DigPacks Document Translator Pro

Introduction

1. A Power Platform application utilising the Azure AI Translator service, allowing users to upload single or multiple documents and translate them from and to 69 supported languages.
2. Files are uploaded via application from the user’s local machine or any other file source which in turn deploys them as blobs into Azure Blob Storage account, passes them through the Translator service, and returns the translated document into Blob, ready for the user to view.
3. This solution preserves the presentation of the source file (so, doesn’t just extract text and translate that like AI Builder services; rather, translates the text and retains the overall structure of the source document, and outputs in the same file format as the source document).
4. The source document’s language is automatically detected; meaning that users don’t need to know what language the source document is in before translating it to, most likely, English.
5. Translate large files in large batches – individual document size up to 25MB, up to 15 documents in one translation batch (max 375MB per batch).
6. Translate a SharePoint document libary - maximum of 10 files in the library
7. Transcribe and translate speech all within the app. Apply punctuation and breaks where you like, and the translator does the rest. Supported audio files are .wav, .mp3 and .ogg (more coming soon).
8. A custom Security Role so that only people/groups you choose can use the application.
9. We now have local-user selectable UI in Welsh as well as English.

Account permissions

IMPORTANT:

In order to deploy and run this service, you'll need:

Azure account permissions

• Azure account: If you're new to Azure, get an Azure account for free and you'll get some free Azure credits to get started.
• An Azure subscription.
• Azure account permissions:
  • Your account must have Microsoft.Authorization/roleAssignments/write permissions, such as RBAC Administrator, User Access Administrator or Owner. If you don't have subscription-level permissions, you must be granted RBAC for an existing resource group and deploy to that existing group.
  • Your Azure account also needs Microsoft.Resources/deployments/write permissions on the subscription level.
  • If you are not sure if you have the correct permissions, ask your Global Administrator to undertake the Azure deployment.

Power Platform account permissions

• Power Apps and Power Automate Premium licenses.
• The System Administrator role on your target environment(s).

Services used

• Power Apps
• Power Automate
• Azure AI Translator
• Azure AI Speech
• Azure Blob Storage Account

Service configuration

1. Azure Blob Storage Account

• Standard performance tier* - StorageV2.
• Hot access tier.
• Redundancy default to LRS, but can choose from LRS, GRS, RA-GRS, ZRS, GZRS or RZ-GZRS.
• Region default to UK South, but can choose from UK South or UK West.
• TLS 1.2
• HTTPS traffic only
• Blob access default to public.
• Shared key access allowed.
• Public network access enabled.
• Soft delete retention for Blob, Container and Share = 7 days.
• Infrastructure encryption is enabled.
• Microsoft Managed Keys (MMK) only.

*Premium performance tier not currently supported. Coming soon.

2. Azure AI Translator (part of Azure AI* suite)

• Region - UK South by default, but can choose from UK South or West Europe.
• Pricing tier - Standard S1 (PAYG) by default, but can choose from S1, S2, S3, S4, C2, C3, C4 or D3.
• Networking - public.
• System-assigned managed identity to communicate with the Storage Account.

3. Azure AI Speech (part of Azure AI* suite)

• Region - UK South by default, but can choose from UK South or West Europe.
• Pricing tier - S0 Standard.
• Networking - public
• System-assigned managed identity to communicate with the Storage Account.

*Previously known an Azure Cognitive Services.

4. Power Apps

• Power Apps Premium licenses for all users.

5. Power Automate

• Power Automate Premium licenses for all users.

Installation / deployment

Cost estimation

Pricing varies dependant on region and consumption, so it is not possible to predict exact costs for your usage; but you can use the Azure pricing calculator for the resources used.

Note: You cannot use the Free tier of the Azure AI Translator service as this does not support document translation.

💥 You should not incur costs if the solution is not used, but delete the resources and redeploy them if you like to avoid charges. You may incur charges if you do not use the solution but deploy, for example but not limited to, a higher tier than S1 for the Translator service. 💥

Enabling authentication

By default, the only people who can use the solution are those whom you share the Power App with; however, the Azure AI Translator service and Storage Account will have no authentication or access restrictions enabled, meaning anyone who may have access to the endpoint(s) and key(s) in Azure can utilise the services over API. You can secure the services further if you wish by deploying a Virtual Network, using RBAC or another authentication method.

Enabling Application Insights

You can deploy Application Insights to monitor the usage of both your Storage Account and Azure AI Translator service if you wish. Application Insights allows for the tracing of each request along with logging of any errors.

Adding users

The recommended method of sharing the solution with other internal users, as per the license, is to add them to a new or existing Azure Security Group. This can either be direct or dynamic membership, but must be an Azure Security Group (not an M365 Group). The Security Group must have the permanent assignment of Storage Blob Data Contributor to the Storage Account deployed.

When the Power Platform solution has been deployed to your Production environment, share the Power App with the Azure Security Group. Assign the group the solution's Security Role of "DigPacks Translator Pro - User".

IMPORTANT: To get you set up quickly, we use the API Key authentication method to access the services via the Power Platform. However, when you deploy, feel free to change this to Azure Entra ID authentication if you like.

Azure infrastructure deployment

The deployment of the infrastructure for this solution is undertaken via ARM templates as IaC ('infrastructure as code'). IaC streamlines and automates the provisioning of infrastructure, ensuring consistent, repeatable setups. It enables quick scaling, version-controlled changes, and significantly reduces manual errors and operational costs. IaC fosters collaboration with code that's easily shared and maintained, offering swift recovery and environment parity. It's a cornerstone of DevOps, promoting agility and transparency across development, staging, and production environments.

There are many ways by which you can deploy the infrastructure for this solution, but the supported method is to use the ARM (Azure Resource Manager) templates provided in this repo. You can customise them as you see fit, but they provide the baseline for what is needed for the application to operate.

