Operational Model
Ownership Model
TenantZero AI is deployed entirely within the customer's Azure subscription. There is no shared tenancy, no SaaS control plane, and no vendor-managed infrastructure.
| Aspect |
Owner |
| Azure subscription |
Customer |
| Terraform state |
Customer |
| Encryption keys |
Customer |
| Data at rest and in transit |
Customer |
| Network configuration |
Customer |
| Identity and access |
Customer |
| Module source code |
Provided by TenantZero, maintained by customer |
Responsibility Matrix
| Activity |
Responsibility |
Frequency |
| Infrastructure provisioning |
Terraform (automated) |
On change |
| Module upgrades |
Customer ops team |
Per release cycle |
| Secret rotation |
Customer ops team |
Per policy (90-day recommended) |
| RBAC review |
Customer security team |
Quarterly |
| Policy compliance review |
Customer security team |
Monthly |
| Cost monitoring |
Customer finance/ops |
Monthly |
| Incident response |
Customer ops team |
On event |
| Drift detection |
CI/CD pipeline (automated) |
Daily recommended |
| Backup verification |
Customer ops team |
Monthly |
| Disaster recovery testing |
Customer ops team |
Annually |
Environment Lifecycle
Provisioning
- Configure
terraform.tfvars from the provided example
- Set up remote backend (Azure Blob Storage)
- Run
terraform init and terraform plan
- Review plan output for resource creation and cost impact
- Run
terraform apply with approval
Day-2 Operations
- Monitor service health through Log Analytics dashboards
- Review Azure Policy compliance reports for drift
- Tune diagnostic retention and alert thresholds
- Scale AI Search replicas/partitions based on query load
- Adjust OpenAI model deployment capacity based on token usage
Change Management
Changes follow the promotion path: dev -> staging -> prod.
| Stage |
Gate |
| Code change |
PR review + terraform validate |
| Dev deploy |
Automated on merge to main |
| Staging deploy |
Manual approval in CI/CD |
| Prod deploy |
Manual approval + maintenance window |
Incident Response
- Triage: Log Analytics workspace per environment for scoped investigation
- Alerts: Azure Monitor rules for auth failures, service health, cost thresholds
- Rollback: Revert Terraform code and re-apply (forward-fix preferred)
- Escalation: Review destructive diffs before applying to state-sensitive resources
Support Model
| Tier |
Scope |
SLA |
| Azure Platform |
Microsoft Azure support (customer's support plan) |
Per customer agreement |
| Infrastructure Code |
Module maintenance and upgrades |
Per engagement terms |
| Application Layer |
Not in scope (customer-owned) |
N/A |
Compliance Touchpoints
| Control |
Implementation |
| Data residency |
Azure region selection via location variable |
| Encryption at rest |
Azure-managed keys (default) or CMK via Key Vault |
| Encryption in transit |
TLS enforced on all services |
| Access control |
Microsoft Entra ID + managed identities |
| Network isolation |
Private endpoints + private DNS |
| Audit logging |
Diagnostic settings to Log Analytics |
| Policy enforcement |
Azure Policy baseline (allowed locations, private-only) |
Exit Strategy
All infrastructure is customer-owned:
- Terraform state is stored in customer's storage account
- No external dependencies on vendor-hosted services
- All resources can be managed directly via Azure portal or CLI
- Module source code is delivered and can be forked/maintained independently