What Is Azure? A Practitioner's Guide to Microsoft's Cloud
You're building something. Maybe it's a data pipeline. Maybe an AI system that needs to scale. And someone says "just use Azure." But what is Azure? Really?
I'm Nishaant Dixit. At SIVARO, I've spent years designing production systems on cloud infrastructure. We've run benchmarks, hit limits, recovered from failures, and learned the hard way what works. This guide is what I wish someone had handed me in 2018 when I first started deploying on Azure.
Azure is Microsoft's public cloud computing platform. Launched in February 2010, it competes directly with AWS (2006) and Google Cloud (2008). But calling it "Microsoft's AWS" misses the point. Azure is different. Sometimes better. Sometimes infuriating. Always opinionated.
Here's what we'll cover: what Azure actually is under the hood, where it shines (and where it doesn't), how to think about its core services, and concrete examples you can use today. No fluff. No vendor cheerleading.
The Architecture That Makes Azure Different
Most people think cloud platforms are the same. They're wrong.
Azure's fundamental architecture traces back to Windows Server and Hyper-V. That matters. Microsoft built Azure as an extension of their existing enterprise stack, not a clean-slate reinvention like AWS. This has real consequences.
The hypervisor layer. Azure runs on a custom hypervisor based on Hyper-V. But it's not your on-prem Hyper-V. Microsoft modified it heavily for multi-tenant isolation and performance. Every VM you spin up is actually running on a "host" node managed by the Fabric Controller — Azure's orchestration brain.
Fabric Controller architecture. This is Azure's secret sauce. The Fabric Controller manages all physical servers, networks, and storage. It decides where your VM lands, monitors health, and migrates VMs when hardware fails. Think of it as a distributed OS for the datacenter. When you click "deploy," the Fabric Controller finds available resources within milliseconds.
Availability Sets vs. Availability Zones. Here's where things get real. An Availability Set spreads VMs across multiple fault domains (different racks, power sources, network switches) and update domains (different maintenance windows). But they share the same datacenter.
Availability Zones are different. These are physically separate datacenters within a region — each with independent power, cooling, and networking. Since 2021, Microsoft has been pushing Zones hard. But here's the catch: not all Azure regions support Availability Zones. We got burned on this in 2022 when deploying to a newer region that only had single-datacenter support.
The network spine. Azure's backbone network connects over 160 physical datacenters across 60+ regions. Microsoft uses their own fiber optic network with software-defined networking (SDN) running on SONiC — their open-source network OS. They claim 99.995% availability on the backbone. I've seen it hold up during major events, but regional DNS failures have caused us downtime twice.
Core Compute Services: What You Actually Use
Virtual Machines. This is where most people start. Azure VMs run Windows or Linux on Hyper-V. You choose from hundreds of VM sizes — from B-series burstable instances (cheap, good for dev) to M-series memory-optimized monsters with 12 TB RAM.
We tested Azure VMs against AWS EC2 for a real-time processing workload in 2023. For the same spec (16 vCPU, 64 GB RAM), Azure's D4s v5 instances were about 8% cheaper per hour. But AWS had better networking throughput for scale-out workloads. Trade-offs everywhere.
App Service. PaaS for web apps. You upload code, Azure handles the server. Supports .NET, Java, Node.js, Python, PHP. We use this for internal dashboard apps. Works fine until you hit memory limits on the shared tier — then it's a nightmare to debug.
Azure Kubernetes Service (AKS). Managed Kubernetes. What is Azure's take on containers? It's K8s with Azure-specific add-ons. We moved our microservices to AKS in 2023. The control plane is free — you only pay for worker nodes. The Azure CNI plugin for networking works better than Flannel but requires more IP planning. The trick: use Azure Monitor for containers to track pod CPU/memory. Without it, you're blind.
Azure Functions. Serverless compute. Runs on demand. Triggers from HTTP, queues, blobs, timers. We still use Functions for event-driven ETL jobs. Cold start latency is 200-500ms for consumption plan, 50ms for premium plan. If you need under 10ms, don't use serverless.
python
# Example Azure Function with blob trigger
import azure.functions as func
import logging
def main(myblob: func.InputStream):
logging.info(f"Processing blob: {myblob.name}, size: {myblob.length} bytes")
# Process data here
content = myblob.read()
# Output to another blob or queue
Storage: Where Azure Actually Dominates
Azure Blob Storage is underrated. It's object storage like S3, but with some differences that matter.
The storage hierarchy. Hot, Cool, Cold, Archive. Hot is for frequent access. Cool is for data accessed once a month. Cold is for quarterly access. Archive means you're okay waiting hours for retrieval. We archive old logs to Cool tier — costs $0.01/GB/month instead of $0.018 for Hot.
Redundancy options. LRS (local), ZRS (zone), GRS (geo), RA-GRS (geo with read access). Most people pick LRS. Bad idea. LRS means three copies inside one datacenter. If that datacenter goes down, you're done. We use ZRS for production data — three copies across three availability zones. Costs 20% more but worth it.
Azure Files. Managed file shares accessible via SMB. Works with Windows VMs natively. We use this for shared configuration files. Maximum 100 TB per share with premium tier.
