VortexSurveillance Dev Environment — Home+HITH Setup

Tenant: VortexSurveillance.onmicrosoft.com | Tenant ID: 24528d2a-bbba-4be5-8de3-1bb70cb01654 | Date: May 2026

Purpose: Move development of the Home+HITH document processing pipeline to a personal dev tenant to allow unrestricted resource creation, testing, and iteration away from the NSW Health tenant.

Architecture Overview

OneDrive /HomHITH-Dev/01-Input
      │  (Power Automate trigger: When a file is created)
      ▼
Power Automate Dev Flow          (VortexSurveillance tenant)
      │  HTTP POST (base64 file content + metadata)
      ▼
Azure Function  func-homehith-dev  (Python 3.11, Consumption)
      │
      ├─ SHA-256 hash check → skip if duplicate
      ├─ Azure AI Document Intelligence  doc-intel-homehith-dev  (prebuilt-read OCR)
      ├─ INSERT → SQL: Documents table   (local: DAVID-HP\MSSQLDEVSERVER)
      ├─ Chunk text → INSERT → SQL: DocumentChunks table
      └─ Return JSON result to Power Automate
            │
            ├─ status: processed → move to /02-Output/Processed
            └─ status: error    → move to /02-Output/Failed + email alert

Phase 1 — Azure Resources

1.1 Resource Group

Resource Groups → + Create

Field	Value
Subscription	(your VortexSurveillance subscription)
Resource group	`rg-homehith-dev`
Region	Australia East

1.2 Storage Account

Storage accounts → + Create

Field	Value
Resource group	`rg-homehith-dev`
Name	`sthomehithdev` (lowercase, globally unique)
Region	Australia East
Redundancy	LRS (cheapest for dev)

After creation: Access keys → key1 → Connection string — copy it.

1.3 Azure AI Document Intelligence

Cognitive Services → Document Intelligence → + Create

Field	Value
Resource group	`rg-homehith-dev`
Name	`doc-intel-homehith-dev`
Region	Australia East
Pricing tier	F0 (free — 500 pages/month)

After creation: Keys and Endpoint — copy Key 1 and Endpoint URL.

1.4 Azure Function App

Function App → + Create

Field	Value
Resource group	`rg-homehith-dev`
Function App name	`func-homehith-dev` (globally unique)
Runtime stack	Python
Version	3.11
Region	Australia East
Hosting plan	Consumption (Serverless)
Storage account	`sthomehithdev`

Phase 2 — App Registration

Microsoft Entra ID → App registrations → + New registration

Field	Value
Name	`HomeHITH-FunctionApp-dev`
Supported account types	Accounts in this org directory only
Redirect URI	(leave blank)

After registering, note the Application (client) ID → referred to as <dev-client-id> below.

2.1 Create Client Secret

Certificates & secrets → + New client secret

Field	Value
Description	dev-caller
Expires	24 months

Copy the Value immediately — it is shown only once.

2.2 Expose an API

Expose an API → Set (accept default api://<dev-client-id>)

+ Add a scope:

Field	Value
Scope name	process-document
Who can consent	Admins only
Admin consent display name	Process Home+HITH Documents (dev)
State	Enabled

Phase 3 — Enable Authentication on Function App

func-homehith-dev → Authentication → + Add identity provider

Field	Value
Identity provider	Microsoft
App registration type	Provide existing app registration details
Application (client) ID	`<dev-client-id>`
Client secret	(from Phase 2)
Issuer URL	`https://login.microsoftonline.com/24528d2a-bbba-4be5-8de3-1bb70cb01654/v2.0`
Unauthenticated requests	HTTP 401 Unauthorized

Phase 4 — Function App Configuration

func-homehith-dev → Configuration → Application settings → + New application setting

Setting Name	Value
`SQL_CONNECTION_STRING`	`DRIVER={ODBC Driver 17 for SQL Server};SERVER=DAVID-HP\MSSQLDEVSERVER;DATABASE=HomeHITH;Trusted_Connection=yes;`
`DOCUMENT_INTELLIGENCE_ENDPOINT`	`https://doc-intel-homehith-dev.cognitiveservices.azure.com/`
`DOCUMENT_INTELLIGENCE_KEY`	Key 1 from Phase 1.3

Click Save after adding all settings.

