Microsoft Azure is the most structurally complex vendor in this assessment series because it operates three distinct authority systems simultaneously: a massive cloud infrastructure platform (Azure), a deeply integrated but newly non-exclusive frontier model partnership (OpenAI), and the largest enterprise software installed base on earth (Microsoft 365, Entra ID, Purview, Fabric). No other assessed vendor straddles all three domains. Google Cloud owns its frontier model outright. AWS partners with model providers at arm's length. Dell, HPE, and VAST operate below the model layer entirely. Microsoft is the only vendor that must coordinate authority across infrastructure, model intelligence, and enterprise application identity — and the April 2026 OpenAI restructuring has made that coordination both more flexible and more visible.
The DAPM classification for Azure reveals a paradox unique among the assessed vendors: Microsoft has more productized Layer 2C capability than any vendor except Google — Agent Governance Toolkit (open-source, sub-millisecond policy enforcement), Entra Agent ID (GA April 2026, agent identity as first-class Entra citizens), Microsoft Agent 365 (unified agent registry and control plane), Foundry Control Plane (centralized observability for agents across frameworks) — yet the enterprise Cedes the most judgment to consume it. The Layer 2C surface is real. The authority delegation is also real. Both statements are true simultaneously.
The OpenAI restructuring (April 27, 2026) is the most significant borrowed judgment event in this assessment series. Azure exclusivity is gone — OpenAI models now ship on AWS Bedrock the next day. Microsoft retains a four-month first-mover window on new frontier models, IP license through 2032, ~27% equity stake, and OpenAI's commitment to $250B in Azure consumption. But the structural dependency has shifted from contractual lock-in to commercial preference. Microsoft is simultaneously scaling its own model development (MAI-1, speech/image models via Mustafa Suleyman's CoreAI division) — hedging the borrowed judgment it once embraced unconditionally.
The enterprise identity story is Azure's most underappreciated differentiator. No other vendor has extended enterprise identity governance to AI agents. Entra Agent ID treats agents as identity citizens alongside humans and workloads — same Conditional Access, same lifecycle management, same risk detection. This is Layer 2C infrastructure that every other vendor will eventually need to build or integrate. Microsoft has it because it already owns the enterprise identity plane. Identity is a cross-cutting concern not fully addressed in earlier assessments in this series — the Azure assessment surfaces it as a structural dimension that should be retroactively evaluated across all vendors.
Azure's structural question is not capability — the capabilities span every layer of the 4+1 model. The question is authority composition: when the enterprise adopts Azure AI Foundry + OpenAI models + Entra Agent ID + Fabric data governance + Purview compliance, how many independent judgment systems has it inherited, and has it classified each delegation explicitly? The 4+1 model exists to make that composition visible. Azure is the vendor where the composition is most complex.
Layer-by-layer status: Layer 0 (Ceded to Microsoft), Layer 1A (Ceded to Microsoft), Layer 1B (Ceded to Microsoft), Layer 1C (Ceded to Microsoft), Layer 2A (Ceded to Microsoft), Layer 2B (Ceded to Microsoft + OpenAI), Layer 2C (Intelligence 2C: Productized | Infra 2C: Emerging), Layer 3 (+1) (Broadest Enterprise Ecosystem).
Assessment framework: 4+1 Layer AI Infrastructure Model. Scoring model: Decision Authority Placement Model (DAPM) — Retained, Delegated, Ceded, or Absent. Published by The CTO Advisor LLC. Author: Keith Townsend. Date assessed: May 22, 2026. Version: v1.0 — Draft, Editorial Review Pending.
Raw compute, networking, and acceleration fabric
Maia 100: AI accelerator on TSMC 5nm, 105B transistors. Designed for LLM training and inference. Optimized for Azure OpenAI Service and Copilot workloads. Second-generation Maia 200 ('Braga') in development — reported design revisions pushed to 2026. Cobalt 100: ARM-based CPU for general cloud workloads. Both designed in-house by Azure hardware teams. OpenAI partnership now includes rights to OpenAI's custom chip designs for integration into Maia/Cobalt roadmap.
Among the first hyperscalers to deploy Vera Rubin NVL72 (via Azure Local + Foundry Local). ND-series VMs: H100, H200, B200/B300. 1M+ NVIDIA GPUs. Fractional GPU via Azure Kubernetes Service. AMD Instinct MI300X via ND MI300X v5 VMs for inference workloads. The multi-accelerator marketplace (Maia, NVIDIA, AMD) creates a workload-to-silicon matching problem that is itself a Layer 2C function.
Microsoft created SONiC (Software for Open Networking in the Cloud) and open-sourced it through OCP. SONiC is now the de facto open-source network OS for hyperscale, running on switches from Broadcom, NVIDIA, Intel, and others — Microsoft shaped the networking substrate and gave it away. Azure Accelerated Networking with hardware-level SR-IOV. InfiniBand interconnect for GPU clusters. RDMA for distributed training. Microsoft-designed rack architecture, power, and cooling. 80+ regions, 500+ datacenters, 800,000+ km of fiber.
Hyper-converged, customer-owned cluster running Azure services on-premises. Windows/Linux VMs, AKS containers, Azure Virtual Desktop. Connected and fully disconnected modes (Feb 2026). Validated OEM hardware from Dell, HPE, Lenovo, and others. Azure Arc extends management, governance, and security. Foundry Local for on-prem AI inference. $10/core/month + optional services. Sovereign Private Cloud (Azure Local + Microsoft 365 Local) for air-gapped environments.
