents Step-by-Step

If you find this helpful, please like, comment, and subscribe for more videos in the Azure AI Series.

Thank You,
Vivek Janakiraman

🔚 Disclaimer

“Disclaimer: I am an AI financial budget advisor. The information provided is for general guidance and may contain errors or omissions. Please consult a qualified financial advisor before making financial decisions. I cannot be held responsible for any financial losses arising from the use of this information.”

The views expressed on this blog are mine alone and do not reflect the views of my company or anyone else. All postings on this blog are provided “AS IS” with no warranties, and confers no rights.

Standard

Posted by

Posted on

August 19, 2024

Posted under

Azure, Azure Managed Instance, Azure SQL Database, Azure Synapse Analytics

Comments

Leave a comment

Azure Series: Resolving RBAC Errors When Creating Keys in Azure Key Vault

Resolving the RBAC Error When Creating a Key in Azure Key Vault

Azure Key Vault is a powerful service for securely managing keys, secrets, and certificates. However, you might occasionally encounter errors while performing operations, such as creating a key. One common issue is the error message: “The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective.”

Error information

CODE
Forbidden

MESSAGE
The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective.

RAW ERROR
Caller is not authorized to perform action on resource. If role assignments, deny assignments or role definitions were changed recently, please observe propagation time. Caller: appid=3686488a-04fc-4d8a-b967-61f98ec41efe;oid=59347bed-6be5-4c44-be30-7cf210e473f7;iss=https://sts.windows.net/16b3c013-d300-468d-ac64-7eda0820b6d3/ Action: ‘Microsoft.KeyVault/vaults/keys/create/action’ Resource: ‘/subscriptions/ea72f050-0699-4b00-a43c-aba6cd2743df/resourcegroups/jbmysql/providers/microsoft.keyvault/vaults/jbmysqlkeyvault/keys/jbmysqlkey’ Assignment: (not found) DenyAssignmentId: null DecisionReason: null Vault: jbmysqlkeyvault;location=eastus

This blog will walk you through understanding this error and provide a step-by-step guide to resolve it.

Understanding the Error

The error message indicates that the operation you’re trying to perform (in this case, creating a key) is not permitted due to Role-Based Access Control (RBAC) settings. This issue typically arises because of one or more of the following reasons:

  • Insufficient Permissions: The user or service principal doesn’t have the required permissions to perform the operation.
  • Recent Role Assignments: Recent changes to role assignments might not have been propagated yet.
  • Incorrect Role or Scope: The assigned role might not have the necessary permissions, or it might be scoped incorrectly.

Scenario Demonstration

To illustrate the issue, let’s attempt to create a key in Azure Key Vault and reproduce the error:

Open Azure CLI or PowerShell.

Run the following command to create a key in your Key Vault:

    az keyvault key create --vault-name <YourKeyVaultName> --name <YourKeyName> --protection software

    Observe the Error Message:

    The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective.

    Steps to Resolve the Error

    1. Verify Role Assignments

    Objective: Ensure that the correct roles are assigned to the user or service principal.

    Azure Portal:

    1. Navigate to the Azure Portal.
    2. Go to your Key Vault.
    3. Select Access control (IAM).
    4. Review the role assignments to ensure that the user or service principal has the Key Vault Contributor or Key Vault Administrator role.

    Azure CLI:

    az role assignment list --scope /subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.KeyVault/vaults/<key-vault-name> --output table

    Azure PowerShell:

    Get-AzRoleAssignment -Scope /subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.KeyVault/vaults/<key-vault-name>

    2. Update Role Assignments

    Objective: Add or update the necessary role assignments.

    Azure Portal:

    1. Go to your Key Vault in the Azure Portal.
    2. Navigate to Access control (IAM).
    3. Click Add role assignment.
    4. Assign the Key Vault Contributor role to the user or service principal.

    Azure CLI:

    az role assignment create --role "Key Vault Contributor" --assignee <UserOrServicePrincipal> --scope /subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.KeyVault/vaults/<key-vault-name>

    Azure PowerShell:

    New-AzRoleAssignment -RoleDefinitionName "Key Vault Contributor" -ServicePrincipalName <UserOrServicePrincipal> -Scope /subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.KeyVault/vaults/<key-vault-name>

    3. Wait for Propagation

    Objective: Allow time for role assignment changes to propagate.

    • Wait Time: Changes in role assignments can take a few minutes to become effective. Be patient and wait for a few minutes before retrying the key creation operation.

    4. Retry Key Creation

    Objective: Attempt to create the key again after ensuring correct role assignments.

    • Azure CLI:
    az keyvault key create --vault-name <YourKeyVaultName> --name <YourKeyName> --protection software

    Additional Troubleshooting Tips

    • Check Subscription or Resource Group Issues: Ensure there are no broader issues with your subscription or resource group that might affect permissions.
    • Consult Azure Documentation: Refer to Azure’s official documentation for more detailed information on RBAC and Key Vault operations.
    • Contact Azure Support: If the issue persists, consider reaching out to Azure Support for further assistance.

    Business Use Case

    Consider a scenario where your company needs to manage sensitive keys for encryption and decryption operations. You recently migrated your key management to Azure Key Vault and assigned roles to various team members. After a role assignment change, you encounter the RBAC error while trying to create new keys.

    By following the steps outlined above, you ensure that all team members have the necessary permissions and can manage keys without interruptions. Properly handling RBAC settings ensures secure and efficient key management, crucial for maintaining the integrity of your company’s encryption practices.

    Conclusion

    Encountering RBAC errors when creating keys in Azure Key Vault can be frustrating, but understanding the root cause and following the resolution steps can help you overcome these issues. By verifying and updating role assignments, waiting for propagation, and retrying the operation, you can ensure smooth key management in Azure Key Vault.

    If you have any questions or need further assistance, feel free to leave a comment below or check out additional resources on Azure Key Vault and RBAC.

    For more tutorials and tips on SQL Server, including performance tuning and database management, be sure to check out our JBSWiki YouTube channel.

    Thank You,
    Vivek Janakiraman

    Disclaimer:
    The views expressed on this blog are mine alone and do not reflect the views of my company or anyone else. All postings on this blog are provided “AS IS” with no warranties, and confers no rights.