zoff.tech

Microsoft Azure

How we build production AI on Microsoft Azure: Microsoft identity, Office documents, tenant boundaries, review workflows, and enterprise procurement.

Microsoft Azure is often the right production home when the buyer already lives in Microsoft identity, compliance, Office documents, and enterprise procurement.

We choose Azure when the workflow needs to respect the buyer's existing enterprise surface: Entra ID, Office documents, tenant boundaries, approval flows, security review, and the procurement process that already governs production software.

Where Microsoft Azure fits

  • Enterprise workflows built around Microsoft identity and document formats.
  • Internal assistants that need to respect existing tenant boundaries and approval processes.
  • AI features where security and procurement review are part of the delivery timeline, not a separate phase.
  • Agentic document workflows where source lineage, permissions, reviewer approval, and export format matter as much as model quality.

What we watch closely

  • Document reality. Word files, spreadsheets, SharePoint exports, and security questionnaires are messy. The ingestion path needs tests, not assumptions.
  • Tenant boundaries. A useful assistant is dangerous if it quietly crosses permissions the product would never cross.
  • Vendor defaulting. Azure is a strong platform, but the eval should still decide model choice, routing, and fallback.

Decisions we tend to make

  • Preserve human review for outputs with contractual, legal, or compliance weight.
  • Keep source citations and document lineage visible in the reviewer workflow.
  • Build permission checks into retrieval and export, not only into the front end.
  • Keep model routing portable enough to change when the eval or cost profile changes.

What we include in handover

  • Permission map for identity, retrieval, document access, reviewer actions, and export.
  • Document-ingestion tests for Word, spreadsheets, PDFs, SharePoint exports, and questionnaire formats.
  • Source-lineage rules so generated answers can be traced back to approved material.
  • Review-state model for drafts, SME approval, edits, rejection, and final export.
  • Runbooks for malformed documents, stale sources, tenant-boundary errors, and model-route rollback.

When we avoid it

Azure is not automatically the right choice because the client uses Microsoft 365. If the workflow does not depend on Microsoft identity, document formats, tenant rules, or procurement paths, we keep the architecture portable and let the eval decide model and platform choices.

Related work

BidGenie's RFP and questionnaire workflows are the relevant pattern: Office-style document ingestion, reviewable drafts, SME approval, and export paths that match how enterprise buyers already work.