Platform: Azure

Managed Azure Operations for Government Microsoft Stacks

Decades of investment in SQL Server, ASP.NET, Active Directory, and Microsoft enterprise software. eWay operates that stack on Azure, properly. Not a re-platforming exercise.

Schedule an Architecture Review Explore Cloud Operations

Partner credentials and procurement vehicles

Microsoft Cloud Solution Provider (CSP)

Full Microsoft CSP status. We provision, manage, and license Microsoft cloud products including Azure, Microsoft 365, and other Microsoft enterprise software directly through our CSP agreement. One vendor for infrastructure and licensing.

SBA 8(a) · SBA Small Business

Certified for set-aside and direct-award procurement across federal, state, and local government acquisitions.

Your Microsoft investment is an asset, not a liability

We are not here to migrate you away from Microsoft.We are here to operate it properly.

Government agencies have made decades of investment in the Microsoft stack. The problem is not the stack. The problem is where and how it is operated. eWay moves your Microsoft investment to Azure and then operates it. SQL Server stays SQL Server. Your stack evolves at your pace, on your timeline, without forced re-platforming.

Microsoft workloads we operate on Azure

SQL Server on Azure Virtual Machines and Azure SQL Managed Instance
ASP.NET and .NET applications on Azure App Service and IIS-based VMs
SSRS (SQL Server Reporting Services) reporting infrastructure
SSIS (SQL Server Integration Services) data integration and ETL pipelines
Microsoft Dynamics on Azure infrastructure
Active Directory and Entra ID hybrid identity environments
Windows Server workloads on Azure Virtual Machines

What “properly operated” means

Windows Server and SQL Server patching under defined SLAs. Not manual, not ad-hoc.
Azure Security Center and Defender for Cloud continuously monitoring your environment
Entra ID and Active Directory identity governance aligned to least-privilege principles
Backup validation and DR readiness checks on a scheduled cadence
Azure Monitor and Log Analytics centralized observability across all workloads
Cost optimization reviews: Reserved Instances, Azure Hybrid Benefit, rightsizing
Change control through Azure DevOps pipelines with approval gates
A dedicated project manager as your single point of contact

Full-stack ownership

Most Azure partners stop at infrastructure.We operate every layer above it.

eWay's managed Azure engagement is not scoped to infrastructure alone. We operate the full stack: network and compute, database, application runtime, identity, security controls, DevOps pipelines, and CMS platforms. Each layer is staffed by Microsoft-certified engineers across Azure infrastructure, DevOps, security, and identity, under one engagement with defined SLAs.

Infrastructure layer

Azure Virtual Network, subnets, NSGs, and route table management
Azure Virtual Machines for Windows Server and Linux, all sizes
Azure Virtual Machine Scale Sets for elastic compute
Azure Load Balancer and Application Gateway
Azure DNS zone management and record configuration
ExpressRoute and VPN Gateway for hybrid connectivity
Azure CDN and Front Door for global edge delivery

Database layer

SQL Server on Azure VMs with full engine control. SSRS and SSIS support.
Azure SQL Database and SQL Managed Instance
Azure Database for MySQL and PostgreSQL
SQL Server Always On Availability Groups and geo-replication
Azure Backup for SQL Server workloads
Database performance monitoring and query tuning

Security and identity layer

Entra ID (Azure AD) configuration, hybrid identity, and SSO
Active Directory domain services and DNS integration
Azure RBAC policy design and least-privilege enforcement
Microsoft Defender for Cloud continuous posture management
Azure Firewall and Web Application Firewall (WAF)
DDoS Protection Standard for public-facing workloads
Azure Key Vault secrets and certificate lifecycle management
Microsoft Sentinel SIEM for log aggregation and threat detection

Operations and DevOps layer

Azure Monitor, Log Analytics, and Application Insights
Azure Automation for patch management and runbook execution
ARM templates and Bicep IaC
Azure DevOps: Repos, Pipelines, and Boards for CI/CD and project management
Azure Backup and Site Recovery for DR management
Azure Cost Management and Advisor for FinOps reviews
Azure Policy for governance guardrails and compliance enforcement

Infrastructure, security, identity, DevOps, and CMS application layer. Microsoft licensing included through our CSP agreement. One engagement. One SLA. One accountable team.

Scope honesty

What we operate, what we integrate with, what stays yours

Full-stack ownership has clear edges. Here is what eWay operates inside an Azure managed engagement, what we integrate with on your behalf, and what remains in your organization's hands.

