The Day Microsoft Understood Permissioned Blockchains

Microsoft has been dabbling into the blockchain space for a few years now with different offerings on its cloud platform. The blockchain as a service(BaaS) offering in the Azure platform has long been considered one of the most complete stacks in the market but it always felt that it was missing some critical components for mainstream adoption in real world scenarios. While you could certainly rapidly provision blockchain networks across different runtimes with Azure Workbench, the stack was lacking tools and frameworks to simplify the development and lifecycle management of Web3 applications. Not surprisingly, most of the first generation applications in the Azure BaaS were mostly constrained to use a ledger as a record keeping repository but not much more beyond that. In anticipation of the Build conference this week, Microsoft unveiled a new group of services and frameworks designed to address some of the biggest challenges in the implementations of permissioned blockchain applications in the real world.

Building permissioned blockchain solutions in today’s ecosystem is a road full of challenges for most organizations. From integration to monitoring, there are dozens of capabilities of permissioned blockchain solutions that require sizable development efforts in real world implementations. While the challenges are many, they can be summarized in three main groups.

Microsoft’s latest blockchain release is based on three fundamental building blocks focus on the aforementioned challenges:

· Azure Blockchain Service: A new managed cloud service that enables the creation and management of blockchain networks.

· Blockchain Dev Kit and VS Code Extensions: A series of libraries and tools that streamline the creation of smart contracts and its integration with external systems.

· CCF Framework: An infrastructure framework for the implementation of private and high performant transactions in permissioned blockchain networks.

Azure Blockchain Service

Azure Blockchain Service can be considered the cornerstone of Microsoft BaaS stack. A native cloud service, Azure Blockchain Service simplifies the provisioning and management of consortium blockchain networks in a consistent infrastructure. The current version of the Azure Blockchain Service is optimized for J.P Morgan’s Quorum blockchain runtime but other platforms are expected to be supported in the future.

One of the main capabilities of the Azure Blockchain Service is the rapid creation of permissioned blockchain networks managed by security policies in Azure Active Directory(AD). The integration with Azure AD is incredibly relevant as it enables authentication, access control and privacy policies which are very common in permissioned blockchain applications. Azure Blockchain Service uses the concept of members to denote entities in a permissioned blockchain networks. Members are typically associated with Ethereum accounts which keys and permissions are automatically managed by the Azure Blockchain Service.

Azure Blockchain Service expands beyond the consortium creation by providing tools for monitoring the health and transaction activity in a network. Additionally, the service supports integration with popular Ethereum clients such as MetaMask and Geth as well as block explorers such as BlockScout or Web3 Labs’ Azure Blockchain Service Explorer.

Blockchain Dev Kit and VS Code Extensions

If the Azure Blockchain Service is responsible for managing the infrastructure of permissioned blockchain applications, the Blockchain Development Kit is in charge of the development experience. The Azure Blockchain Development Kit is a framework that streamline the implementation of sophisticated smart contracts in permissioned blockchain applications. By sophisticated, I mean smart contracts that are able to integrate with external applications or be managed and versioned as traditional software assets. The Development Kit is complemented by the Blockchain Extensions for VS Code which expediate the creation and deployment of smart contracts in a familiar IDE.

Integration is certainly the hallmark of the Azure Blockchain Development Kit. In permissioned blockchain applications, communication and integration with external systems and services is an omnipresent challenge. The current version addresses smart contract integration in four different dimensions:

· Connect: Enabling smart contract integration with data providers such as SMS gateways, mobile-IOT devices as well as bots and assistants.

· Integrate: Enabling smart contracts to access data from databases, line of business systems or document management systems. The Azure Development Kit powers this level of integration with smart contracts relying on platforms like LogicApps or Flow which contain hundreds of connectors.

· Accelerators: These are end-to-end solutions of common patterns in permissioned blockchain smart contracts. A couple of the accelerators in the current version target scenarios such as document attestation or ownership registries.

· DevOps: These are smart contracts that embed DevOps best practices in areas such as testability, versioning or deployment.

The blockchain extensions for VS code integrate smart contract development into familiar IDE tools. The blockchain extension enables the creation and deployment of smart contracts into the Azure Blockchain Service following similar practices to other Azure services. Instead of switching from one tool to the other, now Solidity developers can leverage an integrated experience that includes most of the benefits of VS Code.


Privacy and scalability are at the center of requirements in permissioned blockchain applications. Most permissioned blockchain stacks haven’t been optimized to execute high performance computations. At the same time, privacy in always a challenge in a consortium model in which different members are part of the same distributed ledger. Microsoft’s Confidential Consortium Framework (CCF) has been on the works for over a year to try to address these requirements and now it has been finally open sourced. CCF relies on trusted execution environments (TEEs) such as SGX and VSM to execute private transaction without relying on a shared network.

The idea of CCF is to complement permissioned blockchain networks with TEEs enclaves which cryptographically protected computations are executed. In that model, the enclave associated with each node in the network (where cryptographically protected data is executed) can decide whether it can trust the enclaves of other nodes based on mutual attestation exchange and mutual authentication, regardless of whether the parties involved trust each other or not. This enables high levels of privacy while enabling the execution of high performance transactions.

This release of the Azure blockchain stack feels grounded in requirements of real world permissioned blockchain applications. The combination of the Azure Blockchain Service, the Development Kit and CCF address some of the foundational challenges of permissioned blockchain solutions while also leveraging many of the core capabilities of the Azure platform.