Features
What are the features and what do they mean for you?
For Customers: What PAA does for your business
This guide explains PAA’s features from your perspective — what you can do with each capability and how it helps your organization succeed.
1. AI-Powered Architecture Assessment
What You Can Do
Chat with 20 Specialized AI Agents
Ask questions about your Azure architecture in plain language and receive expert-level guidance. Each agent specializes in a different domain:
| Agent | What It Helps You With |
|---|---|
| Cloud Architect | Design new Azure architectures aligned with Microsoft best practices |
| Security Architect | In-depth security assessments with OWASP, NIST, CIS benchmarks, and threat modeling |
| Security Compliance | Evaluate your security posture against industry standards |
| Cost Optimization | Find ways to reduce your Azure spend without sacrificing performance |
| Reliability Review | Identify single points of failure and improve availability |
| Networking Review | Analyze your network topology and security |
| Kubernetes/Container Architect | AKS/EKS/GKE architecture assessment, pod security, service mesh |
| Data Platform Architect | Data lakehouse, ETL/ELT, governance, ML platform assessment |
| DevOps/Platform Engineer | CI/CD maturity, IaC, GitOps, platform engineering |
| Disaster Recovery | Plan backup and recovery strategies with RTO/RPO analysis |
| FinOps Architect | Cloud financial operations maturity assessment |
| M365 Architect | Assess your Microsoft 365 security and governance |
| IaC Engineer | Generate Terraform and Bicep infrastructure-as-code |
Get Automated Findings
PAA automatically generates findings when it detects issues in your architecture. Each finding includes:
- Severity classification (Critical, High, Medium, Low)
- Affected resources
- Remediation guidance with step-by-step instructions
- Compliance framework mapping (ISO 27001, NIS2, SOC 2, GDPR)
AI Agent Availability by Plan
| Plan | Agents Available |
|---|---|
| Free | 4 agents (Cloud Architect, Router, Requirements, Diagram) |
| Team | 15 agents |
| Business / Enterprise | All 20 agents |
Business Impact
| Benefit | What It Means for You |
|---|---|
| Faster Architecture Reviews | What used to take days with consultants now takes hours with AI |
| Consistent Quality | Every assessment follows Microsoft Well-Architected Framework standards |
| Actionable Guidance | Move from “what’s wrong” to “how to fix it” immediately |
| Audit-Ready Documentation | Findings map to compliance frameworks your auditors recognize |
2. Agent Memory — AI That Learns Your Organization
What You Can Do
PAA agents now remember what they learn about your organization across all sessions. Instead of starting from scratch every time, agents automatically apply the context they’ve built up from your previous assessments and conversations.
What Agents Remember
| Memory Category | What Gets Stored |
|---|---|
| Your Architecture Patterns | The recurring patterns and design decisions specific to your environment |
| Common Issues | Problems that come up repeatedly in your assessments |
| Remediation Outcomes | What fixes worked (and what didn’t) in your specific environment |
| Domain Vocabulary | Your internal terminology, product names, and team structures |
| Architecture Decisions | Key decisions your team has made and the reasoning behind them |
| Risk Tolerance | Your organization’s risk appetite and compliance priorities |
How It Works
Memory is automatically extracted from assessments — no manual input required. When agents detect patterns or important facts about your environment, they save them for future sessions.
You can also:
- View all stored memory entries from the Agent Memory page
- Enable or disable individual entries
- Adjust the confidence level of stored facts
- Delete entries that are no longer accurate
- Control which categories are active
Confidence Scoring
Each memory entry has a confidence score (0–100). Over time, facts that keep appearing in assessments gain higher confidence, while older, unconfirmed facts decay. You can set a minimum confidence threshold below which entries won’t be injected into new conversations.
Business Impact
| Benefit | What It Means for You |
|---|---|
| Smarter Conversations | Agents know your environment without you explaining it every time |
| Increasingly Accurate Guidance | Advice gets better the more you use PAA |
| Organizational Context | Agents understand your terminology, not just generic Azure concepts |
| Consistent Assessments | Key decisions from past reviews are factored into future ones |
Available on all plans.
