Skip to main content

Overview

The azure-research command performs Azure-specific technology research using the Microsoft Learn MCP server to match project requirements to Azure services, architecture patterns, Well-Architected Framework guidance, Security Benchmark controls, and UK Government compliance.

Usage

arckit azure-research "<topic or use case, e.g. 'Azure API Management', 'Entra ID'>"

How It Works

This command delegates to the arckit-azure-research agent which runs as an autonomous subprocess. The agent makes 15-30+ MCP calls to gather authoritative Azure documentation:
  1. Reads project requirements - Extracts Azure service needs from functional/non-functional requirements
  2. Identifies Azure categories - Compute, data, integration, security, AI/ML, networking
  3. Uses MCP tools to research each category:
    • microsoft_docs_search - Find relevant Azure services and patterns
    • microsoft_docs_fetch - Extract detailed service documentation
    • microsoft_code_sample_search - Find Azure code examples
  4. Well-Architected assessment - Maps to 5 pillars (Reliability, Security, Cost, Operational Excellence, Performance)
  5. Security Benchmark mapping - Identifies Microsoft Cloud Security Benchmark controls
  6. UK Government compliance - G-Cloud, data residency (UK South/West), NCSC alignment
  7. Cost estimation - Monthly Azure costs with optimization strategies
  8. Generates architecture diagram - Mermaid diagram of Azure services
  9. Writes research document - Saves to projects/{project}/research/ARC-{PROJECT_ID}-AZRS-v1.0.md

Microsoft Learn MCP Server

The research agent uses the Microsoft Learn MCP server for authoritative Azure data:

MCP Tools Used

microsoft_docs_search
  • Searches Microsoft Learn documentation for Azure services
  • Example: “Azure container hosting options”
  • Returns: Container Apps, AKS, Container Instances docs
microsoft_docs_fetch
  • Fetches detailed Azure service documentation
  • Example: Read Azure Functions pricing, limits, features
  • Returns: Full service specifications
microsoft_code_sample_search
  • Finds Azure code samples and quickstarts
  • Example: “Azure Key Vault C# example”
  • Returns: Official code samples from Microsoft

Standalone Mode (Without MCP)

If MCP tools are unavailable, the agent falls back to:
  • WebSearch with site:learn.microsoft.com
  • WebFetch on Azure documentation URLs
  • Manual architecture pattern extraction

Output

The command generates:

Azure Research Document

projects/{project}/research/ARC-{PROJECT_ID}-AZRS-v1.0.md containing:
  • Azure services recommended per category (compute, data, integration, security, AI/ML)
  • Architecture pattern and reference from Azure Architecture Center
  • Well-Architected assessment - Alignment to 5 pillars
  • Security alignment - Security Benchmark controls, compliance
  • UK Government suitability - G-Cloud status, UK South/West availability, data classification
  • Estimated monthly cost - With Reserved Instances, Azure Hybrid Benefit, Spot VM optimization
  • Mermaid architecture diagram - Visual representation of Azure services
  • Next steps - Recommended follow-up commands

Summary

The agent returns a concise summary including:
  • Azure services by category
  • Architecture pattern name
  • Security and compliance status
  • UK Government suitability assessment
  • Estimated monthly cost range

Azure Service Categories

Compute

  • Azure Functions - Serverless functions
  • Azure Container Apps - Serverless containers
  • Azure Virtual Machines - IaaS compute
  • Azure Kubernetes Service (AKS) - Kubernetes
  • Azure App Service - Web apps and APIs

Data

  • Azure SQL Database - Managed SQL database
  • Azure Cosmos DB - NoSQL database (multi-model)
  • Azure Blob Storage - Object storage
  • Azure Synapse Analytics - Data warehouse
  • Azure PostgreSQL - Managed PostgreSQL

Integration

  • Azure API Management - API gateway
  • Azure Event Grid - Event routing
  • Azure Logic Apps - Workflow orchestration
  • Azure Service Bus - Enterprise messaging
  • Azure Event Hubs - Big data streaming

Security

  • Microsoft Entra ID - Identity and access (formerly Azure AD)
  • Azure Key Vault - Secrets and key management
  • Azure DDoS Protection - Network protection
  • Microsoft Defender for Cloud - Security posture management
  • Azure Private Link - Private connectivity

AI/ML

  • Azure OpenAI Service - GPT-4, DALL-E, Whisper
  • Azure Machine Learning - ML platform
  • Azure AI Document Intelligence - Document analysis (formerly Form Recognizer)
  • Azure AI Language - NLP services
  • Azure AI Vision - Image and video analysis

Well-Architected Framework Assessment

The research document maps Azure services to the 5 pillars:

1. Reliability

  • Availability Zones and regions
  • Auto-scaling and load balancing
  • Backup and disaster recovery
  • Health monitoring and failover

