Savoy Systems
Azure-native software for enterprise teams
Explore what we’ve built:
Two products, one mission
Pick the path that matches your Azure agreement change. Both run inside your tenant and restore the cost reporting you already rely on.
Azure CSP Cost & Usage Continuity
CSP Continuity
Cost & usage continuity through Azure CSP transitions. Preserve your tenant-wide cost reporting, Power BI dashboards, historical data, and API access through a CSP move — without rebuilding anything.
- Consolidated cost visibility across all subscriptions
- Restores tenant-wide cost API access
- Same Power BI column names and DAX measures
EA → MCA Cost Reporting Continuity
MCA Continuity
Moving from EA to MCA? Keep Azure cost reporting working in Power BI — no Fabric required. A drop-in replacement with the same column names and DAX, a unified EA + MCA history, and ~30-minute setup.
- Drop-in Power BI replacement — no dashboard rebuild
- Unified EA + MCA cost history in one timeline
- No spend cap, no refresh timeouts, no Fabric
Not sure which? Choose CSP Continuity if you're moving to (or already on) a Cloud Solution Provider, or MCA Continuity if you're migrating from an Enterprise Agreement to a Microsoft Customer Agreement.
Security by design
Built for security-conscious Azure environments
Savoy Systems software deploys entirely inside your own Azure tenant, holds only read-only permissions, sends none of your cost data anywhere, and stores everything in resources you own and control.
All data stays in your tenant
The application, its database, storage, and dashboards deploy into a resource group in your own subscription. Your cost data is never sent to Savoy Systems or any third party — no telemetry, trackers, or callbacks.
Least-privilege, read-only identity
Runs as a system-assigned managed identity holding only read-only Cost Management and Reservations roles — it cannot modify, move, or delete anything. No standing credentials or shared keys ever leave your tenant.
Authenticated and fail-closed
Every dashboard, page, and API requires sign-in through your own Microsoft Entra ID. It is fail-closed from the moment it deploys, with a second authentication check enforced in application code.
Encrypted in transit and at rest
HTTPS is enforced everywhere with a TLS 1.2 minimum; the database and storage are encrypted at rest by the Azure platform. Storage is private — no public blob access.
No shipped or shared secrets
Every credential is generated inside your tenant at deploy time — no two installations share a secret. The single onboarding script is SHA-256 verifiable, and dependencies are pinned and bundled with no runtime fetches.
Hardened, audited, and yours to control
Database auditing runs with 90-day retention, insecure management surfaces are disabled, and Azure’s managed-app boundary blocks unauthorized changes — while you keep full read visibility. Suspend or delete anytime; your data stays.
Reflects a full internal security audit — covering injection, authentication and authorization, secrets handling, infrastructure configuration, data egress, and web application security — with findings remediated and verified before release. Published by Savoy Systems on the Azure Marketplace.