3. Azure Compliance & Health Monitoring
What You Can Do
Monitor Your Azure Environment in Real-Time
Connect your Azure subscriptions and PAA continuously monitors your environment for issues:
| Capability | What You Get |
|---|---|
| Resource Health | See which resources are unavailable, degraded, or experiencing issues |
| Orphaned Resources | Find unattached disks, unused IPs, and idle resources wasting money |
| Tag Compliance | Ensure every resource has required tags for cost allocation |
| Encryption Compliance | Verify all storage, disks, and databases are properly encrypted |
| ARM Limits | Get alerts before you hit subscription limits (role assignments, resource groups) |
| Storage Security | Detect public blob access, shared key access, and outdated TLS |
| Resource Locks | Find critical resources without deletion protection |
| Naming Conventions | Validate resource names against Cloud Adoption Framework patterns |
Track Your WAF Health Score
See a single score (0-100) for each Well-Architected Framework pillar:
- Reliability — Is your architecture resilient to failures?
- Security — Are you protected against threats?
- Cost Optimization — Are you spending efficiently?
- Operational Excellence — Can you maintain and monitor effectively?
- Performance Efficiency — Does your architecture scale?
Business Impact
| Benefit | What It Means for You |
|---|---|
| Stop Wasting Money | Orphaned resource detection typically finds 5-15% cost waste |
| Prevent Outages | Resource health monitoring catches issues before users notice |
| Prove Compliance | Show auditors your encryption, tagging, and governance posture |
| Track Improvement | WAF scores let you demonstrate progress to leadership |
Azure scanning available on Business plans and above.
4. Identity & Security Scanning
What You Can Do
Scan Your Identity Plane for Risks
Most cloud breaches happen through identity compromise, not infrastructure vulnerabilities. PAA scans where attackers actually target:
| Scan | What It Finds |
|---|---|
| Service Principal Credentials | Expired credentials, soon-to-expire secrets, credential sprawl |
| Privileged Service Principals | SPs with dangerous Graph API permissions (Global Admin, Exchange Admin) |
| Federated Identity Audit | Unauthorized trust relationships on managed identities |
| Application Registrations | Rogue apps, credential injection, external owners |
| Managed Identity Permissions | Over-privileged managed identities with risky RBAC roles |
| Key Vault Security | 8 hardening checks including soft-delete, purge protection, network access |
| Public Resource Exposure | Storage, SQL, Cosmos DB, AKS, and 8 more resource types exposed to internet |
| Guest User Risk | Privileged guest accounts and stale external users |
Business Impact
| Benefit | What It Means for You |
|---|---|
| Catch What Defender Misses | Identity-layer checks complement Microsoft Defender’s resource-focused scanning |
| Prevent Breaches | Over-privileged service principals are the #1 vector for cloud compromise |
| Satisfy Pen Testers | Find the same issues your red team would find — before they do |
| Reduce Attack Surface | Every privileged SP or public endpoint is a potential entry point |
Available on Business plans and above.
5. Zero Trust Assessment
What You Can Do
Connect Your M365 Tenant
Configure a service principal to collect configuration data from your Microsoft 365 tenant:
- Conditional Access policies
- Authentication methods
- Directory roles and members
- Intune device compliance policies
- Defender for Office 365 settings
- SharePoint and Teams governance
Run Deterministic Security Checks
PAA evaluates your tenant against Microsoft’s Zero Trust model with 14+ checks across four pillars:
| Pillar | Example Checks |
|---|---|
| Identity | MFA enforcement, legacy auth blocked, PIM enabled, risk-based Conditional Access |
| Devices | Device compliance policies, app protection policies, EDR enabled |
| Data | Sensitivity labels published, DLP policies covering workloads |
| Security Operations | Unified audit log enabled, Secure Score above threshold |
Get Your Zero Trust Score
See per-pillar scores (0-100) and an overall posture score with:
- Pass/fail status for each check
- Structured evidence for audit documentation
- Severity-weighted scoring (Critical failures hurt more)
- Trend tracking over time
Generate Remediation Playbooks
For each failed check, get tenant-specific remediation guidance:
- Step-by-step instructions
- PowerShell scripts you can run
- Prerequisites and rollback procedures
- Estimated implementation time
Business Impact
| Benefit | What It Means for You |
|---|---|
| Baseline Your Security | Know exactly where you stand against Zero Trust best practices |
| Track Improvement | Scheduled assessments show your security posture improving over time |
| Satisfy Auditors | Deterministic checks produce verifiable, audit-ready evidence |
| Prioritize Remediation | Severity scores tell you what to fix first |
| Combine with Azure | Hybrid assessments give you one view of infrastructure + tenant security |
Available on Business plans and above.