Vera Rubin NVL72, Blackwell B200/B300, H100/H200. InfiniBand for GPU cluster interconnect. ConnectX/BlueField NICs. Microsoft manages the NVIDIA integration and instance types.
NVIDIA inference microservices available through Microsoft Foundry model catalog alongside OpenAI, open-source, and Microsoft models.
Azure's Layer 0 follows the same structural pattern as AWS and GCP: the enterprise Cedes all infrastructure authority in exchange for operational leverage. The multi-accelerator marketplace (Maia, NVIDIA, AMD) creates the same workload-to-silicon matching problem identified in the AWS assessment — a Layer 2C function that no hyperscaler yet automates with policy-driven placement. Azure's custom silicon is less mature than AWS's (Trainium is in production at scale; Maia 100 powers internal services but Maia 200 has slipped) and less differentiated than Google's (TPUs are architecturally distinct; Maia is NVIDIA-competitive). The OpenAI chip design rights add an interesting dimension — Azure could incorporate inference-optimized design ideas from OpenAI into future Maia generations, creating a silicon-model co-optimization loop unique to Microsoft. SONiC is an underappreciated Layer 0 authority claim. Microsoft designed the network OS that runs hyperscale data centers globally — including competitors' — and open-sourced it. This is a different networking authority model than any other vendor: Dell brands NVIDIA switches, HPE acquired Juniper ($14B), Google built Virgo (proprietary), AWS built SRD (proprietary). Microsoft built SONiC and made it public infrastructure. The strategic value is ecosystem shaping, not proprietary control. Azure Local inverts the on-prem model differently than AWS AI Factories: Azure Local is customer-operated on customer-owned hardware with Azure management plane (Delegated). AWS AI Factories are AWS-operated on AWS-owned hardware in customer facilities (Ceded). Azure Local also runs on multi-vendor OEM hardware (Dell, HPE, Lenovo) while AWS AI Factories run on AWS hardware only — creating cross-OEM visibility similar to VMware's hardware-agnostic model.
Inverted, same as AWS and GCP. The enterprise Cedes Layer 0 entirely. The trade-off: loss of direct hardware authority in exchange for operational leverage and multi-accelerator choice. The OpenAI silicon co-design relationship is a unique form of borrowed judgment: Microsoft can incorporate OpenAI's hardware ideas but inherits OpenAI's optimization priorities (inference-first, GPT-family architectures). Whether that alignment holds as Microsoft scales its own model development (MAI-1, CoreAI) is an open question.
Microsoft's data center capex run rate exceeds $150B annually (2026), with 1 GW of additional capacity added in Q3 FY2026 alone — among the largest infrastructure investments in corporate history. Custom server boards, racks, and cooling designed for Maia and GPU density. The Stargate project (OpenAI/SoftBank/Oracle JV) is related but distinct — Stargate involves Oracle infrastructure and SoftBank capital, a shared infrastructure authority model with DAPM implications of its own. The Maia 200 slip is worth tracking: AWS shipped Trainium3 on schedule; Google shipped TPU 8t/8i on schedule; Microsoft's second-generation AI accelerator is delayed. Microsoft's near-term answer is massive NVIDIA GPU deployment — deepening the same NVIDIA dependency that Dell and HPE face, just at cloud scale. Azure Local's multi-vendor hardware support makes it the only hyperscaler on-prem offering that runs across OEM boundaries. This parallels VMware's hardware-agnostic model and creates the same potential for a multi-vendor reasoning plane. The difference: Azure Local is managed by Azure Arc (Microsoft's control plane); VMware is managed by VCF (Broadcom's control plane). Both see across OEM boundaries.
Durable, governed data foundation — the Governance Catalog that Layer 2C queries
Object and data lake storage. Hierarchical namespace for analytics workloads. Hot/Cool/Cold/Archive tiers. Immutable blobs, versioning, lifecycle management. S3-compatible API. The storage substrate for OneLake, Fabric, and AI training data pipelines.
Unified SaaS data platform: data engineering, warehousing, real-time analytics, data science, Power BI — all on a single data lake (OneLake). Zero-copy access patterns — data remains in place while being reused across experiences. FabCon/SQLCon 2026 positioned Fabric as 'the operating system for enterprise data' and the central control plane for OneLake data management. EXPOSE TO FABRIC T-SQL extension virtualizes database objects in OneLake without moving data.
Unified data governance across clouds, data types, and the full data estate. Built into Fabric. Automated sensitivity labeling on OneLake assets. Data Loss Prevention policies detect and restrict sensitive data uploads. Audit logs capture all Fabric user activities including AI interactions. Classification, lineage, compliance (GDPR, HIPAA, PCI DSS). Sensitivity labels, access policies, and compliance controls extend to data shared across tenants via OneLake data sharing. Purview extends beyond Azure into Microsoft 365 (SharePoint, Teams, Exchange), on-premises SQL Server, and multi-cloud environments.
