Run GEIST on Foundry.
Foundry is a great PaaS — 11,000 models, 1,400 connectors, Entra Agent ID, Foundry IQ. What it doesn't ship is the application: the talent management system, the EU pay transparency engine, the multitenancy. Build that yourself for ~$1.2-2.0M and 12-18 months — or deploy GEIST on your Azure tenant in 10-14 weeks and use Foundry as the infrastructure layer.
11,000+ models. Foundry Model Router for cost/quality tradeoffs. We use the catalog as our backbone via Azure OpenAI endpoints.
Stateless containerized agent runtime, Entra Agent ID per agent, built-in File Search / Code Interpreter / Deep Research. We integrate with these as tools (see roadmap below).
Managed RAG over SharePoint, Fabric, M365. We can pull Foundry IQ content into GEIST's scoped knowledge bases as a source.
Defender, Purview, Sentinel — Microsoft-native security and compliance posture. GEIST inherits all of this when deployed in your Azure tenant.
Microsoft is explicit about this: Foundry is a development platform. The vertical application, multitenancy, domain integrations, and compliance enforcement are the customer's responsibility. That work takes 12-18 months and ~$1.2-2.0M to build well — and you have to maintain it forever.
| Capability | Foundry alone | GEIST |
|---|---|---|
| Production vertical applications | Building blocks only — customer assembles | TalentGEIST, PayGEIST, DermGEIST, LearnGEIST, AgentGEIST ship as deployable applications |
| Multitenant data isolation | Customer architects tenant boundaries | Platform → Vertical → Instance → Tenant → User scope hierarchy with row-level security, built in |
| Domain-specific connectors | 1,400+ generic connectors — wire them yourself | 24 connectors with domain schema knowledge baked in (PeopleXD V28, Epic FHIR R4, Workday, Salesforce, M365, SharePoint) |
| PII safety across providers | Azure Content Safety — configure yourself, one-way redaction | Reversible PII tokenization — strip before LLM, restore in response. HIPAA 18-identifier patterns |
| Per-tenant cost tracking | Aggregate cost reporting only | Per-user, per-tenant, per-app metering and quotas |
| Time to production | 12–18 months custom build (~$1.2–2.0M Year 1) | 10–14 weeks to deploy on customer's Azure tenant |
Verified in the GEIST codebase and competitive analysis, March 2026.
GEIST's architecture already abstracts cloud dependencies. Most of the migration is configuration; only secret management and blob storage need new adapters (~3-4 weeks engineering). The full deployment plan is below.
| Component | Azure equivalent | Notes |
|---|---|---|
| Container orchestration | Azure Container Apps (ACA) or AKS | GEIST uses SSE — ACA viable; AKS for max control |
| Database | Azure PostgreSQL Flexible Server + pgvector | Wire-compatible, zero schema migration |
| Cache / queue | Azure Cache for Redis (Premium P1) | Required for Streaq Streams |
| Object storage | Azure Blob Storage | AzureBlobBackend adapter (~1 week) |
| Secrets | Azure Key Vault | AzureKeyVaultClient adapter (~2-3 weeks) |
| AI inference | Azure OpenAI / Foundry catalog | AzureOpenAIEmbedder ships today (3072 dims, exact match) |
| SSO / identity | Microsoft Entra ID | SAML 2.0 SP fully implemented — config only |
| Monitoring | Azure Monitor + Application Insights | OTLP endpoint config only |
10–14 wk
Migration time (2 engineers)
Low cost
Azure infra cost (ACA, EU region)
EU West
Primary region — GDPR compliant
Production today
Alpha
We map every GEIST component to your Azure SKU set, estimate the migration timeline, and identify which Foundry services to adopt vs keep in GEIST. 30-minute architecture review — bring your IT and procurement leads.