6. Microsoft 365 Security
What You Can Do
Assess Your M365 Configuration
Run AI-powered assessments of your Microsoft 365 tenant without needing Azure subscriptions:
| Questionnaire | What It Covers |
|---|---|
| M365 Security Baseline | 26 questions: Identity, Email Security, Collaboration, Endpoint, Information Protection, Monitoring |
| M365 Governance | 15 questions: Teams lifecycle, SharePoint governance, Exchange, Compliance, Operations |
Automated Security Checks
PAA runs 275 automated checks against industry-standard benchmarks:
| Framework | Checks | What It Validates |
|---|---|---|
| CIS M365 Benchmark v6.0.0 | 83 | CIS Microsoft 365 Foundations Benchmark — identity, data management, Intune, audit logging, storage, MDM, Power BI / Microsoft Fabric governance |
| CISA SCuBA Baseline | 77 | US government standard for M365 security — Entra ID, Exchange, Defender, Teams, SharePoint, Power Platform |
| Maester Custom | 71 | Community-driven checks for Conditional Access, Identity, Privileged Access, and Application security |
| EIDSCA | 44 | Entra ID Security Config Analyzer checks on authorization, conditional access, authentication |
CIS Benchmark Coverage (v6.0.0)
| Section | Coverage Area |
|---|---|
| Section 1 | Account/Authentication (identity controls, MFA, Conditional Access) |
| Section 2 | Application Permissions |
| Section 3 | Data Management |
| Section 4 | Microsoft Intune (device compliance policies, configuration profiles) |
| Section 5 | Auditing (unified audit log, mailbox auditing) |
| Section 6 | Storage (SharePoint, OneDrive sharing and access) |
| Section 7 | Mobile Device Management |
| Section 8 | Microsoft Defender |
| Section 9 | Power BI / Microsoft Fabric (data governance, external sharing, export controls) |
Track Security Trends
See how your M365 security posture changes over time:
- Framework compliance scores by assessment date
- New failures and regressions highlighted
- Time-to-remediate metrics
Business Impact
| Benefit | What It Means for You |
|---|---|
| Prove CIS Compliance | Generate evidence for SOC 2, ISO 27001, and enterprise audits |
| Meet Government Requirements | CISA SCuBA compliance for federal contracts |
| Move Beyond Questionnaires | Automated checks replace manual self-assessment |
| Unified Compliance View | M365 findings alongside Azure infrastructure in one dashboard |
Available on Business plans and above.
