Azure OpenAI Chat Web Part with Corporate Data Search

Dec 23, 2023

This is an Azure OpenAI Chat Web Part for SharePoint Online, offering a user experience that is familiar to users of ChatGPT.

  • SPFx 1.18, React

Data Privacy

Azure OpenAI is the private GDPR-compliant service developed by Microsoft and deployable to your Azure tenant. Data provided to endpoints of Azure OpenAI is kept inside the boundaries of your tenant. Data storage locations can be selected explicitly.

Native OpenAI is a public service, which provides access to its optional API by paid subscriptions. Any data provided to endpoints of Native OpenAI goes outside the boundaries of your tenant. As of December 2023, Native OpenAI is GDPR-compliant, but this may require additional agreements related to data storage locations for companies in EU.

This web part interacts with private Azure OpenAI endpoints that are published via Azure API Management service (APIM).

  • By default, this setup provides enhanced data privacy. In this configuration, requests to AI do not travel outside your Azure tenant.
  • APIM consistently validates the identities of SharePoint users for each individual request. If the request originates from authorized domains, APIM retrieves the api-key from the secure vault and injects it into the request before forwarding it to the AI endpoint. This process ensures that the api-key does not get exposed in the browser.
  • Chats are private and visible only to their creators. Creators have the option to share their chats when this feature is enabled in the web part settings (disabled by default).
  • The web part incorporates tampering prevention logic to guard against unauthorized access to another user’s data by their GUID. Creators can share their chats with everyone or only with specific people in the company.

In addition to the default configuration, you have the option to publish the Native OpenAI endpoint in APIM. You can find instructions in the documentation (pages 23 and 32-35).

  • CONS: Granting access to the Native OpenAI endpoint requires a separate api-key for it and could potentially compromise data privacy, as requests might travel outside your Azure tenant under this setup.
  • PROS: Using the Native OpenAI endpoint could grant you access to the latest language models that are not currently available in Azure OpenAI.

In the simplest case, you can also use direct access to Azure OpenAI and Native OpenAI endpoints, configured with an api-key explicitly stored in the web part properties.

  • This setup, while the least secure, can provide a quicker start. It is not recommended for production use, but it can be used for quick tests or in situations where you do not have access to Azure API Management or Azure OpenAI.
  • The stored key is encrypted in the web part properties and displayed as *** in the Property Pane. However, it will travel in browser requests and can be viewed within the DEV tools > Network > Request headers.

The web part supports optional integrations with company data. For security reasons, these integrations are disabled by default and must be explicitly enabled in the web part settings.

The integrations available in this release include:

  • SharePoint Search
  • Company Users
  • Local Date and Time
  • Analysis of an uploaded PDF and summarization of its content
  • Analysis of uploaded images and description of their content
  • Version 1.1 released on Dec 11, 2023. It includes the following additional options:
    • Search on the Internet: Bing and Google (+ Reddit).
      • The configuration is supported in two alternatives:
          1. Using the additional APIM-endpoints https://tenant.azure-api.net/bing and/or https://tenant.azure-api.net/google
          1. Using the direct Bing and Google endpoints with own api-key values stored in the web part settings (less secure).
    • Image generation from the prompt text. This option supports Dalle 3.
      • The configuration is supported in three alternatives:
          1. Using the additional APIM-endpoint https://tenant.azure-api.net/openai/dalle
          1. Using the Azure OpenAI endpoint https://tenant.openai.azure.com/openai/deployments/dalle3/images/generations?api-version=2023-12-01-preview with api-key stored in the web part settings (less secure).
          • The model Dalle3 is available for the deployment in Swedish Central zone (as of December 2023).
          1. Using the Native OpenAI endpoint https://api.openai.com/v1/images/generations with api-key stored in the web part settings (less secure).
    • The option to use voice input to prompt text is available.
  • Version 1.2 released on Dec 23, 2023. It includes the following additional options:
    • Data encryption for all storage types.
      • SharePoint list
      • Database
      • Local Storage
      • Seamless support of the Chat Sharing option for all storage types
    • GPT-4 Vision APIM endpoint (/openai4/vision).
    • Speech synthesis to read out AI-generated texts by default
      • The standard Web Speech API requires selecting the preferred language; using default page language is not always optimal. This default option is used when Native OpenAI text-to-speech model is not available.
      • Azure OpenAI does not yet have support for text-to-speech models (as of Dec 2023).
    • /tts APIM endpoint (/openainative/tts) and Native OpenAI text-to-speech model for AI-generated texts.
      • In case of using Native OpenAI endpoints – direct URL or APIM-based operation – the native text-to-speech model automatically handles text that contains mixed languages.
  • Version 1.3 released on Sep 7, 2024. I added support for two newer language models, GPT-4o and GPT-4o Mini.
    • In order to upgrade, GPT-4o APIM endpoints should be added under the existing root API OpenAI4: /openai4/chat4o and /openai4/chat4omini
    • Parallel function calling, image generation and recognition are seamlessly supported for new models.
    • Updated documentation with these new models.

Posted

in

by