What we operate

Azure infrastructure: VNet, VMs, Azure SQL, Storage, Front Door
Microsoft enterprise stack: SQL Server, ASP.NET, Windows Server, SSRS and SSIS
Identity: Entra ID, Active Directory hybrid, Azure RBAC
Security controls: Defender for Cloud, WAF, Key Vault, Sentinel
DevOps and CI/CD: Azure DevOps pipelines, IaC, automated deployments
24/7 monitoring, incident response, and patch management under SLA

What we integrate with

SSO and identity: SAML, OIDC, third-party identity systems
Hannon Hill Cascade CMS (the SaaS authoring platform)
Third-party plugins, modules, and CMS extensions
Microsoft Dynamics, CRM, SIS, ERP, and payment gateway integrations
Microsoft 365 and Power Platform tooling alongside Azure infrastructure

What stays yours

Content authoring, editorial governance, and publishing decisions
Business policy, data classification, and retention rules
End-user accounts, roles, and access decisions
Compliance attestation. We align infrastructure to CJIS, FERPA, HIPAA, NIST, FedRAMP, and StateRAMP-aligned controls. Your organization attests.
Strategic platform direction and content roadmap

Primary practice: Managed WebOps on Azure

Drupal, WordPress, and Cascade.Operated on Azure infrastructure you own.

Many government agencies run their public-facing digital platforms on Azure alongside their internal Microsoft stack, keeping their infrastructure footprint consolidated under one cloud provider. eWay operates the full WebOps stack on Azure under one managed engagement.

Drupal on Azure

The platform powering more than 55% of U.S. federal government websites. Multi-site architectures for 50+ department sub-sites, RBAC integrated with Entra ID and Active Directory via SAML and LDAP, multilingual with translation workflows, content governance with editorial approval chains, WCAG 2.1 AA as a continuous compliance discipline, and Azure Cognitive Search or OpenSearch for citizen-facing search.

Learn about our Drupal practice →

WordPress on Azure

Enterprise-scale WordPress operations on Azure infrastructure. Plugin and core patching under SLA, custom plugin development, multisite networks, SSO and RBAC integrated with Entra ID, Azure Blob Storage for media offloading, Azure CDN for edge delivery, Redis Cache for object caching, and database query optimization.

Learn about our WordPress practice →

Cascade on Azure

Hannon Hill operates the Cascade CMS authoring platform. eWay operates the Azure infrastructure that receives published output: production hosting on Azure VMs, Azure CDN configuration, DNS management via Azure DNS, and SSO and identity integrations connecting Cascade to your Entra ID and Active Directory environment.

Learn about our Cascade practice →

Secondary practice: Migration and onboarding

From on-premises or legacy hosting to managed Azure operations

Most government agencies migrating to Azure are moving from aging on-premises Windows Server infrastructure, a legacy hosting arrangement, or an Azure deployment that was set up by a project team and never handed to a managed operations partner. Our five-phase process eliminates risk at every transition point.

Phase 1

Discovery and Architecture Review

Current environment assessment: on-premises, hybrid, or existing Azure
Security and DR gap analysis against Azure landing zone standards
Microsoft licensing audit and CSP transition planning
Performance baseline establishment and SOW sign-off

Phase 2

Environment Build

Engagement kick-off with dedicated project manager
Azure architecture design using ARM templates or Bicep IaC
Azure landing zone configuration: management groups, policies, RBAC
Staging environment provisioning and client sign-off

Phase 3

Migration and Validation

Azure Migrate for server assessment and lift-and-shift execution
Azure Database Migration Service for SQL Server, MySQL, and PostgreSQL
Active Directory and Entra ID hybrid identity configuration
Configuration consistency validated across Dev/Test/Staging/Prod

Phase 4

Go-Live

Controlled DNS cutover via Azure DNS
Security checkpoint: Defender for Cloud baseline assessment
Post-launch performance optimization and monitoring validation
Migration close and formal transition to managed operations

Phase 5

Ongoing Managed Operations

24/7 monitoring via Azure Monitor
Patch management through Azure Automation
Cost optimization reviews using Azure Advisor and Cost Management
Monthly operational reporting and proactive governance

Security architecture

Layered security across the shared responsibility model

Microsoft secures the physical Azure infrastructure. Everything above the hypervisor is your responsibility, or ours. eWay's security practice covers every layer, including alignment with CJIS, FERPA, HIPAA, NIST 800-53, and FedRAMP/StateRAMP-aligned controls.

Web Application Firewall

Azure WAF with OWASP Core Rule Set, tuned per application and traffic pattern
Custom rules aligned to government and institutional workload patterns
WAF deployed at Azure Front Door and Application Gateway tiers
CMS-specific rulesets for Drupal, WordPress, and Cascade environments

Threat detection and DDoS

Microsoft Defender for Cloud continuous security posture assessment
Microsoft Sentinel SIEM for log aggregation, threat correlation, and alerting
Azure DDoS Protection Standard for public-facing workloads
Incident response procedures with defined SLAs and escalation paths

Data encryption

Azure Storage Service Encryption (AES-256) at rest for all storage accounts
Transparent Data Encryption (TDE) for SQL Server and Azure SQL databases
TLS 1.2+ in transit enforced at load balancer and Front Door/CDN layers
Azure Key Vault for secrets management, certificate lifecycle, and key rotation

Identity, access, and network

Entra ID (Azure AD): hybrid identity, Conditional Access, MFA enforcement
Active Directory domain services integration and DNS management
Azure RBAC with least-privilege role assignments across subscriptions
Privileged Identity Management (PIM) for just-in-time access
Network Security Groups and Azure Firewall for network segmentation

Vulnerability management

Microsoft Defender for Servers: vulnerability assessment integrated into Defender for Cloud
Azure Automation Patch Management for Windows and Linux OS patching
SQL Server and Windows Server security update management under SLA
Penetration testing coordination and remediation support

Monitoring, logging, and audit

Azure Monitor with custom dashboards, metrics, and alert rules
Azure Activity Log and Diagnostic Settings for audit trail management
Log Analytics workspace with immutable log retention policies
Monthly security review reports and incident and SLA summaries

Microsoft licensing

Licensing through our CSP agreement.Procurement simplified, optimization continuous.