7. Cloud Sovereignty & Migration
What You Can Do
Assess Your Sovereignty Risk
Evaluate your cloud workloads for data sovereignty, operational sovereignty, and software sovereignty:
| Assessment | What You Learn |
|---|---|
| Sovereignty Score | Overall sovereignty posture (0-100) with breakdown by dimension |
| Data Residency Map | Which data is in EU/EEA vs. non-EU jurisdictions |
| Jurisdiction Risk | Which workloads are exposed to CLOUD Act, Schrems II, or other legal risks |
| Vendor Dependency | How locked-in you are to specific cloud providers |
Plan Your Exit Strategy
If you need to migrate away from US hyperscalers (or prepare to do so):
| Capability | What It Provides |
|---|---|
| Workload Portability Scoring | High/Medium/Low portability rating for each workload type |
| Lock-in Identification | Specific services and features creating vendor dependency |
| European Provider Mapping | Which European providers offer alternatives to your Azure/AWS services |
| Migration Timeline | Phased migration plan with estimated effort and risk |
Generate Migration Playbooks
Step-by-step migration playbooks for six workload types:
| Workload | Example Steps |
|---|---|
| VMs | Export, convert, import to European IaaS with networking reconfiguration |
| Kubernetes | Cluster backup, manifest export, target cluster setup, workload migration |
| Databases | Schema export, data migration, connection string updates, validation |
| Identity | Entra ID to Keycloak migration with user provisioning |
| Monitoring | Azure Monitor to Prometheus/Grafana with dashboard recreation |
European Compliance Frameworks
| Framework | What It Covers |
|---|---|
| EUCS | EU Cybersecurity Certification Scheme (Basic/Substantial/High) |
| BSI C5 | German Federal Office for Information Security cloud security |
| SecNumCloud | French ANSSI cloud security qualification |
| Gaia-X | European data infrastructure trust framework |
| TISAX | Automotive industry information security assessment |
| ENS | Spanish National Security Framework |
Business Impact
| Benefit | What It Means for You |
|---|---|
| Navigate Regulatory Pressure | NIS2, DORA, and GDPR are increasing data sovereignty requirements |
| Reduce Legal Risk | Understand CLOUD Act exposure and Schrems II transfer risks |
| Plan Before You’re Forced | Having an exit strategy ready gives you negotiating leverage |
| Find European Alternatives | Know which European providers can replace your US services |
| Demonstrate to Regulators | Sovereignty dashboard shows your compliance posture |
Available on Enterprise plans and above.
8. Change Monitor — Drift Detection
What You Can Do
Detect When Your Live Environment Diverges from Your Architecture
Infrastructure changes constantly. A developer spins up a resource, someone modifies a firewall rule, or a service gets reconfigured. PAA’s Change Monitor catches these changes and tells you when your live environment no longer matches your documented architecture.
Set Up Automated Scan Schedules
Define when to scan using simple cron expressions:
- Daily scans at off-peak hours
- Weekly comprehensive reviews
- On-demand scans triggered at any time with one click
Track Your Drift Score Over Time
The drift score (0-100) tells you how much your live environment has diverged from your baseline:
- A score of 0 means everything is as documented
- Higher scores indicate more undocumented changes
- Trend chart shows your drift history over 30 days
Review Scan Results
Each scan produces a detailed report showing:
- How many resources were scanned
- How many findings were detected
- Severity breakdown (Critical, High, Medium, Low)
- Which specific resources have drifted
Business Impact
| Benefit | What It Means for You |
|---|---|
| Catch Unauthorized Changes | Know immediately when someone makes an undocumented configuration change |
| Maintain Architecture Integrity | Ensure your live environment stays aligned with approved designs |
| Simplify Audits | Demonstrate continuous compliance monitoring to auditors |
| Reduce Security Risk | Unauthorized changes are often the source of security incidents |
Available on Business plans and above.
9. Impact Analysis
What You Can Do
Map Your Architecture as a Dependency Graph
Build an interactive map of how your services, applications, and infrastructure components depend on each other. When a component has a problem, PAA shows you exactly what else would be affected.
Visualize Blast Radius
Select any component and instantly see its “blast radius” — all the downstream services that would be impacted if that component failed or changed:
- View the dependency graph at different depths (1–5 hops)
- Click through to component details
- Identify critical path dependencies
Analyze Change Impact Before Making Changes
Before making a change to a component, run an impact analysis to understand:
- Which services will be affected
- Risk severity of the impact
- Whether a maintenance window is required
- Recommended precautions
Sync from Assessments
Your dependency map can be automatically populated from assessment results — no need to build it manually.