Azure template installation (quickstart)

1. Download template.json from this repo.
2. In Azure Portal, search for and select 'Template specs'. Alternatively, you can search for 'Deploy a custom template'.
3. Upload the template.json file from this repo.
4. Follow the on-screen prompts to complete the deployment. You must make some choices on the sku and pricing tiers you want.
5. When the services have deployed, you will need to make a note of the services' endpoints and access keys.
6. Navigate to the resource group you just deployed and, for each service (Azure AI Translator, Azure AI Speech service and the Storage Account), note the endpoint URL and one of the access keys.

Manually deploy each Azure service

This can be done via IaC, but to keep things simple, we'll use the Azure Portal to get you up and running.

Create a new resource group

1. In a Subscription, create a new resource group for where the resources will live.
2. In the newly created resource group, click "+ Create" from the taskbar.

Deploy the Blob storage account

1. Search for "storage account" and select the one published by Microsoft. Click "Create" > "Storage account".
2. Give the storage account a name, choose the region, performance and redundancy options to suit you.
3. In the Advanced tab, ensure that "Allow enabling anonymous access on individual containers" is checked.
4. Click through to "Review" and click "Create". Your storage account is now deployed.
5. Go to the Storage Account resource. Click the "Containers" blade on the left-hand menu.
6. Create 5 containers, called "audio-to-translate", "files-to-translate", "source-history", "transcribed-audio", "translated-files". For each container, ensure that the access level is set to "Anonymous access level" > "Container".
7. Click on one of the Containers created and select the "Properties" blade from the left-hand side. Copy the URL displayed up to the "/" before the container name. Paste it into Notepad temporarily.
8. Step back into the Storage Account main page and click the "Access keys" blade on the left-hand side. Copy one of the keys and paste it into Notepad temporarily. Also make a note of the 'Storage account name'.
9. Your storage account is ready.

Deploy the Azure AI Translator service

1. From the resource group you created earlier, search for "translator" and select the Translator service. Click "Create" > "Translator".
2. Choose the Region for your Translator service. This must match the Region chosen for your Storage Account and MUST NOT be the Global region
3. Give your Translator service a name.
4. Select the pricing tier. Do not select the Free tier, as this does not support document translation.
5. In the Identity tab, make sure "System assigned managed identity" is set to "On".
6. Move forwards to Review + Create to start the deployment.
7. Once the Translator service is deployed, go to it and select the "Identity" blade from the left-hand panel. System assigned > Status should be "On".
8. Under Permissions, click "Azure role assignments".
9. Select "+ Add role assignment".
10. In the pop up window, select Scope > Storage.
11. Ensure the correct subscription is selected.
12. Under Resource, choose the Storage Account you deployed earlier.
13. Under Role, select "Storage Blob Data Contributor" and click Save.
14. Select the "Keys and Endpoint" blade on the left-hand panel, copy and note one of the keys. Make a note of both the Text Translation and Document Translation endpoints under Web API.
15. Your translator service is ready.

Deploy the Azure AI Speech service

1. From the resource group you created earlier, search for "speech" and select the Speech service. Click "Create" > "Speech".
2. Choose the Region for your Speech service. This must match the Region chosen for your Storage Account and MUST NOT be the Global region
3. Give your Speech service a name.
4. Select the "Standard S0" pricing tier.
5. In the Identity tab, make sure "System assigned managed identity" is set to "On".
6. Move forwards to Review + Create to start the deployment.
7. Once the Speech service is deployed, go to it and select the "Identity" blade from the left-hand panel. System assigned > Status should be "On".
8. Under Permissions, click "Azure role assignments".
9. Select "+ Add role assignment".
10. In the pop up window, select Scope > Storage.
11. Ensure the correct subscription is selected.
12. Under Resource, choose the Storage Account you deployed earlier.
13. Under Role, select "Storage Blob Data Contributor" and click Save.
14. Select the "Keys and Endpoint" blade on the left-hand panel, copy and note one of the keys. Make a note of both Endpoint given.
15. Your speech service is ready.

Power Platform deployment

After you have deployed the necessary infrastructure and noted the keys and endpoints as per the Infrastructure deployment section, you can import the .zip file containing the Power App, Power Automate flows and other elements.

1. Go to the Power Platform environment where you want to deploy Translator Pro.

2. Select import a solution

3. Click browse and Select the .zip solution

5. Click 'Next'

6. Click 'Next'

7. Here you need to set the connections for each service which the App uses.

8. For Microsoft Translator, paste in the 'Translator resource name' and 'Resource Key'.

9. Click 'Create'.

10. In "Apply changes", click Refresh.

12. For Azure Blob Storage, choose type of 'Access Key', paste the 'Azure Storage account name or blob endpoint' and 'Azure Storage Account Access Key'.

13. For Azure Batch Speech-to-text, choose 'Api Key', paste the 'Account Key' and enter the Region. For UK South, this should be entered as "uksouth".

14. When you have set all the connections, you should now click 'Import'.

15. You will now see the banner of "Currently importing solution "Digpacks Translator"".

16. After a moment, the import will complete and the banner will show "Solution "Digpacks Translator imported successfully".

17. In your solution, select the Environment Variable. Change it to the endpoint for your Blob Storage account - it will look like the below - and click Save:

https://<account name>.blob.core.windows.net

16. Navigate to Apps > click on the app and click Play

17. On first launch, you will be asked to confirm your authorisation to the connected services. Click 'Allow'.

18. The app is now deployed. Feel free to share it with users/groups, using the in-built Security Role of "Digpacks Translator Pro - User" which contains everything they need to use the app and services.
    You will need to share the Translator key with them when they first load the app.