Assessment pending
Azure's Layer 1A is among the most expansive in this assessment series because Microsoft controls the cloud storage infrastructure (Blob, ADLS Gen2), the enterprise data governance plane (Purview), AND the unified data platform (Fabric/OneLake). Microsoft's structural advantage: Purview governance extends beyond Azure into Microsoft 365 (SharePoint, Teams, Exchange), on-premises SQL Server, and multi-cloud environments. The governance catalog that a Layer 2C reasoning plane would query already contains metadata about the enterprise's entire data estate — not just cloud-resident data. The Fabric evolution from analytics platform to 'operating system for enterprise data' (FabCon/SQLCon 2026) is an explicit control plane claim. The unified data catalog spanning all Fabric workloads with automatic governance inheritance is the closest thing in this assessment to a data-layer reasoning plane. The gap: Purview's governance metadata is rich but it's unclear whether it's API-accessible in a way that a Layer 2C placement engine could query programmatically for real-time decisions. Governance as compliance reporting vs. governance as runtime policy input are different functions.
Ceded with customer-retained policy. Purview policies are customer-defined; enforcement is Microsoft-managed. The enterprise defines what's sensitive and who can access it; Microsoft enforces across the data estate. Fabric introduces a form of borrowed judgment through embedded Copilot: AI assistance for authoring, exploration, and development across Fabric workloads respects tenant, data, and permission boundaries — but the AI assistance logic is Microsoft's.
The Purview-to-Layer-2C connection is the most compelling governance-to-reasoning pathway in the assessment. If Microsoft builds a reasoning plane that queries Purview classification metadata, sensitivity labels, and compliance policies to make placement decisions about AI workloads, it would have the richest governance input of any vendor — because Purview already sees the enterprise's data across Azure, Microsoft 365, and on-premises. The OneLake 'single logical data lake across the tenant' vision parallels VAST's DataSpace 'global namespace' — both attempt to make data location transparent. OneLake is a cloud-native abstraction within Microsoft's platform; DataSpace is an infrastructure-level abstraction across physical sites. Different layers of the stack, same architectural ambition.
Low-latency retrieval for RAG — vector/hybrid search, context windows
Enterprise retrieval engine combining full-text search (BM25/Lucene), vector search (HNSW), hybrid search with Reciprocal Rank Fusion (RRF), and transformer-based semantic ranker — all in a single managed platform. Integrated vectorization with built-in chunking and embedding. Agentic retrieval (preview): LLM-assisted query planning, multi-source access, structured responses optimized for agent consumption.
Foundry Agent Service agents access SharePoint, Microsoft Fabric, Azure AI Search, Azure Blob Storage, and Bing as knowledge sources. The Microsoft 365 corpus (SharePoint, Teams, Exchange) provides enterprise context that is already semantically rich — documents, conversations, and emails created in business workflows carry business meaning natively. Bing adds web-scale grounding. No other vendor has both enterprise productivity data and a web search engine integrated as agent context sources. This is the structural contrast to Google's Knowledge Catalog approach: Google uses Gemini to derive business semantics from raw data; Microsoft retrieves from a corpus where business semantics were created by humans in the course of work.
Assessment pending
Azure AI Search is one of the strongest Layer 1B offerings in this assessment. The hybrid search + semantic ranker + agentic retrieval combination addresses the retrieval quality problem comprehensively. The structural contrast with Google's Knowledge Catalog is the key 1B finding. Google's approach is model-integrated: Gemini enriches raw data on arrival, extracting business semantics and building a context graph that didn't exist before. Microsoft's approach is corpus-integrated: the M365 corpus already contains business context because humans created it in business workflows. A SharePoint document about Q3 revenue already carries the business semantics that Knowledge Catalog would need Gemini to extract from a raw CSV. Microsoft doesn't need a model to derive meaning because the data was born semantic. Both approaches have trade-offs. Google's model-derived semantics are consistent and exhaustive — every data asset gets enriched. Microsoft's human-created semantics are richer but inconsistent — the quality depends on how well the enterprise organizes its M365 content. Google's approach works on any data. Microsoft's advantage depends on the enterprise already having its knowledge in M365. The agentic retrieval mode (preview) blurs the boundary between retrieval (1B) and reasoning (2C) — the retrieval engine uses an LLM to decompose complex queries into sub-queries. Same cross-layer blurring observed in other vendors' products. Bing grounding introduces a unique borrowed judgment: the enterprise inherits Bing's web index, coverage, biases, and ranking decisions as part of agent context. No other vendor has this dependency because no other vendor owns a web search engine.
Ceded with high integration value. Azure AI Search is Microsoft IP. The semantic ranker is a Microsoft model. Agentic retrieval uses Microsoft's LLM for query decomposition. The enterprise Cedes retrieval intelligence to Microsoft but gains the integrated M365 corpus and Bing web index as context. The M365 corpus as borrowed judgment: the enterprise's own data is the context source, but Microsoft controls how it's indexed, chunked, embedded, and served to agents. The enterprise created the content; Microsoft controls the retrieval path.
The 'retrieval as reasoning' evolution (agentic retrieval mode) is worth tracking as a 4+1 model observation. If the retrieval engine uses LLM reasoning to plan queries, where does Layer 1B end and Layer 2C begin? The product boundary (Azure AI Search) doesn't align with the architectural boundary (retrieval vs. reasoning). The Google Knowledge Catalog contrast deserves tracking as both approaches mature. If Google's Gemini-derived semantics prove more reliable than human-created M365 content for agent grounding, the model-integrated approach wins. If enterprise-specific context (internal jargon, organizational knowledge, relationship context) proves more valuable than machine-extracted semantics, the corpus-integrated approach wins. The answer likely varies by use case.
