Let's talk

[ Azure ]

Designing your Azure platforms and integrating them into your Microsoft IT infrastructure

  • AKS Automatic

    Automating and standardising your managed Kubernetes clusters on Azure

    We design your AKS platforms for B2B SaaS solutions, business back-offices and partner extranets, with a node pool strategy tailored to your workloads and native integration with Azure Monitor. AKS Automatic has put an end to the debate over the maturity of managed Kubernetes at Microsoft.

  • Identity & Zero Trust

    Connecting your platforms to Microsoft Entra and your company IT system

    We build native integration with Entra ID, Workload Identity OIDC to decouple static secrets, and Application Gateway WAF to harden the perimeter. If identity issues are not well-managed, Microsoft’s architecture loses its coherence.

  • Multi-region

    Operating Azure across multiple markets and regions

    Our experience with multi-region and multi-market Azure architectures enables us to standardise the operation of interconnected platforms whilst adhering to the local requirements of each entity or market. Azure doesn’t require standardisation: it requires coordination.

The cornerstones of our Azure expertise

  • AKS Automatic and dedicated node pools

    AKS Automatic handles node management, networking and security automatically, with pre-configured container runtime and observability. We operate it using a dedicated pool strategy for each type of workload: ingress, application and batch.

  • Microsoft Entra ID and Workload Identity

    We design native Entra ID integration with systematic MFA, federation with your Microsoft 365 tenants, and conditional access policies. Workload Identity OIDC decouples static secrets for AKS workloads. For external or multi-cloud requirements, Keycloak rounds out the suite of solutions in line with your auditability requirements.

  • Azure API Management

    APIM exposes your back-ends and manages your REST, GraphQL and WebSocket APIs, including authentication, rate limiting and subscription plans. We use it alongside AKS to build API facades that integrate seamlessly with the Microsoft catalogue.

  • Azure Front Door, WAF and perimeter hardening

    We utilise the native Azure network security stack (Application Gateway WAF, Azure Front Door Premium, Azure DDoS Protection) to block attacks without compromising performance or generating crippling false positives.

  • Logic Apps and client middleware

    In mature Azure IT systems, Logic Apps often play a central role in application middleware. We work with these existing workflows to map, secure, optimise, automate and standardise their operation, in addition to the Kubernetes architectures we build on AKS.

  • Managed data and PaaS services

    Our expertise in Azure managed services (Database for MySQL and PostgreSQL, Cosmos DB, Azure Files, Azure Cache for Redis, Key Vault) enables us to put together the right components to reduce your operational overhead, without complicating the architecture through a laundry-list approach.

  • HashiCorp Vault and secrets management

    For multi-cloud environments, we run HashiCorp Vault on AKS alongside Azure Key Vault, with an automated and audited rotation policy. Secrets management is not about a single product; it’s about a pipeline-based approach.

  • Azure FinOps

    Azure Cost Management, Reservations and Savings Plans for compute form the basis. Our TCO audits are based on cloud-to-cloud comparisons where cost-effectiveness analysis warrants it, and the monthly review turns the invoice into a tool for ongoing cost-effectiveness analysis.

  • GitHub Actions, Azure DevOps and IaC

    We build your CI/CD pipelines using GitHub Actions or Azure DevOps. IaC is standardised using Bicep (native to Microsoft) or Terraform/OpenTofu, depending on your multi-cloud strategy. ArgoCD rounds out the toolkit for application GitOps.

The difference our Azure expertise makes

  • Hydro Building SystemsDeploying multi-site, multi-market Azure and AKS environments (Technal, Wicona, Sapa, Domal) with Azure FinOps, distributed caching and load testing integrated into the delivery pipeline
  • Forvis MazarsOverseeing Azure managed services for an international firm: standardised operations across all group entities, unified observability and coordination of version upgrades
  • Aroma-ZoneDeploying an Azure platform on top of an established Logic Apps and Azure Functions infrastructure, supported by a Platform Engineering study to underpin rapid international growth and automate and standardise a composable architecture of interconnected SaaS solutions
  • ChugaiDeploying Kubernetes infrastructure and Redis databases on Azure to meet the business needs of an international healthcare provider

[‘’]

Azure is no longer just an infrastructure choice; it is a fundamental IT choice. Whenever Microsoft Entra, Microsoft 365 or internal compliance for a large enterprise is involved, the Azure environment is the natural choice.

We don’t push Azure just for the sake of it. We keep the architecture where the Microsoft ecosystem works best, and switch to other clouds when it makes sense to do so. The real challenges are identity management, cross-market coordination and the long-term secrets management.

Adrien Bresson, Head of Cloud Infrastructure

Choosing Azure is rarely just about choosing Azure on its own merits: it’s about aligning with a Microsoft IT infrastructure.

Related technologies