Business Impact
| Benefit | What It Means for You |
|---|---|
| Safer Changes | Understand the full blast radius before touching anything in production |
| Faster Incident Response | When something breaks, immediately see what else is affected |
| Architectural Clarity | A visual map of how everything connects clarifies what your team has built |
| Better Change Management | Evidence-based impact assessment for change approval processes |
10. Visual Architecture Design
What You Can Do
Design Architectures Visually
Drag and drop Azure services onto a canvas instead of describing them in text:
| Feature | What It Does |
|---|---|
| Node Palette | Browse 50+ Azure service icons organized by category |
| Drag-and-Drop Canvas | Place services, connect them, organize into clusters |
| Smart Connections | Label your connections (e.g., “HTTPS”, “Private Endpoint”) |
| Auto-Layout | One-click organization of your diagram |
| Clusters | Group resources into VNets, subnets, or resource groups |
Get AI Validation
Let the Design Critic agent review your visual architecture:
| Check Type | What It Catches |
|---|---|
| Security Gaps | Missing network security groups, public endpoints, unencrypted connections |
| Reliability Concerns | Single points of failure, missing redundancy, no disaster recovery |
| Cost Inefficiencies | Over-provisioned resources, unused reserved capacity |
| WAF Alignment | Deviations from Microsoft Well-Architected Framework |
Auto-Fix Issues
When the critic finds issues, click “Auto-Fix” to:
- See exactly what changes will be made
- Review the reasoning behind each fix
- Apply changes with one click
- Undo if you don’t like the result
Export Your Diagrams
Save your visual architectures as:
- PNG images for documentation
- SVG files for presentations
- Persisted specs for future editing
Business Impact
| Benefit | What It Means for You |
|---|---|
| Design First, Then Build | Validate architectures before writing any code |
| Catch Issues Early | Adversarial review finds problems when they’re cheap to fix |
| Communicate Clearly | Visual diagrams are easier to share with stakeholders than text |
| Consistent Quality | AI validation ensures every design meets the same standards |
Available on Team plans and above.
11. Portfolio Dashboard
What You Can Do
See the Big Picture Across All Your Projects
The Portfolio Dashboard aggregates data from all your projects and assessments into a single view — giving you an organization-wide health score instead of having to check each project individually.
Health & Risk Metrics
| Metric | What You See |
|---|---|
| Overall Health Score | A single number representing your portfolio’s overall architecture health |
| WAF Scores by Project | Average Well-Architected Framework scores across all projects |
| Risk Distribution | Total findings by severity (Critical, High, Medium, Low) across all projects |
| Mean Time to Resolve | How quickly your team typically closes findings |
| Overdue Findings | Findings that have exceeded their target resolution date |
Compliance Across Frameworks
See your compliance posture for ISO 27001, NIS2, SOC 2, GDPR, and other frameworks aggregated across all your projects — not just for one assessment at a time.
Cost Intelligence
| Feature | What It Shows |
|---|---|
| Total Cloud Spend | Aggregated Azure spending across all subscriptions |
| Period-over-Period Comparison | How spend changed vs. the previous period |
| Identified Savings | Total savings opportunities found by AI across all projects |
| Cost Anomalies | Unexpected spend spikes detected by pattern analysis |
Project Comparison
Compare all your projects side by side — health scores, open findings, WAF scores, document counts, and last activity — so you know which project needs attention most.
Business Impact
| Benefit | What It Means for You |
|---|---|
| Executive Reporting | One dashboard to show leadership the state of your entire portfolio |
| Prioritize Attention | Immediately see which projects are falling behind |
| Unified Compliance View | Compliance across all frameworks in one place |
| Track Savings | See the total value PAA has identified across all your assessments |
12. Projects & Document Management
What You Can Do
Organize Work into Projects
Group related assessments, documents, and findings into projects that reflect your organizational structure — by business unit, application, team, or cloud environment.
