Microsoft Cloud · Identity & Cloud Foundation
As a Microsoft Azure Partner we build Entra ID as the identity layer that holds everything together — Microsoft 365, Dynamics 365, Azure, external SaaS, custom apps — together with Azure as the cloud foundation for everything that doesn't fit into the ready-made Microsoft applications. arades GmbH delivers both as a coherent architecture with a clear eye on GDPR, EU cloud sovereignty, and Conditional Access as a pragmatic Zero Trust implementation.
Microsoft Entra ID
Anyone using Microsoft 365 already has Entra ID — even if they don't know it yet. Whoever doesn't think about the tenant configuration in Microsoft 365 systematically through Entra ID battles chronic symptoms: guest accounts that aren't removed; duplicate access; MFA gaps; audit findings nobody can reproduce. We make the Entra ID architecture visible — and tangible.
Entra ID as the central identity provider — SSO for Microsoft 365, Dynamics 365, SaaS apps (Salesforce, ServiceNow, Workday, …), custom apps via OIDC/SAML. Reduces password fatigue, simplifies onboarding and offboarding.
Conditional Access policies replace classic "MFA for everyone" — granular rules by risk signal (location, device, app, anomaly). Implemented pragmatically: risk-based where needed, frictionless where possible.
Zero Trust isn't a product but an architectural posture: "Never trust, always verify." We implement that pragmatically — with Conditional Access, Microsoft Defender, Intune compliance profiles, and Microsoft Entra Private Access for internal apps.
Activate privileged roles (Global Admin, Exchange Admin, Compliance Admin) just-in-time only, with approval flow and audit trail. Entra ID PIM does that without an external tool — we configure it to fit your size.
External guests cleanly organized: suppliers, partners, consultants — with lifecycle policies, access reviews, and sponsoring models. For customer portals: Microsoft Entra External ID (formerly Azure AD B2C) as a scalable customer identity solution.
Access reviews, entitlement management, lifecycle workflows — the Entra ID governance suite (P2 license) automates permission reviews and onboarding/offboarding workflows. A must for NIS2, ISO 27001, and GDPR compliance.
Microsoft Azure
Microsoft Dynamics 365 and Microsoft 365 are ready-made applications. Whatever you need beyond — custom workloads, data pipelines, container services, external interfaces, custom AI solutions — lives on Azure. We build Azure architectures pragmatically, with a clear eye on EU sovereignty and cost.
Custom applications on Azure App Service, Functions, or Container Apps — as extensions to Microsoft Dynamics 365 or Microsoft 365, as a standalone custom service, or as a backbone for Power Platform solutions. With CI/CD via Azure DevOps or GitHub Actions.
Data warehouse, lakehouse, or lean reporting pipelines: Microsoft Fabric as a unified stack, Azure Synapse for enterprise scale, Data Factory for ETL from heterogeneous sources. Output mostly via Power BI — hand in hand with our Power Platform practice.
Not every system may or wants to move to the cloud — Azure Arc brings cloud management to on-premises servers, ExpressRoute delivers dedicated bandwidth, Microsoft Entra Private Access replaces classic VPNs for Zero Trust access to internal apps.
Which Azure region for which data? EU Data Boundary for production data, German regions for sensitive workloads, Microsoft Cloud for Sovereignty for regulated industries. We pick regions and components so GDPR and Schrems II don't become a chronic source of headaches.
When you need what
Every Microsoft customer uses Microsoft Entra ID automatically — the question is only whether it's deliberately and cleanly configured. You need Azure only when the Microsoft standard isn't enough. Three typical situations where Azure enters:
You have Microsoft Dynamics 365 for CRM/ERP — but a specific feature doesn't fit the standard and is too big for Power Apps. Example: a custom field tracker with offline mode, or a complex pricing calculator with an ML model. That application runs on Azure App Service or Container Apps, authenticated via Entra ID against Dynamics 365 data.
You want to analyze data from Microsoft Dynamics 365, an ERP, an industry application, and an external logistics system together. Microsoft Fabric or Azure Synapse collects the data, Power BI visualizes. Entra ID controls who sees which reports.
Microsoft 365 Copilot and Copilot Studio cover a lot — but if you want to train your own ML model or work with a non-Microsoft LLM (Mistral, Anthropic Claude), that runs on Azure Machine Learning or Azure OpenAI Service with custom model deployment. With the right privacy boundaries — see Independent Engineering for the platform-independent variant.
45-min architecture conversation
45 minutes together: walk through your current tenant architecture, identify weaknesses, prioritize next steps. Whether you're just starting with Entra ID or planning an Azure migration — you get a concrete assessment.
Accompanying services
Engineering projects rarely stand alone — license logic, architecture clarification, quality gates, knowledge transfer, and follow-on operations usually run in parallel. Here are the most common accompanying services we add to Discovery Spikes, sprint fixed-price engagements, or Application Care contracts.
Up front · architecture
Before implementation: tenant structure, data model, security concept, integration mapping. The result is an architecture document any engineering team can pick up — including one other than us.
Read more →
Up front · CSP
Which license bundles for which users, which add-on SKUs are needed, where you are over- or under-licensed. Procured via Microsoft Licensing Partner — with the option to use CSP purely as a control mechanism without margin maximization.
Read more →
During · quality gate
Independent second opinion during a running implementation project — whether we are delivering it or another partner. CMMI-based quality gates, risk reviews, fixed price per gate.
During · adoption
Not the classic two-day workshop that's forgotten after a week — but a dynamic learning program over 4–6 weeks with kickoff training, application phases, and advanced sessions. Training matrix for roles and topics.
Read more →
After · operations
After go-live: a predictable Application Care contract with monthly flat rate, SLA-based. Includes releases, hotfixes, extensions, tenant hardening — and continuous support instead of merely reacting to tickets.
Read more →
After · knowledge
When the original developers are gone, the previous partner is no longer reachable, or the documentation is outdated — reverse engineering of the existing solution with a documented result: code map, data model, customization inventory.
Read more →