Move/transform data — ETL/ELT, lineage, cost-aware movement, KV cache tiering
Cloud-based ETL/ELT orchestration available as a standalone Azure service (Data Factory) and within the unified Fabric experience (Data Factory in Fabric). 200+ connectors in Fabric. Visual pipeline builder. Gartner Leader for Data Integration Tools (5 consecutive years). Fabric version adds Dataflows Gen2 for self-service data preparation with Power Query (no-code), Medallion architecture (Bronze → Silver → Gold) with Delta Lake, ACID transactions, schema enforcement, time-travel queries, Data Activator for event-driven actions, and Copilot for natural-language pipeline authoring. Scheduled and event-based triggers.
Apache Spark-based analytics platform. Delta Lake as the transactional storage layer. Data engineering, data science, ML. Azure-optimized but Databricks-owned IP. The most commonly used advanced data pipeline tool on Azure — but it's a partner dependency, not Microsoft IP. AWS has the same Databricks dependency without listing it as a component; the inclusion here reflects how central Databricks is to Azure's enterprise data engineering story.
Assessment pending
Azure's Layer 1C is comprehensive and mature. Data Factory's 5-year Gartner leadership position reflects enterprise-grade data movement capability. The Fabric integration collapses what were previously separate services (Data Factory, Synapse, Power BI) into a unified pipeline-to-analytics experience. Azure's Layer 1C advantage: Fabric's unified data platform means the pipeline, storage, analytics, and governance are the same system. Data moves through experiences within OneLake rather than between services. This architectural philosophy parallels vertically integrated approaches in other assessed platforms but at a different layer of the stack. The Databricks dependency is worth noting: many enterprise Azure customers use Databricks rather than native Fabric pipelines for complex data engineering. This creates a Delegated component within an otherwise Ceded layer — the enterprise's data pipeline intelligence is Databricks' IP, running on Azure's infrastructure. No KV cache tiering story is evident on Azure. Dell has validated NVIDIA CMX (19x TTFT improvement), HPE has Alletra X10000 KV cache support, VAST collocates cache and compute in CNode-X. This gap matters as inference workloads scale and KV cache management becomes a data movement problem.
Ceded for native services. Delegated for Databricks. Copilot for Data Factory adds a dimension: natural-language pipeline authoring means the enterprise inherits Microsoft's LLM's understanding of data engineering patterns. Whether Copilot-authored pipelines match the quality of expert-authored ones is an open question with borrowed judgment implications.
The Fabric positioning as 'operating system for enterprise data' (FabCon/SQLCon 2026) makes Layer 1C the layer where Microsoft's data platform ambitions are most visible. If Fabric succeeds as the unified data control plane, it collapses 1A (storage) + 1B (retrieval) + 1C (movement) into a single authority boundary — which simplifies DAPM classification but concentrates authority.
GPU scheduling, quotas, RBAC, fair-share scheduling, utilization optimization
Managed Kubernetes with GPU-aware scheduling. Dynamic Resource Allocation (DRA) GA at KubeCon Europe 2026 — fine-grained GPU resource allocation enabling multiple AI workloads to share GPU resources, reducing idle GPU time from typical 30-40% rates. AKS-managed GPU node pools automate NVIDIA driver, device plugin, and DCGM metrics. MIG, MPS, and time-slicing for GPU sharing. Kueue for fair queuing and priority. Cilium mTLS encryption in public preview — sidecarless pod-to-pod security eliminating sidecar proxy overhead for AI workloads (built with Isovalent/Cisco). AI Runway (preview): unified inference API positioning Kubernetes as the AI infrastructure operating system, with cross-cloud GPU scheduling previewed. Microsoft contributed DRA to upstream Kubernetes — these GPU scheduling primitives are available to all Kubernetes users, not just AKS.
Extends Azure management to any infrastructure — on-prem, edge, multi-cloud. Projects external resources into Azure Resource Manager. Unified RBAC, policy, monitoring. AKS enabled by Azure Arc: AI inference on hybrid Kubernetes clusters with centralized governance. Connected and disconnected operation modes. The only hyperscaler management plane designed to orchestrate across non-native infrastructure — AWS manages AWS; Google manages GCP and GDC; Azure Arc manages anything.
NVIDIA GPU Operator manages GPU drivers and device plugins on AKS. DRA GA provides Kubernetes-native GPU scheduling primitives. Microsoft contributed DRA to upstream Kubernetes.
Azure's Layer 2A is mature and comprehensive. AKS is the most widely deployed managed Kubernetes service for AI workloads on Azure, and the KubeCon 2026 DRA GA + AI Runway announcements extend its capabilities specifically for AI scheduling. Azure Arc is the hybrid orchestration differentiator: it extends Azure's management plane to any infrastructure, including competitor hardware. An enterprise running Azure Arc on Dell, HPE, and Lenovo hardware gets a unified orchestration plane across OEM boundaries — managed by Microsoft rather than Broadcom (VMware) or the OEM itself. The AI Runway + cross-cloud GPU scheduling preview is the most aggressive multi-cloud orchestration claim in this assessment. If Azure can schedule workloads across its own GPUs, AWS GPUs, and GCP GPUs based on availability and pricing, it becomes the first cross-hyperscaler Layer 2A orchestration plane. This is aspirational — the preview was just announced — but architecturally significant. DRA contribution to upstream Kubernetes means these GPU scheduling primitives are available to all Kubernetes users, not just AKS. Microsoft is building the open-source foundation that competitors also benefit from — a strategic choice that prioritizes ecosystem leadership over proprietary advantage. Brendan Burns' authorship (Kubernetes co-creator, Microsoft employee) gives Azure unique credibility in shaping Kubernetes' evolution.
