Trace Id is missing
August 10, 2022

Modernizing Microsoft 365 with a move to Windows containers on Azure Kubernetes Service (AKS)

Technical Story

The COVID-19 pandemic turned online communication and collaboration tools into essential services overnight. For Microsoft 365—the worldwide productivity cloud used by 200 million monthly home, business, and enterprise users—the difficult times accelerated a push to modernize application hosting infrastructure and to streamline release management processes.

Microsoft Corporation

Microsoft 365 represents the work of multiple development teams, writing millions of lines of code over the years. How do you approach a complex project like that? Microsoft Experiences and Devices (E+D), the group responsible for Windows and Office, answered the question with a move to Windows containers on Azure Kubernetes Service (AKS). It’s no small feat to modernize a cloud service the size of Microsoft 365, but the investment is expected to reduce infrastructure costs significantly. In addition, the new Microsoft 365 architecture provides a more consistent, efficient DevOps experience within strict security and compliance guardrails, freeing E+D development teams to focus on iterating and innovating more quickly.

The E+D group’s experience reflects a broader industry trend, as Windows and .NET developers look to update and scale their existing code bases, reduce costs, and gain cloud-native benefits of a Kubernetes ecosystem, like resiliency, scalability, and automation. This platform-first, best-practices approach to modernization is a model that other organizations can follow.

“We're going to see substantial business savings—not just from packing applications together in AKS clusters, or using containers instead of VMs, but by creating one platform for all our application developers.”

Marc Power, Partner Software Architect, Microsoft E+D

Bringing consistency to a complex software legacy

The Microsoft 365 suite of products includes the well-known Office apps and communication and collaboration platforms, like Teams and SharePoint. Other components run across apps to deliver intelligent cloud services, such as global search, information protection, and data governance. The architecture uniting these products and services came together more than a decade ago. Today it’s a mix of monolithic services and newer microservices.

During the pandemic, the cloud services supporting Microsoft 365 scaled to meet the unprecedented surge in remote work, but the sudden shift led the E+D group to identify gaps in processes and capabilities. It’s not easy to pivot a massive, global cloud footprint composed of a multitude of services maintained by hundreds of independent teams. Microsoft 365 represents a huge engineering effort. Over time, teams had developed their own ways of handling change management, specifying physical capacity, establishing high availability, setting up network routing and traffic management, and applying business policies—and the list goes on. Running such highly variable services had become too costly, impacting not just the budget but also processes and productivity.

“We stepped back and said, ‘How can we approach service hosting more consistently?’” recalls Microsoft E+D Partner Software Architect Marc Power.

The variety of Azure services meant standardizing the technology was a key to increasing this consistency. “We could promote a number of compute platforms for various use cases,” Power explains, “but the minute we do that, we lose some degree of consistency. We’re deliberately trying to be uniform and prescriptive.”

Packing apps and services into Windows containers

The vision of a consistent, uniform, and prescriptive platform solidified around Windows containers on AKS. Containers provide a lightweight, isolated environment that promotes consistent development and deployment. Soon, thousands of E+D developers accustomed to running services on the Windows stack with deep dependencies on Windows APIs were learning about containers and Kubernetes, the popular orchestration environment that started out on Linux.

“It was a big change in the team’s mindset,” recalls Microsoft E+D Principal Product Manager Anasua Banerjee. But as developers shifted their focus from bare-metal infrastructures and monolith architectures, she saw how excited they became about the experiences they could build using microservices and containers. Banerjee points out, “People were saying, ‘You mean I get container-based isolation, Kubernetes-based agility, monitoring, load-balancing, and auto-scaling, but I can still use IIS, .NET Framework, and all the Windows OS features that I've always used?’ They were interested to hear about AKS features and see how it works.”

The cluster autoscaler may be a star feature of Kubernetes, but AKS, as a hosted Kubernetes service, helps simplify the deployment and management of clusters by offloading the operational overhead to Azure. As the new computing power behind Microsoft 365, AKS provides a security-optimized, hardened host operating system with weekly patches, node image auto upgrade, and planned maintenance schedules. AKS also makes it easy to interoperate with Azure security, identity, cost management, and migration services.

