Skip to main content
Cloud

When Azure Is the Right Choice (And When It Isn't)

An honest decision framework for Azure adoption — when the platform earns its cost, and when you're better off on AWS, GCP, or staying on-prem.

John Lane 2022-02-10 5 min read
When Azure Is the Right Choice (And When It Isn't)

Most "Is Azure right for me?" articles read like they were written by Microsoft's marketing team. This one is written by an engineering group that has moved customers onto Azure, off Azure, and kept some of them on a mix of Azure plus on-prem because that was the honest answer. Here is the decision framework we actually use.

When Azure Is the Right Choice

You're already a Microsoft shop

If your identity story is Entra ID (formerly Azure AD), your productivity stack is Microsoft 365, and your developers write C# against SQL Server, Azure is almost always the path of least resistance. Conditional Access policies, Intune device management, Defender for Cloud, and Sentinel all assume an Entra-backed tenant. The integration value is real and hard to quantify in a spreadsheet until you try to replicate it elsewhere.

You need enterprise agreement economics

Microsoft's Enterprise Agreement (EA) and Azure Consumption Commitment (MACC) discounts can be meaningful — in our experience 15 to 25 percent off list for mid-market, more for large commitments. If your organization already negotiates a Microsoft EA, rolling Azure spend into it typically beats AWS unless you're willing to negotiate a private pricing addendum with AWS too.

You're running Windows Server and SQL Server at scale

Azure Hybrid Benefit lets you apply existing Windows Server and SQL Server licenses against Azure compute, which can cut VM costs by 40 percent or more. No other hyperscaler gives you that deal on Microsoft licensing. For SQL Server workloads specifically, Azure SQL Managed Instance is the smoothest lift-and-shift path we've seen for apps that aren't ready to refactor.

You need compliance boundaries Microsoft has already certified

Azure Government, Azure for Healthcare, and the CJIS-aligned regions matter if you're in public sector, healthcare, or law enforcement. The paperwork trail Microsoft provides saves real weeks during audits.

When Azure Is the Wrong Choice

You're a Linux-first, open-source shop

Azure works fine for Linux workloads, but the developer experience is still AWS-first for most open-source ecosystems. Terraform providers, operator coverage, community Helm charts, SDK maturity — AWS tends to have a slight edge, and GCP has a larger edge for data and ML workloads. If your team is already fluent on AWS, moving to Azure to save a few percent on compute usually costs more in retraining than it saves.

You need the absolute lowest cost per vCPU

Hetzner, OVH, and even bare metal with a colocation provider will beat Azure on raw compute cost by 3x to 5x for steady-state workloads. If you're running 24/7 batch jobs or a predictable web tier, the hyperscaler premium is hard to justify. We've seen customers cut infrastructure spend 60 percent by moving steady-state workloads back to a private cloud on Proxmox or VMware and keeping only bursty or regulated workloads in Azure.

Your workloads are ML-heavy and GPU-hungry

Azure's GPU availability has been tight for two years running. If you need H100s or A100s at scale today, you are probably waiting in a queue. GCP and specialty providers (Lambda, CoreWeave, RunPod) have better availability and better per-hour pricing for sustained GPU workloads.

You want a simple bill

Azure's cost model is not simple. Reserved instances, savings plans, hybrid benefit, spot, dev/test pricing, and regional variance all interact. Expect to spend real effort on FinOps or hire someone who does it for a living.

Migration Complexity Tiers

Here is how we scope migrations before quoting them. These are the four tiers we use internally.

Tier 1 — Lift and shift (weeks). Windows file servers, Active Directory domain controllers, simple IIS web apps, SQL Server databases under 500 GB. Azure Migrate handles the discovery, Azure Site Recovery handles the replication, cutover is measured in hours. Realistic: 4 to 8 weeks for a small shop, 3 to 6 months for mid-market.

Tier 2 — Replatform (months). Apps that benefit from moving to Azure SQL Managed Instance, App Service, or AKS without code changes. You keep the application logic but modernize the runtime. Expect 3 to 9 months depending on the number of apps and the regression test coverage you have or don't have.

Tier 3 — Refactor (quarters to years). Monolith to microservices, on-prem batch jobs to Functions or Container Apps, SSRS reports to Power BI. This is real engineering work. Do not let anyone quote this in weeks. Budget the refactor against the business value it unlocks, not against "cloud savings" — the savings rarely pay for the refactor alone.

Tier 4 — Rebuild or retire. If an application is a 2008-era VB6 or Classic ASP app with no tests and no documentation, the honest answer is usually "replace it with a SaaS product or a rewrite." Lifting it to Azure just relocates the technical debt.

What We'd Actually Do

If a customer comes to us with 50 to 200 servers and a mix of Windows and Linux workloads, here's the pattern we recommend more often than not:

  • Identity and endpoint management: go Microsoft. Entra ID Premium P2, Intune, Defender. The integration savings are real.
  • Steady-state production workloads: private cloud. Proxmox or VMware in a colo, or a managed private cloud. Cheaper, more predictable, you keep control.
  • Bursty, dev/test, and new cloud-native workloads: Azure. Pay for elasticity where elasticity is valuable.
  • Backup and DR target: Azure Blob with immutable storage. Ransomware-resistant, geo-redundant, and billed by the GB.
  • Regulated or public-facing compliance workloads: Azure, in the appropriate sovereign region. Let Microsoft's certifications do the heavy lifting.

This hybrid approach is unfashionable in cloud marketing but common in practice. Total cost of ownership usually beats all-in Azure by a meaningful margin for steady-state workloads, and you keep the Azure benefits where they matter.

Three Takeaways

  1. Azure is not a cost-cutting move for most workloads. If your business case depends on saving money versus on-prem, sharpen your pencil — the numbers usually only work out after three years and only for workloads with significant elasticity.
  2. Identity is the real Azure moat. The value of a single Entra-backed identity plane across M365, Windows endpoints, and cloud workloads is the thing that's hardest to replicate on AWS or GCP.
  3. Don't migrate applications you should retire. The cheapest Azure workload is the one you decommissioned before cutover.

Talk with us about your infrastructure

Schedule a consultation with a solutions architect.

Schedule a Consultation
Talk to an expert →