Ceded for cloud workloads. Delegated for Azure Arc-managed on-prem infrastructure. Microsoft's Kubernetes contributions (DRA, AI Runway) are open-source — the enterprise can run them on any Kubernetes. But operational maturity (managed upgrades, monitoring, scaling) is Azure-specific. The enterprise retains the code but Cedes the operations.
Microsoft's KubeCon 2026 framing of 'Kubernetes as the AI Infrastructure OS' is a Layer 2A statement, not a Layer 2C statement. The distinction matters: Kubernetes schedules and manages resources. A Reasoning Plane governs them with policy-driven intelligence. Same distinction applies to VMware's framing of VCF as 'the permanent abstraction layer.'
Model serving, inference optimization, agent runtime — the Execution Plane
Unified platform-as-a-service for enterprise AI operations. 11,000+ models in catalog including OpenAI (GPT-5.5, o-series — four-month first-mover window per April 2026 restructuring), open-source, Microsoft (MAI-1, Phi), and NVIDIA models. Foundry Agent Service: fully managed agent runtime supporting no-code prompt agents and code-based agents (Agent Framework, LangGraph, custom). Handles hosting, scaling, identity, observability, enterprise security. OpenResponses, Activity, Invocations, and A2A protocols for agent distribution through M365 Copilot, Teams, and Entra Agent Registry. Foundry Control Plane centralizes observability for agents across frameworks — including agents NOT running on the platform (register custom LangGraph, A2A, or HTTP-based agents, route through AI Gateway, send OTel traces to Application Insights). Batch evaluations for third-party agents using built-in evaluators for safety, fluency, and task adherence. OpenAI models are now also available on AWS Bedrock — the model is no longer an Azure differentiator; the platform integration is.
Production framework for building multi-agent systems. Orchestration patterns: sequential, concurrent, handoff, group chat (Magentic One). OpenAPI integration, A2A protocol, MCP support. Local development → Azure deployment with observability and compliance. Open-source (MIT license). KPMG Clara AI built on Agent Framework.
NVIDIA models available through Foundry model catalog. Vera Rubin support via Azure Local + Foundry Local for on-prem inference.
Integration through Foundry for model training and fine-tuning. Same NVIDIA training dependency seen across multiple assessed vendors.
Azure's Layer 2B is one of the broadest — 11,000+ models, managed agent runtime, open-source agent framework, cross-framework observability. The breadth creates complexity: the enterprise must choose between Foundry Agent Service (Ceded, managed), Agent Framework on AKS (Retained, self-hosted), Azure OpenAI direct (Ceded, model-specific), and fully self-hosted options. The April 2026 Custom Agent Monitoring is architecturally significant: Foundry extends governance to agents it doesn't host. This is a Layer 2B/2C crossover — the runtime observability reaches beyond the runtime boundary. The OpenAI restructuring creates a unique Layer 2B dynamic: OpenAI models are Azure's flagship capability AND are now available on AWS Bedrock. The model is commodity; the platform around the model is the lock-in. The Agent Framework being open-source (MIT) means the enterprise Retains the code and can run it anywhere. But the operational envelope (Foundry hosting, Entra identity, Purview compliance) is Azure-specific. Code portability vs. operational portability — same distinction identified in the Google Cloud assessment with ADK.
Multi-layered. OpenAI models: borrowed alignment, training data, and safety decisions — the most significant model-provider borrowed judgment in this assessment because OpenAI is simultaneously a partner, a competitor (ChatGPT Enterprise vs. Microsoft 365 Copilot), and a platform (OpenAI API vs. Azure OpenAI Service). Microsoft's own models (MAI-1, CoreAI): borrowed judgment shifts to Microsoft's model team. Open-source models: community-borrowed judgment. The enterprise using Azure OpenAI Service inherits three judgment systems simultaneously: Microsoft's platform decisions (Foundry defaults, content filtering), OpenAI's model decisions (alignment, capabilities, safety), and NVIDIA's silicon decisions (GPU scheduling, driver behavior). This is the most complex borrowed judgment stack in the assessment.
The April 2026 restructuring eliminated Azure exclusivity for OpenAI models. GPT-5.5 appeared on AWS Bedrock the next day. This validates the 4+1 model's prediction that model-layer lock-in is transient while platform-layer lock-in (2A/2B/2C) is durable. Microsoft's response is right: invest in Foundry, Entra Agent ID, and governance infrastructure that doesn't move with the model. The CoreAI division under Mustafa Suleyman signals Microsoft is building its own model capability to reduce OpenAI dependency. The borrowed judgment composition changes as Microsoft's own models mature. Today it's Microsoft platform + OpenAI models. Tomorrow it could be Microsoft platform + Microsoft models — a vertically integrated model similar to Google's.