Document Library
Every document PAA generates is stored and versioned:
- Assessment reports
- Architecture documents
- IaC code (Terraform, Bicep)
- Executive summaries
- Review findings
Document Versions
Track every change to a document:
- See the full edit history
- Compare versions side by side
- Roll back to a previous version
Document Workflows
Move documents through approval stages:
- Draft → Review → Approved → Published
- Assign reviewers with notifications
- Review history preserved for audits
Assessment Templates
Create reusable assessment templates for your most common review types:
- Pre-defined questionnaire structures
- Standard finding categories
- Custom scoring criteria
Business Impact
| Benefit | What It Means for You |
|---|---|
| Institutional Knowledge | Assessment outputs are organized and searchable, not buried in email |
| Repeatable Process | Templates ensure consistent assessment quality across teams |
| Change Control | Document versioning proves what was assessed and when |
| Reduced Onboarding Time | New team members can get up to speed from the document library |
13. Professional Reports & Exports
What You Can Do
Generate Executive-Ready Reports
| Format | What You Get |
|---|---|
| PDF Reports | Branded documents with cover page, executive summary, WAF scores, findings, compliance mapping, remediation guidance |
| PowerPoint Exports | Presentation-ready slides with executive summary, WAF radar chart, top findings, recommendations |
| AI Executive Summaries | One-page C-level summary covering architecture health, key risks, critical findings, and priority actions |
Multi-Language Support
Generate all documents in:
- English
- German
- French
- Dutch
Set a default language per tenant or choose per document.
Share with Stakeholders
Create secure, time-limited links to share assessment results:
- Set expiration (up to 30 days)
- Read-only access
- No sign-in required
- Audit trail of views
Report Branding
Customize your reports with your company identity:
- Upload your logo
- Set your company display name
- Choose a theme
- Add custom footer text
Business Impact
| Benefit | What It Means for You |
|---|---|
| Board-Ready Presentations | PowerPoint exports are ready for leadership meetings |
| Customer Deliverables | PDF reports can be shared with your customers or stakeholders |
| Global Teams | Multi-language support for international organizations |
| Secure Sharing | External stakeholders can view without PAA accounts |
14. Workflow Integrations
What You Can Do
Jira Integration
Create Jira issues directly from PAA findings:
- Automatic severity-to-priority mapping
- Custom field mapping
- Bidirectional status sync
- Test connection from Settings
ServiceNow Integration
Generate ServiceNow records from findings:
- Create incidents or change requests
- Custom table and field mapping
- Status synchronization
Slack & Teams Notifications
Receive notifications in your team channels when:
- An assessment completes
- A critical finding is detected
- A document is generated
- A finding is resolved
Webhook Events
Receive HTTP notifications when events occur:
- Assessment complete
- Finding created or resolved
- Document generated
- Critical finding detected
Configure:
- Webhook URL
- Event type filtering
- Delivery log with retry
GitHub Document Sync
Automatically save generated documents to your GitHub repository:
- IaC code (Terraform, Bicep)
- Architecture documents
- Assessment reports
CI/CD Pipeline Integrations
Integrate PAA assessments into your CI/CD pipeline:
- Trigger assessments from pipeline events
- Gate deployments on assessment pass/fail
- Receive webhook notifications on pipeline events
Business Impact
| Benefit | What It Means for You |
|---|---|
| No Context Switching | Findings flow into your existing ITSM workflow |
| Automatic Ticketing | Stop manually copying findings into Jira or ServiceNow |
| Real-Time Alerts | Webhooks notify your systems immediately when issues are found |
| GitOps Friendly | Generated IaC goes straight to your repository |
Jira, ServiceNow, and Slack/Teams available on Business plans and above. Webhooks and GitHub available on Team plans and above.
