CIOs & IT Directors

Enterprise architecture.
Zero new infrastructure.

AMP runs on Microsoft Azure, integrates natively with Microsoft 365 and Entra ID SSO, and is architected for public agency security and data residency requirements. Your agency doesn't need new servers, new vendors, or new complexity.

View Architecture Overview Request Security Documentation

Azure-Hosted Entra ID SSO Role-Based Access Control Audit Trail on Every Action US Data Residency

IT Evaluation Criteria

What IT leaders evaluate in AMP

When IT directors and CIOs evaluate a new platform for a public agency, four categories drive the conversation. AMP is designed to answer all four with no additional infrastructure burden.

Authentication and identity

Entra ID / Azure AD SSO. SAML 2.0 support. Role-based access control with granular permission scoping by user, role, project, and data type. No separate identity management required — AMP integrates directly into your existing Microsoft identity infrastructure.

Data residency and ownership

All data stored in Azure US regions. Your organization owns your data. AMP processes data only for service delivery — never for model training, analytics, or marketing. Data residency policies are configurable for agencies with specific state or federal requirements.

Deployment model options

SharePoint Online SaaS in your M365 tenant, Cloud SaaS on Azure, or site templates deployed to your own environment. Each deployment path is purpose-built for a different IT environment. Your infrastructure, your choice — without compromising on features or support.

Integration architecture

REST API and webhook connectors for GIS, CMMS, ERP, and financial systems. No proprietary data pipes or vendor lock-in. Standard OAuth2 authentication flows. Pre-built connectors for common public agency systems with documented endpoints and schemas available upon request.

Technology Stack

AMP's technology stack

Every layer of AMP is built on enterprise Microsoft infrastructure. No exotic dependencies, no proprietary cloud lock-in outside Azure, and no components that require specialized IT expertise to maintain.

Layer	Technology	Notes
Hosting	Microsoft Azure	US data residency, enterprise SLAs
Identity	Entra ID / Azure AD	SSO, SAML 2.0, MFA support Included
Frontend	React + Azure Static Web Apps	Modern SPA architecture
Backend	Azure App Service	REST API, role-based authorization
Database	Azure SQL	Encrypted at rest and in transit AES-256
Storage	Azure Blob Storage	Document and asset storage
Integrations	REST API / Webhooks	GIS, CMMS, ERP, Power BI
Monitoring	Azure Monitor + App Insights	Real-time telemetry and alerting
M365	SharePoint Online + Entra ID	Native Microsoft 365 integration Optional

Security Posture

Security posture

AMP is architected for public agency security requirements. Every item below is available for documentation in standard agency security questionnaires and vendor review processes.

Role-Based Access Control

Granular permissions by user, role, project, and data type. Least-privilege by default. Access scoped at the record level — users see only what their role permits.

Audit Trail

Every data mutation logged with user, timestamp, action, and record state. Immutable audit log — records cannot be altered or deleted. Exportable for compliance review.

Data Encryption

Encrypted at rest (AES-256) and in transit (TLS 1.2+). Azure SQL Transparent Data Encryption enabled by default. Blob storage encrypted at the platform level.

No Public AI Training

Agency data is never used to train publicly available AI or machine learning models. AMP's AI features operate on isolated, agency-specific data only — not shared model training pipelines.

Data Ownership

Your organization owns your data. AMP does not sell, share, or license agency data. Upon contract termination, all agency data is returned or securely deleted per agency direction.

Incident Response

Defined incident response process with customer notification SLAs and remediation documentation. Security events communicated within defined windows per agreement. Post-incident reports available on request.

IT Burden

What AMP does not require from your IT team

AMP is designed to minimize IT burden, not create it. Every item below is a standard ask from public agency IT departments evaluating SaaS platforms — and each one applies here.

No new servers or on-premises infrastructure

No custom identity management — Entra ID integration out of the box

No database administration — Azure SQL fully managed

No security patching — Azure-managed infrastructure

No custom API development for standard integrations

Built for agencies already on Microsoft 365

If your agency is already using Microsoft 365 — which most public agencies are — AMP adds no new vendor relationships, no new identity systems, and no new compliance surface area. Entra ID handles authentication. Azure handles infrastructure. AMP handles the application.

deployment paths — one for every IT environment

new infrastructure requirements

identity provider — your existing Entra ID

Deployment Options

Deployment paths by IT environment

AMP offers three deployment paths to match your agency's existing infrastructure, IT governance requirements, and internal capacity. Each path delivers the full AMP feature set.

SharePoint SaaS

Deploy in your M365 tenant

AMP deploys as a SharePoint Online application within your existing Microsoft 365 tenant. Entra ID SSO included. AMP manages configuration, updates, and platform maintenance. Your IT team manages user provisioning through your existing M365 admin processes.

Entra ID SSO — no additional setup

AMP-managed updates and patches

Lowest IT overhead of all options

Cloud SaaS

Azure-hosted, no SharePoint required

AMP hosted on Azure with no SharePoint Online dependency. Azure SQL, Blob Storage, and App Service managed by AMP. Entra ID integration available. Suitable for agencies that prefer cloud SaaS delivery without M365 dependency or for agencies not standardized on SharePoint.

No SharePoint prerequisite

Entra ID integration available

AMP-managed Azure infrastructure

Self-Deploy Templates

Deploy to your own Azure environment

AMP site templates deployed to your agency's own Azure or M365 environment. Full configuration control — your infrastructure, your governance. AMP Consulting available for deployment, configuration, and ongoing support. Suitable for agencies with strong internal Azure capabilities and specific IT governance requirements.

Full infrastructure ownership

Complete configuration control

AMP Consulting support available

Security & Architecture Documentation

Request architecture documentation or security questionnaire.

AMP provides architecture diagrams, data flow documentation, security summaries, and responses to agency security questionnaires for qualified engagements. Most IT review packages are delivered within 5 business days.

Request Security Documentation View Architecture Overview