2. Security

  • Encryption at rest and in transit
  • Managed identities (no passwords)
  • Security Benchmark compliance
  • DDoS and WAF protection

3. Cost Optimization

  • Reserved Instances (1 or 3 year)
  • Azure Hybrid Benefit (license reuse)
  • Spot VMs for batch workloads
  • Azure Cost Management + Billing

4. Operational Excellence

  • Infrastructure as Code (Bicep, ARM templates)
  • Monitoring (Application Insights, Monitor)
  • CI/CD (Azure DevOps, GitHub Actions)
  • Azure Advisor recommendations

5. Performance Efficiency

  • Right-sizing VMs and databases
  • CDN (Azure Front Door)
  • Caching (Azure Cache for Redis)
  • Serverless where appropriate

UK Government Compliance

For UK Government projects, the research includes:

G-Cloud Framework

  • Microsoft Azure is on Digital Marketplace G-Cloud
  • Can procure Azure services via G-Cloud
  • Supports OFFICIAL and OFFICIAL-SENSITIVE classifications

Data Residency

  • UK South (London) - Primary UK region
  • UK West (Cardiff) - Secondary UK region
  • Data sovereignty compliance
  • Brexit-aligned service agreements

NCSC Alignment

  • Cloud Security Principles compliance
  • Cyber Essentials Plus certified
  • IL3 (Impact Level 3) hosting available

Technology Code of Practice

  • Point 5 (Cloud First) - Azure as cloud provider
  • Point 6 (Make things secure) - Microsoft Defender, encryption
  • Point 11 (Choose the right tools) - G-Cloud procurement

Cost Estimation Example

### Estimated Monthly Azure Cost

| Service | Specification | Monthly Cost | Optimization |
|---------|--------------|--------------|-------------|
| App Service (P1v3) | 2 instances, UK South | £140 | Reserved Instance (-33%) |
| Azure SQL Database | S3 tier, geo-redundant | £120 | Reserved Instance (-38%) |
| Azure Functions | 10M executions, Consumption | £12 | - |
| Blob Storage | 500GB hot tier | £9 | Cool tier for archive |
| API Management | Consumption tier | £3 per M calls | - |
| Application Insights | 5GB ingestion | £10 | Sampling configured |
| **Total (On-Demand)** | | **£294/month** | |
| **Total (Optimized)** | | **£185/month** | **-37% savings** |

Architecture Pattern Examples

Three-Tier Web Application

Azure Front Door → App Service → Azure SQL Database

        WAF + DDoS Protection

Serverless API

API Management → Azure Functions → Cosmos DB

        Entra ID (Auth)

Data Pipeline

Blob Storage → Event Grid → Logic Apps → Synapse Analytics

                                  Azure Data Factory

Integration with Other Commands

Input from:
  • requirements - Requires ARC-*-REQ-*.md
  • data - Uses data model for database selection
Output to:
  • diagram - Creates Azure-specific architecture diagrams
  • secure - Validates against Secure by Design principles
  • devops - Designs Azure DevOps pipeline
  • finops - Creates Azure cost management strategy

Examples

Example 1: Serverless API Research

arckit azure-research "serverless REST API for citizen services"
Researches:
  • API Management vs Azure Front Door
  • Azure Functions (consumption vs premium)
  • Cosmos DB vs Azure SQL serverless
  • Entra ID B2C for citizen authentication
  • Cost comparison vs App Service approach

Example 2: Data Platform Research

arckit azure-research "healthcare data analytics platform"
Researches:
  • Azure Data Lake Storage Gen2
  • Azure Data Factory for ETL
  • Synapse Analytics vs Azure SQL
  • Power BI for visualization
  • HITRUST compliance (healthcare)
  • IL3 hosting for NHS data (OFFICIAL-SENSITIVE)

Example 3: AI/ML Research

arckit azure-research "document processing using GPT-4"
Researches:
  • Azure OpenAI Service (GPT-4, GPT-4 Turbo)
  • AI Document Intelligence for extraction
  • Azure Machine Learning for custom models
  • UK South availability (OpenAI limited in UK)
  • AI Playbook compliance (if HIGH-RISK AI)
  • Content filtering and responsible AI controls

Resources

Next Steps

After completing Azure research:
  1. Create Architecture Diagram - arckit diagram with Azure services
  2. Security Review - arckit secure to validate against Secure by Design
  3. CI/CD Design - arckit devops for Azure DevOps pipeline
  4. Cost Management - arckit finops for Azure cost optimization strategy
  5. ADR - arckit adr to record Azure service selection decisions
  • research - Generic technology research with build vs buy
  • aws-research - AWS-specific research using MCP
  • diagram - Azure architecture diagrams
  • devops - Azure DevOps pipeline
  • finops - Azure cost management
  • adr - Architecture decision records

Build docs developers (and LLMs) love

Get started for freeTalk to us