Policy-driven placement and resource coordination — the Autonomy Layer
Seven-package, multi-language (Python, TypeScript, Rust, Go, .NET) system for governing autonomous AI agents. Agent OS: stateless policy engine, sub-millisecond enforcement (<0.1ms p99). Addresses all 10 OWASP agentic AI risks. 9,500+ tests. Deterministic, not LLM-based — 0.43 seconds total overhead across 11 agents over 11 days in Microsoft's internal deployment. Intent-based authorization: Declare → Approve → Execute → Verify lifecycle. Drift detection with soft-block, hard-block, or log-only responses. Deploy as AKS sidecar, Foundry middleware, or Azure Container Apps.
Agent identity as first-class Entra citizens. Same Conditional Access, lifecycle management, risk detection, and governance as human identities. Agent blueprints: reusable identity templates for consistent governance. Shadow AI detection: discover unsanctioned agents. Sponsor lifecycle management. Four Conditional Access policy templates for agents. ID Protection extends anomaly detection to agent identities. Part of Microsoft Agent 365. Identity is a cross-cutting concern not fully assessed at this layer for other vendors in the series.
Unified agent registry and distributed control plane. Single inventory of all agents — Microsoft and non-Microsoft — operating in the organization. Agent Card Manifests provide rich metadata. Collection-based policies for discovery governance. SDK for third-party agent platforms to register agents. Converging the Entra Agent Registry under Agent 365 for simplified management.
Secures and manages MCP tools with policies and observability. Routes agent traffic through a governed gateway. Content Safety in Foundry Control Plane provides guardrails. Cross-prompt injection attack (XPIA) protection.
All Layer 2C components are Microsoft IP or open-source. NVIDIA does not provide or control governance, policy, agent identity, or reasoning in the Azure stack.
Microsoft has the most productized Intelligence Layer 2C alongside Google. Four distinct 2C capabilities are GA or recently shipped: (1) Agent Governance Toolkit: Open-source, deterministic policy enforcement addressing all 10 OWASP agentic AI risks with sub-millisecond enforcement. Being open-source (MIT) means it's available to every vendor's customers — Microsoft built a governance standard others can adopt. (2) Entra Agent ID: The only vendor that has extended enterprise identity governance to AI agents as first-class identity citizens. Conditional Access for agents is GA. Shadow AI detection for unsanctioned agents is uniquely valuable for enterprises that don't yet know what agents are running. Identity as a governance dimension is not fully assessed across other vendors in this series — the Azure assessment surfaces it as a structural concern that warrants cross-vendor evaluation. (3) Agent 365: Unified agent registry covering Microsoft and non-Microsoft agents. The SDK for third-party platforms to register means Microsoft is building the universal agent inventory — even for agents that don't run on Azure. (4) Agent Governance Toolkit + Agent Framework integration: The Declare → Approve → Execute → Verify lifecycle with drift detection is the most structured agent governance protocol in this assessment. Infrastructure Layer 2C (emerging): Same gap as AWS — no service answers 'given data residency, cost, latency, and compliance, should this workload run on Maia, NVIDIA, or AMD in which region?' The policy-driven infrastructure placement engine does not exist as a product. Azure Arc + cross-cloud GPU scheduling (previewed at KubeCon) are building blocks, not a composed reasoning plane. The key differentiator vs. Google's Layer 2C: Azure's Intelligence 2C is model-agnostic — it governs agents regardless of which model powers them. Google's is Gemini-integrated. For enterprises running multi-model strategies, Azure's approach provides governance without model lock-in.
Intelligence 2C: Low — Agent Governance Toolkit is open-source, Entra Agent ID is Microsoft IP, Agent 365 is Microsoft IP. The enterprise defines governance policies; Microsoft provides the enforcement infrastructure. The Entra Agent ID dependency is worth flagging: extending agent identity into Entra means agent governance is tied to Microsoft's identity plane. An enterprise running agents on AWS that are governed by Entra Agent ID has a cross-cloud identity dependency on Microsoft. This is a deliberate strategic move — Microsoft is positioning Entra as the universal agent identity standard, as Active Directory became the universal enterprise identity standard. Infrastructure 2C: Not yet built. The building blocks (Arc, DRA, cross-cloud scheduling) exist but have not been composed into a policy-driven placement engine.
The Agent Governance Toolkit validates the 4+1 model's Layer 2C thesis directly. The OWASP Agentic Top 10 alignment, intent-based authorization lifecycle, and deterministic enforcement model all map precisely to what the 4+1 model describes as the Reasoning Plane's governance function. Microsoft's internal deployment data (11 agents, 7,000+ decisions, 0.43 seconds total governance overhead over 11 days) provides the first production evidence that Layer 2C governance can operate at negligible performance cost. Microsoft's Cloud Adoption Framework for agent governance (April 2026) provides a prescriptive four-layer composition model: data governance/compliance (Purview), agent observability (Agent 365, Defender, Log Analytics), agent security (Defender AI threat protection, Content Safety, AI Red Teaming Agent, RBAC, Sentinel), and agent development (Agent Framework, Foundry SDK, MCP, A2A). This is not a product but a reference architecture showing how the productized 2C components compose into an enterprise governance posture. The strategic play: Microsoft is building Layer 2C as an identity and governance story (Entra Agent ID + AGT). Google is building Layer 2C as a model intelligence story (Gemini integrated into infrastructure). VAST is building Layer 2C as a data platform story (PolicyEngine + Polaris). Three different vectors converging on the same architectural function. The 4+1 model predicted this convergence.