15. Team Collaboration
What You Can Do
Comment on Findings
Discuss findings with your team directly in PAA:
- Threaded conversations
- @mention team members for notifications
- Comment history preserved
Assign Ownership
Assign findings to team members:
- Set due dates
- Bulk assignment from findings list
- Filter by “My Assignments”
- Track resolution status
Audit Logging
Complete audit trail of all actions:
- Who viewed what
- Who changed what
- Export for GDPR Subject Access Requests
- Retention from 30 days (Free) to 730 days (Enterprise)
Team Invitations and Roles
Invite colleagues and control what they can see:
- Admin — full control
- Member — create and edit assessments
- Viewer — read-only access
Business Impact
| Benefit | What It Means for You |
|---|---|
| Clear Accountability | Every finding has an owner and due date |
| Faster Resolution | Discuss and resolve issues without leaving PAA |
| Compliance Evidence | Audit logs prove who did what and when |
| Team Visibility | Everyone sees the same findings and progress |
16. Enterprise Security & Compliance
What You Can Do
Single Sign-On
Sign in with your corporate identity provider:
- Microsoft Entra ID (included)
- SAML/OIDC (coming soon)
Multi-Tenant Workspaces
Organize your work into separate tenants:
- Isolate customer or project data
- Separate teams or business units
- Role-based access within each tenant
GDPR Compliance
PAA is designed for GDPR compliance:
- Data export for Subject Access Requests
- Data deletion on request
- Audit logging of all data access
- EU data residency
Privacy Controls
- Control data retention periods per entity type
- Request full account deletion
- Export all your data at any time
Business Impact
| Benefit | What It Means for You |
|---|---|
| Enterprise-Ready | SSO, RBAC, and audit logs meet enterprise procurement requirements |
| Data Isolation | Multi-tenant architecture keeps sensitive data separate |
| Regulatory Compliance | GDPR features help you meet your own compliance obligations |
| Data Sovereignty | EU-hosted infrastructure for data residency requirements |
17. Fractional Architect
What You Can Do
The Fractional Architect plan gives you everything in Enterprise plus 8 hours per month with a dedicated cloud architect — a real human expert available to help with your most complex challenges.
Book Consultation Sessions
Request a session online in minutes:
- Choose your consultation type (Architecture Review, Security Assessment, Cost Optimization, Strategy, Emergency)
- Describe your challenge and what you want to achieve
- Provide up to 3 preferred time slots
- Link related assessments or documents to give the architect context
- Receive booking confirmation within 4 hours
Consultation Types
| Type | When to Use |
|---|---|
| Architecture Review | Review a new or existing design with an expert |
| Security Assessment | Deep-dive security review with a certified architect |
| Cost Optimization | Identify and prioritize cost reduction opportunities |
| Strategy Session | Roadmap planning, cloud adoption strategy |
| Emergency | Critical issues requiring urgent expert attention |
After Each Session
Receive a structured session record with:
- Executive summary and key takeaways
- Prioritized recommendations with effort estimates
- Action items with owners and due dates
- Recording and transcript (where available)
- Follow-up recommendations
Track Your Hours
The usage dashboard shows:
- Hours used vs. included this month
- Hours already booked in upcoming sessions
- Hours still available to book
- Breakdown by consultation type
Additional Hours
Need more than 8 hours in a month? Additional hours are available at EUR 500/hour.
Commitment
Fractional Architect has a 3-month minimum commitment. Early cancellation incurs a fee based on remaining months.
Business Impact
| Benefit | What It Means for You |
|---|---|
| Expert On Demand | Access a senior cloud architect without the cost of a full-time hire |
| AI + Human | AI handles routine assessments; humans tackle your most complex problems |
| 4-Hour Response | Booking requests are confirmed within 4 hours during business hours |
| Continuity | Your dedicated architect builds deep knowledge of your environment over time |
EUR 5,000/month with 3-month minimum commitment.
