Azure Orchestrator Agent
The Azure Orchestrator is currently in active development. This page outlines the planned architecture and capabilities. We'll update it as features ship.
What we're building
Managing Azure infrastructure at scale is verbose. Whether you're working with Azure Resource Manager (ARM) templates or the Azure Terraform provider, provisioning even a basic setup requires navigating hundreds of resource types across networking, identity, compute, and data services — each with its own configuration nuances.
The Azure Orchestrator Agent will automate this. Following the same proven Deep Agent architecture as the AWS Orchestrator, this agent will take natural language requests and generate production-ready Azure Terraform modules through a research-driven, multi-agent pipeline.
Planned architecture
The Azure Orchestrator will mirror the AWS Orchestrator's Supervisor → Coordinator → Sub-agent hierarchy, adapted for the Azure ecosystem:
Key differences from AWS
| Aspect | AWS Orchestrator | Azure Orchestrator (Planned) |
|---|---|---|
| Provider | hashicorp/aws | hashicorp/azurerm |
| Research source | Terraform Registry (AWS provider docs) | Terraform Registry (Azure provider docs) |
| Security standards | CIS AWS Benchmarks | CIS Azure Benchmarks, Azure Security Baseline |
| Identity model | IAM roles + policies | Azure AD, Managed Identities, RBAC |
| Networking | VPC, subnets, SGs | VNet, subnets, NSGs, Application Gateway |
Shared components
The Azure Orchestrator will reuse the same battle-tested infrastructure:
- Same Deep Agent pattern — Supervisor → Coordinator → Sub-agents
- Same Terraform MCP Server — queries live provider docs for
azurermresources - Same GitHub MCP Server — commits modules via API
- Same HITL governance — mandatory commit gates, optional cost gates
- Same skill system — per-service blueprints that prevent hallucinated configs
- Same sandbox validation —
terraform init,fmt,validate
Planned capabilities
Azure services (initial target)
| Category | Services |
|---|---|
| Compute | AKS, Virtual Machines, App Service, Azure Functions |
| Networking | VNet, Subnets, NSG, Application Gateway, Front Door, Private Link |
| Storage | Blob Storage, Azure Files, Managed Disks |
| Database | Cosmos DB, Azure SQL, Azure Database for PostgreSQL |
| Identity | Azure AD, Managed Identity, RBAC role assignments |
| Security | Key Vault, Azure Firewall, DDoS Protection |
| Monitoring | Azure Monitor, Log Analytics, Application Insights |
Example requests (what you'll be able to do)
"Create an AKS cluster with system and user node pools, Azure CNI networking, and AAD integration."
"Generate Terraform for an Azure SQL managed instance with private endpoint and geo-replication."
"Set up a VNet with hub-spoke topology — hub has Azure Firewall, spokes peer back with UDR routing."
Roadmap
| Phase | Target | Status |
|---|---|---|
| Phase 1 | Core module generation (AKS, VNet, Storage) | 🔨 In development |
| Phase 2 | Security hardening (CIS Azure Benchmarks, Managed Identity) | 📋 Planned |
| Phase 3 | Module updates via GitHub MCP | 📋 Planned |
| Phase 4 | Cross-cloud modules (Azure + AWS in one request) | 📋 Planned |
Stay updated
- ⭐ Star the TalkOps repo to get notified when Azure support ships
- 💬 Join our Discord to follow development updates
- 📝 Request a feature — tell us which Azure services to prioritize