Running Affinity in the Cloud: Expert Perspectives Content Series
This blog series brings insights from leading infrastructure providers on hosting Affinity in cloud environments. These posts are designed to give the Affinity user community practical insights, tips, and proven strategies for running your practice management system in modern Cloud environments.
The second post of this series is by Robert Cox, Founding Director at Innessco. Innessco currently hosts over 25 firms running Affinity in Microsoft Azure environments, their choice to deliver secure, scalable solutions tailored for legal practices. In this post, Robert shares his thoughts on how running Affinity in Azure can simplify protecting your entire IT environment while meeting Essential Eight guidelines.
(Robert’s previous post, “Thinking about Running Affinity in the Cloud? Microsoft Azure is a Proven, Scalable, and Secure Option”, can be found here.)
Moving Affinity to a cloud environment isn’t just about flexibility. It also gives your firm something even more valuable: a simpler, stronger way to secure your entire IT environment.
Many firms running Affinity on-premises value the sense of control that comes from having their systems in their own office. In practice, however, this also means the firm is responsible for securing and maintaining the entire IT environment. Some cloud-based practice management systems address this by delivering the PMS as SaaS (software-as-a-service). While this model strongly secures the application itself, law firms need to protect the systems and data around it, including email, files, desktops, and user identities.
For firms running Affinity, hosting your solution in Microsoft Azure offers a strong alternative. Instead of securing systems individually, your practice management system, email, documents, and devices can all operate within the same secure Microsoft platform. Everything sits under one umbrella, governed by Microsoft’s enterprise-grade security tools.
Simplifying Your Approach to the Essential Eight
The Essential Eight is the Australian Government’s guide to keeping organisations safe from cyber threats. It defines eight practical strategies that help minimise the risk of ransomware, data breaches, and account compromise.
For law firms, meeting the Essential Eight (Maturity Level 2) isn’t just about ticking boxes. It’s about keeping client data safe, complying with professional obligations, and maintaining trust. When your firm follows these standards, you can confidently demonstrate to clients and insurers that your systems meet government-grade security requirements.
Running Affinity in Microsoft Azure is the simplest way to achieve this across all your applications, not just your practice management system. Azure and Microsoft 365 have these controls built in, centrally manages, and automatically updated, covering your entire digital environment.
The Essential Eight, Applied to Affinity in Azure
- Multi-Factor Authentication (MFA) – Enforce MFA for every user and admin. Even if a password leaks, criminals can’t log in.
- Application Whitelisting – Only approved programs (Affinity, Office, PDF tools, Dictation etc.) can run on your Cloud PCs or AVD. Everything else is blocked.
- Patching Applications & Operating Systems – Updates for Windows, Office, and Affinity are deployed on schedule and monitored through Microsoft Intune.
- Restrict Administrative Privileges – Standard users can’t install software or change settings. Administrators use time-limited, audited access through Privileged Identity Management.
- Configure Office Macros & User Application Hardening – Microsoft 365 disables risky macros and blocks unsafe content automatically.
- Multi-layered Backup – Azure Backup protects your servers and files with daily, verifiable backups and multiple restore points.
- MFA and Conditional Access – Restrict logins to Australia, block high-risk locations, and allow exceptions for staff travelling overseas.
- User Awareness & Threat Protection – Microsoft Defender alerts you to phishing, malware, and risky behaviour. Suspicious logins trigger automated responses.
Why Running Affinity in Microsoft 365 and Azure is Different
With Affinity in Azure, your firm’s entire digital environment, including servers, Cloud PCs, files, and email, sits under one secure Microsoft umbrella.
Compare this to hosting on-premises on in a private cloud. In these environments, the practical reality is that security is fragmented across different platforms, making it harder to maintain consistent protection and oversight. In the case of SaaS practice management systems, while the application itself is secured as a core service offering, security for the broader IT environment remains the responsibility of the firm.
With Microsoft 365 and Azure, you get end‑to‑end coverage and a consistent security posture, without the need to rely on multiple vendors for patching or monitoring. Your PMS, documents, and devices are all protected to the same high standard.
Takeaway
Running Affinity in the Cloud with Microsoft Azure isn’t just about flexibility, it’s about simplifying security while retaining control over performance, architecture, and security posture. You meet the Essential Eight, protect your entire firm, and manage everything through a single, trusted platform.
In the Cloud, convenience and compliance finally go hand in hand, and Azure makes it simple.
Insights provided by Robert Cox, Director and Founder at Innessco
Need help getting started?
Many firms run Affinity successfully in cloud environments. Contact your Affinity Account Manager, and we’ll connect you with experienced independent providers like Innessco if you’d like help exploring this further.
