Architecture & Stack

Built on Azure. Engineered for enterprise.

QueryNow Search runs entirely inside your Azure tenant. Here is exactly what powers it, how the search pipeline works, and why it meets the security bar for regulated industries.

Architecture overview

Five layers working together inside your Azure subscription.

Presentation Layer

Context-aware search interface that adapts to queries

React + TypeScript

Type-safe frontend with server-side rendering

Generative UI Engine

Dynamic forms, cards, and action panels based on query intent

shadcn/ui + Recharts

Accessible component library with analytics dashboards

Azure Static Web Apps

Global CDN distribution with integrated authentication

Intelligence Layer

AI orchestration for understanding and acting on queries

Azure OpenAI Service

GPT-4 for natural language understanding and response generation

Vector Embeddings

Dense vector representations for semantic similarity search

Intent Detection

Classifies queries into search, action, or navigation intents

RAG Pipeline

Retrieval-Augmented Generation grounded in your enterprise data

Search & Indexing Layer

Hybrid search combining keyword precision with semantic understanding

Azure AI Search

Vector + keyword hybrid search with BM25 and HNSW algorithms

Security Trimming

Real-time permission checks against M365 and Entra ID

Skillsets & Enrichment

Automated OCR, entity extraction, key phrase detection

Scheduled Indexing

Incremental crawls with change tracking for near-real-time freshness

Connector Layer

MCP framework for universal enterprise system connectivity

Model Context Protocol

Standardized connector interface for any data source

Python Azure Functions

Serverless connector logic with auto-scaling

Microsoft Graph API

Native M365 integration: SharePoint, Teams, OneDrive, Outlook

REST API Adapters

Workday, ServiceNow, Salesforce, SAP, and custom systems

Infrastructure Layer

Enterprise-grade Azure services, fully reproducible

Bicep IaC Templates

Version-controlled, repeatable deployments in under 30 minutes

Azure Key Vault

Secrets management for API keys, connection strings, certificates

Azure SQL Serverless

Metadata, analytics, audit trails with auto-pause for cost savings

Azure Blob Storage

Document cache and processing pipeline staging

How a search query works

From keystroke to answer in under 2 seconds.

Query Intake

#01

User enters natural language query. The system captures context: user role, department, location, and recent interactions.

Intent Classification

#02

Azure OpenAI classifies the query as search, action, or navigation. "Reset my password" triggers an action flow. "Q3 revenue" triggers search.

Hybrid Retrieval

#03

Parallel vector similarity search (semantic) and BM25 keyword search. Results fused using Reciprocal Rank Fusion for optimal relevance.

Security Trimming

#04

Each result checked against the user's M365 permissions in real time. Users never see documents they shouldn't access.

RAG Generation

#05

Top results fed to GPT-4 as grounded context. The model synthesizes a direct answer with citations back to source documents.

Generative UI

#06

The response is rendered as an adaptive interface: answer cards, action forms, document previews, or workflow triggers, not just text.

Security architecture

Designed for HIPAA, SOC 2, ISO 27001, and FedRAMP environments.

Zero Data Exfiltration

All data stays within your Azure tenant. No data is sent to QueryNow servers. No telemetry, no usage analytics leave your environment.

Entra ID Authentication

Single sign-on via Microsoft Entra ID (Azure AD). No separate credentials. MFA enforcement inherited from your existing policies.

Network Isolation

Deploy within your VNet with private endpoints. Azure Private Link ensures traffic never traverses the public internet.

Encryption at Rest & Transit

AES-256 encryption for data at rest. TLS 1.3 for data in transit. Customer-managed keys supported via Azure Key Vault.

Audit & Compliance

Full audit trail of every search query, action taken, and document accessed. Exportable logs for HIPAA, SOC 2, and ISO 27001 compliance.

RBAC & Least Privilege

Managed identities with minimum-privilege access. No shared secrets between services. Key Vault for all sensitive configuration.

MCP Connector ecosystem

Model Context Protocol provides a universal adapter for any enterprise system. Add new connectors without touching the core platform.

M365

SharePoint Online

M365

Microsoft Teams

M365

OneDrive for Business

M365

Outlook / Exchange

HCM

Workday

HCM

SAP SuccessFactors

ITSM

ServiceNow

ITSM

Jira / Confluence

CRM

Salesforce

CRM

Zendesk

Storage

Box

Productivity

Google Workspace

Communication

Slack

Custom

Custom REST APIs

Custom Connector SDK

Build connectors for internal systems using the MCP framework. Python-based SDK with authentication helpers, incremental crawling, and schema mapping.

Infrastructure costs

Monthly Azure costs (typical 1,000 users)

Azure AI Search (Standard S1)

$250/mo

Azure OpenAI Service

$50–$150/mo

Azure Functions (Consumption)

$0–$10/mo

Azure SQL Serverless

$25–$65/mo

Azure Static Web Apps (Standard)

$9/mo

Azure Logic Apps

$2–$15/mo

Azure Key Vault

~$0.15/mo

Azure Blob Storage

$1–$5/mo

Estimated total$337–$504/mo

These are Azure pay-as-you-go costs billed directly to your subscription. QueryNow does not charge monthly fees. All pricing reflects current Azure rates and typical usage patterns.

See the architecture in your environment

We'll walk through every layer, show you the deployment templates, and answer any security or compliance questions.

Schedule a technical deep-dive View deployment process