Pilot Gruppe: AI Infrastructure in Their Own Azure Environment

Model-agnostic. GDPR-verified. Department-specific workspaces with access control.

Starting Point

Pilot Gruppe needed an AI infrastructure built on their existing Microsoft Azure environment. Key requirements:

  • Data sovereignty must remain within the organization
  • Authentication via existing Azure Entra ID (SSO)
  • Department-specific access control - HR data only for HR
  • Multiple AI models usable in parallel
  • GDPR-compliant with independent assessment before go-live

Implementation

Multi-Model Architecture

Instead of dependency on a single provider: model-agnostic architecture with selection per use case. Implemented models: GPT-4o, Google Gemini, Mistral, DALL-E and Flux for image generation. Employees choose the model combination themselves - depending on the task.

Access Control via Azure Entra ID

Existing security groups in Azure Entra ID were directly linked to the AI interface. No new user management, no additional authentication. Result: Marketing sees different AI models and agents than HR. Sensitive data like salaries remain within the HR security group - invisible to other departments.

Progressive Web App (PWA)

The interface was built as a PWA - runs on Windows and macOS without installation. Keyboard shortcuts for power users. Drag & drop for file upload.

GDPR Assessment Before Go-Live

The entire architecture was analyzed before go-live by Pilot Gruppe's data protection officer and by Dr. Frank Eickmeier (unverzagt.law). Positive GDPR assessment confirms compliance.

AI Agents on n8n Platform

AI agents run on the n8n platform set up in Pilot's infrastructure, accessible via multiple channels: interface, Microsoft Teams, and other collaboration channels. Human-in-the-loop is implemented: agents interact directly with relevant departments when clarification is needed.

Result

  • All data stays in Pilot Gruppe's Azure environment - GDPR-compliant
  • Existing IT infrastructure and authentication are reused
  • Model-agnostic: new models integrable without architecture change
  • Department-specific workspaces with Role-Based Access Control
  • Employees independently create AI assistants and agents
  • Cross-department agent sharing controllable by IT
  • Independent GDPR assessment before go-live

Technology

  • Microsoft Azure (client environment)
  • Azure Entra ID (SSO, RBAC)
  • n8n (agent orchestration)
  • Multiple LLMs (GPT-4o, Gemini, Mistral, DALL-E, Flux)
  • PWA (Progressive Web App)

Gosign's Contribution

Conception, implementation, deployment, training, ongoing support. Pilot Gruppe's IT department manages the infrastructure with existing Azure skills - no new tooling required.

Similar requirements? Talk to us.

We'll show you what an AI infrastructure could look like in your environment.

Book a Meeting