Networking: The Part Everyone Gets Wrong
Azure networking is powerful but punishing if you misconfigure.
Virtual Networks (VNets). Your isolated network in Azure. Subnets, IP ranges, routing tables. You define everything. The mistake people make? Creating VNets too small. We learned this the hard way when we needed to add peered networks and ran out of IP space. Always allocate /16 (65,536 addresses) even if you think you only need /24 (256 addresses).
NSGs vs. Azure Firewall. Network Security Groups are simple stateful firewalls attached to subnets or NICs. Azure Firewall is a managed, fully stateful firewall with threat intelligence. We use NSGs for most internal traffic and Azure Firewall for perimeter defense. The Firewall costs about $1.10/hour — don't use it for low-traffic hobby projects.
Load Balancers. Three types: Basic (free, no SLA), Standard (LB as a service), Application Gateway (L7 load balancer with WAF). We use Standard for internal services and App Gateway for external HTTPS traffic. The WAF saved us from a SQL injection attack in 2022 — blocked 4,000 malicious requests in one hour.
VPN Gateway. Site-to-site VPN. $0.05/hour per connection. We connect our on-prem data center to Azure through this. Max throughput is 1.25 Gbps on VpnGw1. If you need more, use ExpressRoute.
Databases: The Hidden Cost Trap
Azure offers managed databases for everything. They're good. They're expensive.
Azure SQL Database. Managed SQL Server. No patching. Automated backups. Built-in high availability. We moved our production PostgreSQL database here for compliance reasons. The serverless tier in Azure SQL Database automatically pauses when idle — we saw 60% cost reduction compared to provisioned tier.
sql
-- Query to check DTU usage in Azure SQL Database
SELECT
end_time,
avg_cpu_percent,
avg_data_io_percent,
avg_log_write_percent
FROM sys.dm_db_resource_stats
ORDER BY end_time DESC;
Azure Cosmos DB. NoSQL database with multi-region writes. Supports Cassandra, MongoDB, Gremlin, Table APIs. Good for globally distributed apps. But the pricing model is brutal — you provision Request Units (RU/s) and pay even if you don't use them. We had a project burn $12,000/month because someone set max RU/s too high. Always use autoscale.
Azure Database for PostgreSQL. Managed Postgres with automatic backups and high availability. Supports pgvector for AI embeddings. We run our recommendation engine on this with Hyperscale (Citus) for sharding.
Azure Redis Cache. Managed Redis. Fast. Simple. We use it for session state and API caching. Use the Premium tier for data persistence and clustering.
AI and Machine Learning: Why I Care About This
Azure's AI services are where the platform has pulled ahead.
Azure Machine Learning. A complete ML lifecycle platform. You can train models on GPU clusters, deploy endpoints, and monitor drift. We built a fraud detection system using Azure ML in 2023. The automated ML feature found a gradient boosting model that outperformed our hand-tuned neural network by 3.2%.
python
# Deploying a model to Azure ML endpoint
from azureml.core import Workspace, Model, Environment
from azureml.core.model import InferenceConfig
ws = Workspace.from_config()
model = Model.register(ws, model_path="model.pkl", model_name="fraud_detector")
env = Environment(name="deploy-env")
env.docker.base_image = "mcr.microsoft.com/azureml/openmpi4.1.0-ubuntu20.04"
inference_config = InferenceConfig(
entry_script="score.py",
environment=env
)
deployment_config = AciWebservice.deploy_configuration(
cpu_cores=2, memory_gb=8
)
service = Model.deploy(
workspace=ws,
name="fraud-detector-svc",
models=[model],
inference_config=inference_config,
deployment_config=deployment_config
)
service.wait_for_deployment(show_output=True)
Azure OpenAI Service. Access to GPT-4, GPT-3.5, DALL-E, and embedding models through Azure's infrastructure. This is the only way enterprises can use OpenAI models with guaranteed data privacy (no data sent to OpenAI). We've deployed three production chatbots on this. The key difference from direct OpenAI API: rate limits are higher on Azure, but you pay per token (about $0.03/1K tokens for GPT-4).
Cognitive Services. Pre-built AI APIs: vision, speech, language, decision. Face detection, OCR, translation, sentiment analysis. We used the Document Intelligence service to automate invoice processing — 94% accuracy on handwritten fields.
Identity and Security: The Microsoft Advantage
Azure Active Directory (Azure AD). Identity and access management. Not just for Microsoft apps. You can authenticate users for any application. 2FA, conditional access, device management. We use Azure AD with SAML 2.0 for our internal tools. The free tier supports 500,000 objects — we haven't needed paid yet.
Managed Identities. Instead of storing API keys in code, assign an identity to your Azure resource. The identity authenticates automatically. We use this for all Azure-to-Azure communication. No secrets. No rotation headaches.
Key Vault. Store secrets, certificates, encryption keys. Combined with Managed Identities, this eliminates hardcoded credentials entirely. We had 3 security incidents in 2021 before Key Vault. Zero since.
Azure Policy. Define rules for resource configurations. "All storage accounts must use HTTPS." "VMs must come from allowed sizes." We enforce policies across 4 subscriptions. Non-compliant resources get flagged (or denied) automatically.