As a Microsoft Cloud Solution Provider, eWay provisions and manages Microsoft product licensing directly. Azure subscriptions, Windows Server, SQL Server, Visual Studio subscriptions, and other Microsoft enterprise software. One vendor for infrastructure operations and software licensing.

Licensing we provision

Azure subscriptions: commercial
Windows Server: Standard and Datacenter
SQL Server: Standard, Developer, and Enterprise
Visual Studio subscriptions for development and DevOps toolchain
Microsoft 365 as needed for project and communication tooling
Other Microsoft enterprise software as required by engagement

Azure Hybrid Benefit

Government agencies with existing Windows Server and SQL Server licenses covered by Software Assurance can apply Azure Hybrid Benefit, significantly reducing the cost of running those workloads on Azure VMs. As your CSP partner, we actively manage Azure Hybrid Benefit eligibility and application across your environment, ensuring you are not paying Azure pay-as-you-go rates for licenses you already own.

Reserved Instances and savings

Azure Reserved VM Instances and SQL Reserved Capacity provide significant discounts (typically 40 to 72 percent versus pay-as-you-go pricing) for predictable workloads with known compute requirements. As part of our monthly FinOps governance review, we identify Reserved Instance opportunities across your environment and advise on reservation terms aligned to your budget cycles.

Frequently Asked Questions

Common questions about our Azure managed practice

We already have SQL Server, ASP.NET applications, and Active Directory. Do we have to re-platform to move to Azure?

No — and that's one of the core reasons government agencies choose Azure over other cloud providers. SQL Server runs natively on Azure Virtual Machines with full engine compatibility, or in Azure SQL Managed Instance for near-100% SQL Server engine parity. ASP.NET applications run on Azure App Service or IIS-configured VMs without code changes. Active Directory integrates with Entra ID through hybrid identity configuration — your on-premises AD forest stays authoritative while Entra ID provides cloud identity services. SSRS and SSIS run on SQL Server VMs. Your stack evolves at your pace, on your timeline, without forced re-platforming.

What is Azure for Government and do we need it?

Azure Government is a physically separated set of Azure regions accessible only to US government entities and their partners — operated by screened US citizens, isolated from commercial Azure infrastructure. It provides the same Azure services within an environment that meets FedRAMP High, DoD IL2, CJIS, IRS 1075, HIPAA, and ITAR compliance requirements. State and local government agencies handling criminal justice data, federal tax information, or other controlled unclassified information typically require Azure Government. Municipal websites, public portals, and non-sensitive workloads can often run in commercial Azure regions. We assess your compliance requirements in Phase 1 discovery and recommend the appropriate Azure environment for each workload.

How does Microsoft licensing work through your CSP agreement?

As a Microsoft CSP, we provision Azure subscriptions and Microsoft product licenses directly — your Azure consumption and Microsoft software licensing flows through our CSP agreement rather than a separate Microsoft EA or MPSA contract. For agencies already on an EA, we work with your Microsoft licensing team to assess whether CSP consolidation makes sense for your procurement structure. For agencies without an existing Microsoft volume licensing arrangement, CSP through eWay is often the simplest procurement path for both Azure and Microsoft software.

How do we procure eWay services as a government agency?

We support multiple procurement paths. Direct engagement is available with standard government contract documentation. We are available through Carahsoft using their established government contract vehicles. Our SBA 8(a), MBE, DBE, and SBA Small Business certifications support set-aside and direct-award procurement. Contact us and we will identify the fastest procurement path for your organization's specific requirements and timeline.

Can you manage our Azure costs — not just our infrastructure?

Yes. FinOps is a standing component of every managed engagement. Our monthly governance cycle includes an Azure cost optimization review: Reserved Instance opportunities, Azure Hybrid Benefit application for existing Windows Server and SQL Server licenses, VM and database rightsizing, idle resource elimination, and storage tier optimization. Azure Hybrid Benefit alone can reduce Windows Server and SQL Server VM costs by up to 40% for agencies with existing Software Assurance coverage — and it is one of the most consistently overlooked savings opportunities in government Azure environments.

Your Microsoft stack belongs on Azure. Properly operated.

Full-stack managed Azure operations for government. Licensing included.

Schedule an Architecture Review with our Azure team. We will assess your current environment, identify gaps in your security and operational coverage, review your Microsoft licensing position, and outline what a full-stack managed Azure engagement looks like for your organization.