For E+D application developers, the new architecture provides a unified programming environment. Change management controls perform compliance checks as part of an automated continuous integration (CI) and continuous deployment (CD) pipeline. Built-in approval checks give developers self-service access to the Azure resources they need, preventing them from accidentally promoting a bad build or inadvertently changing resources in the production environment. In addition, centralized capacity management lets the business optimize resource utilization and costs, while allowing the developers to focus on developing their applications. Developers can still use their choice of programming languages, hardware, and software environments, while honing their focus on building, deploying, and testing new features and services quickly.

Banerjee says the changes have had a deep, positive impact across Microsoft 365 development teams. “Since we started, more teams have formed to come up with the best working models, share best practices, and help other teams onboard faster and speed up migrations.” In addition, having a modern platform “definitely helps with hiring and retaining talent,” she notes. In the past, Microsoft trained developers and operators to use its proprietary cluster tools. Now it can hire people with Kubernetes skills. That talent isn’t exclusively devoted to Windows, either, as the move to AKS means Linux support is now available for Microsoft 365 developers.

Azure Subscription Technical Architecture
The architecture supporting Microsoft 365 runs highly scalable services in Windows containers hosted on AKS clusters.

Applying best practices in DevOps: Deployment rings

For any organization considering a move to Windows containers on AKS, the Microsoft 365 teams have the following advice: take time when choosing the first candidates for containerization, and invest in DevOps practices. Their updated architecture supports both new and existing DevOps practices and tools, including Microsoft Visual Studio and Azure DevOps Services. To reduce errors and to speed releases, the E+D group implemented deployment rings, a best practice that exposes new releases gradually and validates them, while limiting the impact on the platform’s users.

The new release management workflow starts when application developers make a change to their code. Using Azure Pipelines or Docker, they package their services as a container and push the image to Azure Container Registry. The automated CI/CD pipeline deploys the containers to test clusters on AKS, where any issues can be detected and fixed. Only after a release passes all validation checks can it be pushed to the early ring and previewed before graduating to the production environments. Using deployment rings, teams have an automated, consistent process that speeds up releases. Instead of hours or days, it takes only seconds or minutes to build and release changes.

Azure DevOps Workflow Overview
The DevOps workflow uses deployment rings to ensure the consistency and quality of releases. 

Deployment rings give the E+D developers some leeway to adjust to changes in the Microsoft 365 platform as it evolves. The gradual rollouts also provide a source of data to the AKS product team, which partnered with the E+D group to address any issues that came up during what proved to be one of the largest AKS migrations to date.

“When a cloud platform accepts the challenge of running one of the largest communication and productivity apps in history, you can expect to push the limits,” according to Harpreet Singh Juneja, Microsoft 365 Lead Product Manager. “Ultimately, the close collaboration between our teams has been a win for Microsoft customers,” he says.

Taking a global productivity platform to the next level

The decision to modernize the infrastructure supporting Microsoft 365 was the beginning of a multiyear effort that’s still underway. “The underlying architecture before was missing the benefits of Azure—the flexibility, the new hosting models, and the specialized hardware,” Power states. Thanks to Windows containers on AKS, now Microsoft 365 has the infrastructure consistency it needs to accelerate development, along with the cost savings that shared computing capacity brings.

The E+D group’s experience directly benefits the development of AKS, too. "Microsoft is all in on Windows, Kubernetes, and Windows containers," Power adds. "The AKS product team supports our own businesses at an incredibly high quality and scale. That's something that should give any customer confidence in Windows containers on AKS."

“With Microsoft 365, we’re focused on efficiency and performance on a very large scale, and AKS proved to be up to the challenge.”

Marc Power, Partner Software Architect, Microsoft E+D

Take the next step

Fuel innovation with Microsoft

Talk to an expert about custom solutions

Let us help you create customized solutions and achieve your unique business goals.

Drive results with proven solutions

Achieve more with the products and solutions that helped our customers reach their goals.

Follow Microsoft