Note on SQL: The Function App in Azure cannot reach DAVID-HP\MSSQLDEVSERVER directly. For local dev (func start), the local SQL connection works fine. For remote testing from Azure, either expose the SQL port via a VPN / Azure Hybrid Connection, or provision a free Azure SQL Serverless database in rg-homehith-dev.

Phase 5 — Update local.settings.json

File: Ingest/AzureFunction/local.settings.json

{
  "IsEncrypted": false,
  "Values": {
    "AzureWebJobsStorage": "<sthomehithdev-connection-string>",
    "FUNCTIONS_WORKER_RUNTIME": "python",
    "SQL_CONNECTION_STRING": "DRIVER={ODBC Driver 17 for SQL Server};SERVER=DAVID-HP\\MSSQLDEVSERVER;DATABASE=HomeHITH;Trusted_Connection=yes;",
    "DOCUMENT_INTELLIGENCE_ENDPOINT": "https://doc-intel-homehith-dev.cognitiveservices.azure.com/",
    "DOCUMENT_INTELLIGENCE_KEY": "<key1-from-doc-intel-homehith-dev>"
  }
}

Phase 6 — Deploy Function App

Open a terminal in Ingest/AzureFunction/ and run:

# Authenticate to VortexSurveillance tenant
az login --tenant 24528d2a-bbba-4be5-8de3-1bb70cb01654

# Deploy
func azure functionapp publish func-homehith-dev --python

After deployment, retrieve the Function Key:
func-homehith-dev → Functions → process-document → Function Keys → default → Copy

Phase 7 — Dev Power Automate Flow

Why OneDrive? The NSW Health SharePoint is in a different tenant — it cannot be accessed from VortexSurveillance. Use OneDrive for Business as a stand-in trigger for dev testing.

Go to make.powerautomate.com — sign in with VortexSurveillance account
+ Create → Automated cloud flow — Name: HomeHITH Dev Test
Trigger: OneDrive for Business — When a file is created
Folder: /HomHITH-Dev/01-Input
Get file content: OneDrive for Business — Get file content
File: ID from trigger dynamic content
HTTP action:

Field	Value
Method	POST
URI	`https://func-homehith-dev.azurewebsites.net/api/process-document?code=<function-key>`
Headers	`Content-Type: application/json`

HTTP Body:

{
  "filename":      "@{triggerOutputs()?['body/Name']}",
  "filecontent":   "@{base64(body('Get_file_content'))}",
  "uploaded_by":   "dev@VortexSurveillance.onmicrosoft.com",
  "document_type": "CFS"
}

Parse JSON — use this schema:

{
  "status": "processed",
  "document_id": 42,
  "chunks": 12,
  "extraction_method": "AzureDocumentIntelligence"
}

Condition: body('Parse_JSON')?['status'] is equal to processed
Yes branch: OneDrive — Move file → /HomHITH-Dev/02-Output/Processed
No branch: OneDrive — Move file → /HomHITH-Dev/02-Output/Failed + send email alert
Wrap steps 5–9 in a Scope and add a Run After error branch for timeouts/failures

Phase 8 — Smoke Test

Drop a sample PDF into OneDrive /HomHITH-Dev/01-Input
Watch the Power Automate run history — should complete with "status": "processed"
Check DAVID-HP\MSSQLDEVSERVER → HomeHITH → Documents and DocumentChunks tables for new rows
Confirm the file was moved to /02-Output/Processed

Placeholder Values to Fill In

Placeholder	Where to get it
`<sthomehithdev-connection-string>`	Storage account → Access keys → key1 → Connection string
`<key1-from-doc-intel-homehith-dev>`	Document Intelligence → Keys and Endpoint → Key 1
`<dev-client-id>`	App registration → Overview → Application (client) ID
`<client-secret-value>`	App registration → Certificates & secrets (copy immediately on creation)
`<function-key>`	func-homehith-dev → Functions → process-document → Function Keys → default

To save as PDF: File → Print → Destination: Save as PDF (or Microsoft Print to PDF) → Save