18. Subscription Tiers
Choose Your Plan
| Tier | Monthly | Best For |
|---|---|---|
| Free | EUR 0 | Individual exploration and evaluation |
| Team | EUR 499 | Small teams getting started (up to 5 users) |
| Business | EUR 1,299 | Mid-market organizations (up to 25 users) |
| Enterprise | EUR 2,499 | Large organizations (unlimited users) |
| MSP | EUR 200 | Managed service providers managing client tenants |
| Fractional Architect | EUR 5,000 | Enterprise + 8 hours/month with a human architect |
What’s Included
| Feature | Free | Team | Business | Enterprise |
|---|---|---|---|---|
| AI Agents | 4 | 15 | All 20 | All 20 |
| Sessions/month | 10 | 50 | 500 | Unlimited |
| Users | 1 | 5 | 25 | Unlimited |
| Visual Diagram Editor | - | Yes | Yes | Yes |
| Drift Detection | - | - | Yes | Yes |
| Azure Scanning | - | - | Yes | Yes |
| Jira/ServiceNow | - | - | Yes | Yes |
| Slack/Teams | - | - | Yes | Yes |
| API Access | - | - | Yes | Yes |
| Compliance Reporting | - | - | - | Yes |
| Sovereignty Dashboard | - | - | - | Yes |
What Can You Actually Do Each Month?
| Tier | Chat Conversations | Full Assessments | Document Generation | Real-World Usage |
|---|---|---|---|---|
| Free | ~15-20 | 1-2 | 2-3 | Explore the platform, run a trial assessment |
| Team | ~150-200 | 10-15 | 20-30 | Small team doing weekly architecture reviews |
| Business | ~1,500+ | 100+ | 200+ | Mid-size org with multiple projects and regular assessments |
| Enterprise | ~7,500+ | 300+ | 1,500+ | Large org with heavy daily usage across multiple teams |
Token Overage Pricing
For Team, Business, Enterprise, and Fractional Architect tiers, you can exceed your monthly limit and pay only for what you use:
| Metric | Value |
|---|---|
| Overage Price | EUR 0.024 per 1K tokens (EUR 24 per million tokens) |
| Warning | You’ll be notified at 80% of your limit |
| Billing | Overage is added to your monthly invoice |
| Hard cap option | Available for budget-conscious organizations |
What does overage cost in practice?
| Overage Activity | Tokens Used | Cost |
|---|---|---|
| 100 extra chat conversations | ~400K | EUR 9.60 |
| 10 extra full assessments | ~1M | EUR 24 |
| 50 extra document generations | ~1M | EUR 24 |
Most customers never exceed their limit. For those who do, overage ensures you’re never cut off during critical work.
Annual Discount
| Tier | Monthly | Annual (×12) | Annual Save |
|---|---|---|---|
| Team | EUR 499 | EUR 4,790 | ~EUR 200 |
| Business | EUR 1,299 | EUR 12,470 | ~EUR 1,100 |
| Enterprise | EUR 2,499 | EUR 23,990 | ~EUR 2,000 |
MSP Partner Program
For managed service providers managing multiple clients:
- EUR 200/month platform fee
- Up to 100 child tenants
- 20% discount on child tenant subscriptions
- Aggregated billing and usage analytics
19. Coming Soon
On Our Roadmap
| Feature | What It Will Do |
|---|---|
| AWS Cloud Architect | Extend PAA to assess AWS architectures with Well-Architected Framework alignment |
| Azure OpenAI Support | Use your own Azure OpenAI deployment for data sovereignty requirements |
| Terraform Cloud Integration | Analyze IaC state for drift and architecture compliance |
| SAML/OIDC SSO | Connect to any enterprise identity provider |
| White-Label for MSPs | Custom domain, branding, and email sender for partners |
| GRC Module | Governance, Risk, and Compliance management with evidence collection |
Request a Feature
Your input shapes our roadmap. Contact us at:
- Email: [email protected]
- In-app feedback: Use the feedback button
- Customer success: Talk to your account manager
Getting Started
1. Sign Up
Create a free account to explore PAA’s capabilities.
2. Connect Azure
Add your Azure subscription credentials to enable scanning.
3. Run Your First Assessment
Start a chat session and ask the Cloud Architect to review your architecture.
4. Review Findings
See the issues PAA found, prioritized by severity.
5. Fix and Track
Use remediation guidance to fix issues and track your progress over time.
Last Updated: 2026-03-01