AI-powered business capabilities — business logic, workflow automation
OpenAI (GPT-5.5, o-series), Meta (Llama), Mistral, Cohere, NVIDIA Nemotron, Microsoft (MAI-1, Phi), plus thousands of open-source and industry-specific models. One of the broadest model marketplaces available.
Low-code/no-code platform for building custom Copilot agents and extensions. Agents publish through Microsoft 365 Copilot and Teams. Enterprise-accessible without developer expertise. Managed MCP tool governance.
Azure Marketplace with thousands of AI applications. SI partnerships (Accenture, Deloitte, KPMG, Infosys). ISV integrations across every industry. The Microsoft partner network is the largest in enterprise technology.
GitHub Copilot has evolved from code completion to a full agentic development platform with three surfaces: IDE agent mode (VS Code, Visual Studio 2026 with cloud agent integration), Copilot CLI (GA for all paid subscribers — Plan mode, Autopilot mode, dynamic agent delegation), and cloud agent (autonomous coding agent that researches repos, creates plans, makes code changes, opens PRs without developer in the loop via GitHub Actions). Multi-model: Claude, GPT, and OpenAI Codex models selectable per task. GitHub Copilot SDK enables building custom agents using Copilot's orchestration runtime — planning, tool invocation, streaming, MCP server integration. Foundry Local integration enables fully local, air-gapped agentic coding with data sovereignty. Microsoft Agent Framework supports Copilot SDK as agent backend. Visual Studio 2026 adds Debugger Agent that validates fixes against real runtime behavior. The most pervasive developer AI surface by installed base — integrated into the largest code hosting platform (GitHub) and the most widely used enterprise IDE ecosystem (VS Code + Visual Studio).
NVIDIA models and application patterns available through Foundry. Same blueprints available across other assessed vendors — non-differentiating.
Azure's Layer 3 is structurally unique because Microsoft owns both the infrastructure platform AND the largest enterprise application estate in market. GitHub Copilot (developer AI), Microsoft 365 Copilot (knowledge worker AI, 3.3% paid adoption as of early 2026), Power Platform AI (business process automation), and Dynamics 365 Copilot (CRM/ERP AI) are Microsoft application products — not Azure services — but they consume Azure AI infrastructure at Layers 0–2C. This creates a dynamic no other vendor has: the enterprise's Layer 3 application decision often drives the Layer 0 infrastructure decision rather than vice versa. On-prem vendors sell infrastructure first; Azure sells applications first. This application estate context does not appear as assessed components because these are Microsoft products, not Azure services. The parallel exists in the Google Cloud assessment where Gemini's consumer properties are acknowledged as context without being assessed as GCP Layer 3 components. The GitHub Copilot vs. Microsoft 365 Copilot adoption contrast has implications beyond Azure. GitHub Copilot succeeds (high adoption, measurable productivity impact in a specific workflow). M365 Copilot struggles (3.3% conversion on the largest enterprise installed base). This suggests Layer 3 AI applications succeed when targeting specific professional workflows rather than augmenting general knowledge work — an observation relevant to every vendor's Layer 3 strategy. Copilot Studio is the Azure-native Layer 3 capability: low-code/no-code agent building with distribution through M365 and Teams. This is the bridge between the Microsoft application estate and the Azure AI platform — agents built in Copilot Studio consume Foundry models, are governed by Entra Agent ID, and are distributed through the M365 surface. GitHub Copilot's evolution from code completion to autonomous cloud agent represents the most significant Layer 3 shift in the Azure/Microsoft ecosystem. The cloud agent (coding autonomously in GitHub Actions, opening PRs without developer presence) creates a new category of AI-generated code flowing through enterprise repositories. The DAPM question: when Copilot's cloud agent writes production code autonomously, who owns the engineering judgment? The developer who assigned the issue, the model that generated the code, or GitHub's agent orchestration logic? The GitHub Copilot SDK is strategically important: it exposes Copilot's production agent runtime as a programmable API, enabling enterprises to build custom agents on top of GitHub's orchestration engine. Combined with Foundry Local for air-gapped on-device inference, this creates a Retained-authority path for enterprises that need agentic development without cloud dependency — the only assessed cloud vendor offering a fully local agentic developer tool. Three-cloud comparison of agentic developer surfaces: • AWS Kiro: Spec-driven, methodology-opinionated. Enforces structured requirements → design → implementation. Replaces Q Developer. Deep AWS integration (pricing, Well-Architected, Bedrock). Most prescriptive. • Google Antigravity 2.0: Agent orchestration platform. Multi-agent parallel execution, scheduled background tasks. Desktop + CLI + SDK. Replaces Gemini CLI. Gemini-native. Most ambitious multi-agent vision. • GitHub Copilot: IDE-embedded + CLI + cloud agent. Multi-model (Claude, GPT, Codex). GitHub-native (repos, issues, PRs, Actions). Copilot SDK for custom agents. Foundry Local for air-gapped. Most pervasive installed base. All three are Ceded or Delegated — the enterprise adopts the vendor's opinions about how AI-assisted development should work. The competitive differentiation is in the development philosophy: AWS imposes discipline (specs first), Google enables parallelism (multiple agents), Microsoft/GitHub enables delegation (assign and forget).