Cost Management: What Nobody Tells You
Azure pricing is complicated. Intentionally so, I think.
The calculator trap. The Azure Pricing Calculator gives you estimates. They're wrong. Overhead costs (data transfer, storage operations, load balancer hours) can add 30-50% to your bill.
Reserved Instances. Commit to 1 or 3 years, save up to 72%. We reserve 70% of our compute capacity. The other 30% runs on spot instances (up to 90% discount, but can be preempted).
Cost alerts. Set them up. We have alerts at $100, $500, $1000, and $5000. Saved us from a $20,000 bill when a dev environment ran at peak capacity for two days.
Azure Budgets. Monthly spending targets. Automatic actions when exceeded. We use budgets to shut down dev environments on weekends automatically.
The Real Trade-offs: Azure vs. AWS vs. GCP
I've run production workloads on all three. Here's my honest take.
Where Azure wins:
- Enterprise integration. If your company uses Office 365, Dynamics 365, or Active Directory, Azure is the path of least resistance.
- Hybrid cloud. Azure Arc extends management to on-prem and other clouds. We manage 50 on-prem servers through Azure Arc.
- AI/ML services. Azure OpenAI with private networking and compliance beats anything from AWS and GCP.
- Windows workloads. Azure supports Windows better. SQL Server on Azure? Yes.
Where Azure loses:
- Documentation. It's inconsistent. Some services have great docs, others look like they were written by interns.
- UI complexity. The Azure portal has too many menus. AWS is cleaner. GCP is cleanest.
- Networking simplicity. Azure Virtual Networks require more planning than AWS VPCs.
- Kubernetes features. AKS lags behind EKS and GKE in add-ons and performance.
Where it's tied:
- Compute costs. Roughly equivalent when you factor in everything.
- Storage. Blob vs. S3 is a tie. Both work well.
- Support. Microsoft support is better than AWS, worse than GCP (for enterprise).
The Future of Azure
Microsoft is betting everything on AI. Azure's roadmap for 2024-2025 is all about:
- AI infrastructure (more GPU clusters, custom silicon like Maia 100)
- Edge AI (Azure IoT + AI at the edge)
- Sovereign clouds (regional deployment options for compliance)
- Copilot integration (AI for managing Azure itself)
The Copilot for Azure (currently in preview) can answer questions, create resources, and even troubleshoot issues. I've tested it. It's useful for basic tasks but hallucinates on complex networking scenarios. Still early.
Common Mistakes and How to Avoid Them
Mistake 1: Over-provisioning. We had a VM running 24/7 costing $500/month. We needed it 2 hours per day. Switched to dev/test pricing: $80/month.
Mistake 2: Ignoring region limitations. South Central US doesn't have Availability Zones. We deployed everything there and regretted it during a power outage.
Mistake 3: Not using tags. Every resource should have tags: Environment, Owner, CostCenter, Project. We implemented tagging retroactively on 2,000 resources. Don't do this.
Mistake 4: Default networking. Azure defaults to open. Your VM is publicly accessible by default. Lock it down immediately.
Mistake 5: Procrastinating governance. Set up subscriptions, management groups, and RBAC on day one. Changing these later is a political nightmare.
FAQ: What Is Azure?
Q: What exactly is Azure?
A: Azure is Microsoft's public cloud computing platform. It offers over 200 services including compute, storage, networking, databases, AI, and IoT. You pay for what you use. It runs in Microsoft's datacenters globally.
Q: Is Azure just for Windows apps?
A: No. 60% of Azure VMs run Linux. Most of our production systems run on Ubuntu. Azure supports .NET, Java, Python, Node.js, Go, and more.
Q: How does Azure pricing work?
A: Pay-as-you-go based on usage. Compute is billed per second (or per hour for some services). Storage by GB/month. Data transfer costs extra. Reserved instances save money for committed usage.
Q: What is Azure used for in real companies?
A: Hosting websites, running enterprise apps (SAP, Oracle), data analytics, AI/ML pipelines, backup/disaster recovery, IoT, and connecting on-prem to cloud (hybrid).
Q: How secure is Azure?
A: Azure complies with 90+ compliance certifications (ISO 27001, SOC 2, HIPAA, FedRAMP). The physical datacenters are heavily guarded. But security is a shared responsibility — Microsoft secures the cloud, you secure what you put in it.
Q: What is Azure's biggest competitor?
A: AWS. Amazon Web Services is the market leader (32% share vs. Azure's 23% as of Q4 2023 per Synergy Research). Google Cloud is third at 11%.
Q: Can I use Azure for free?
A: Yes. Free tier includes 12 months of popular services, always-free services (like Azure Functions with 1 million requests/month), and $200 credit for the first month.
Q: What is Azure DevOps?
A: A set of development tools: Azure Repos (Git), Azure Pipelines (CI/CD), Azure Boards (project management), Azure Artifacts (package management). It's not the same as the Azure cloud platform, but they integrate.
Nishaant Dixit — Founder of SIVARO. Building data infrastructure and production AI systems since 2018. Built systems processing 200K events/sec.