The most complex borrowed judgment landscape in this assessment. The enterprise using Azure AI inherits judgment from: Microsoft's platform decisions (Foundry defaults, content filtering), OpenAI's model decisions (alignment, capabilities, safety), NVIDIA's silicon decisions (GPU scheduling, driver behavior), ISV application decisions, and Microsoft's enterprise application decisions (Copilot integration points, Power Platform automation patterns). The unique risk: Microsoft's Layer 3 applications are also the enterprise's productivity tools. If Copilot in Word makes a poor suggestion, it affects the document. If Copilot in Dynamics 365 makes a poor recommendation, it affects the sales pipeline. The blast radius of borrowed judgment at Layer 3 is larger for Microsoft than for other vendors because the applications are mission-critical business tools, not standalone AI applications.
The Microsoft 365 Copilot adoption data is the enterprise AI reality check this assessment series benefits from. At 3.3% conversion on the largest installed base in enterprise software, the question is whether the industry's Layer 3 ambitions are ahead of enterprise readiness — and whether that readiness gap affects infrastructure investment decisions at Layers 0–2. GitHub Copilot's success vs. Microsoft 365 Copilot's adoption challenge has implications for every vendor's Layer 3 strategy: AI applications may succeed faster when they target specific professional workflows (coding, design, data engineering) than when they target general knowledge work. The GitHub Copilot SDK's availability as a programmable agent runtime backend via Microsoft Agent Framework creates a developer platform play that spans Layers 2B and 3. Enterprises building custom agents on the Copilot SDK inherit GitHub's orchestration opinions — planning, tool invocation, context management — as borrowed judgment. The SDK is the distribution mechanism for Microsoft's agent architecture opinions into enterprise codebases. Foundry Local + Copilot SDK for air-gapped agentic development is a unique capability in this assessment. No other cloud vendor provides a fully local, data-sovereign agentic developer tool. AWS Kiro requires Bedrock connectivity. Google Antigravity requires Gemini API. GitHub Copilot with Foundry Local runs entirely on-device. This matters for defense, financial services, and government enterprises where source code cannot leave the local environment. The agentic developer tools market is consolidating around three philosophies: structured discipline (Kiro), parallel orchestration (Antigravity), and delegation-first autonomy (Copilot). Red Hat's OpenShift Dev Spaces supporting Kiro, Copilot, Claude CLI, and others from a single governed runtime suggests the enterprise will run multiple agentic developer tools simultaneously — governed by the platform layer (2A) rather than choosing a single tool at Layer 3.
Microsoft Azure is the most structurally complex vendor in this assessment series because it operates three distinct authority systems simultaneously: a massive cloud infrastructure platform (Azure), a deeply integrated but newly non-exclusive frontier model partnership (OpenAI), and the largest enterprise software installed base on earth (Microsoft 365, Entra ID, Purview, Fabric). No other assessed vendor straddles all three domains. Google Cloud owns its frontier model outright. AWS partners with model providers at arm's length. Dell, HPE, and VAST operate below the model layer entirely. Microsoft is the only vendor that must coordinate authority across infrastructure, model intelligence, and enterprise application identity — and the April 2026 OpenAI restructuring has made that coordination both more flexible and more visible.
The DAPM classification for Azure reveals a paradox unique among the assessed vendors: Microsoft has more productized Layer 2C capability than any vendor except Google — Agent Governance Toolkit (open-source, sub-millisecond policy enforcement), Entra Agent ID (GA April 2026, agent identity as first-class Entra citizens), Microsoft Agent 365 (unified agent registry and control plane), Foundry Control Plane (centralized observability for agents across frameworks) — yet the enterprise Cedes the most judgment to consume it. The Layer 2C surface is real. The authority delegation is also real. Both statements are true simultaneously.
The OpenAI restructuring (April 27, 2026) is the most significant borrowed judgment event in this assessment series. Azure exclusivity is gone — OpenAI models now ship on AWS Bedrock the next day. Microsoft retains a four-month first-mover window on new frontier models, IP license through 2032, ~27% equity stake, and OpenAI's commitment to $250B in Azure consumption. But the structural dependency has shifted from contractual lock-in to commercial preference. Microsoft is simultaneously scaling its own model development (MAI-1, speech/image models via Mustafa Suleyman's CoreAI division) — hedging the borrowed judgment it once embraced unconditionally.
The enterprise identity story is Azure's most underappreciated differentiator. No other vendor has extended enterprise identity governance to AI agents. Entra Agent ID treats agents as identity citizens alongside humans and workloads — same Conditional Access, same lifecycle management, same risk detection. This is Layer 2C infrastructure that every other vendor will eventually need to build or integrate. Microsoft has it because it already owns the enterprise identity plane. Identity is a cross-cutting concern not fully addressed in earlier assessments in this series — the Azure assessment surfaces it as a structural dimension that should be retroactively evaluated across all vendors.
Azure's structural question is not capability — the capabilities span every layer of the 4+1 model. The question is authority composition: when the enterprise adopts Azure AI Foundry + OpenAI models + Entra Agent ID + Fabric data governance + Purview compliance, how many independent judgment systems has it inherited, and has it classified each delegation explicitly? The 4+1 model exists to make that composition visible. Azure is the vendor where the composition is most complex.