Operations.

Why Azure App Service

• Network adjacency to Dataverse cuts webhook latency.
• Entra ID integration on the admin side comes for free.
• Managed MySQL (Azure Database for MySQL Flexible Server) pairs cleanly.
• Scale up during meeting-night traffic spikes without touching config.
• Office already has M365; procurement paperwork is shorter.

Alternatives

The final call stays with the user. Run a scoped cost comparison once traffic estimates firm up.

Environments

• Production
• Staging (mirror of prod; integration tests run here)
• Dev (local on a builder's laptop plus a shared Azure slot)

Power Automate flows exist in three environments too. Flow promotion uses Power Platform solutions.

WordPress

• Azure App Service automated backups: daily, 30-day retention.
• MySQL flexible server: continuous backups, point-in-time restore to 35 days.
• File uploads (ACF files, PDFs, photos): Azure Blob with geo-redundant storage.
• Weekly test restore to staging on the first Sunday of each month.

Dataverse

• Dataverse keeps system backups automatically; 7-day retention on standard, 28 days on premium.
• Nate's tier-1 license covers the premium retention.
• Quarterly export to a SharePoint folder for cold archival.

MaintainX

• MaintainX hosts their own data.
• Confirm the vendor's backup and export cadence.
• Dataverse mirror in hv_work_orders is a read-only safety net; it is not a full backup.

Credentials and secrets

• SendGrid and MaintainX API keys live in wp-config.php constants or in an Azure Key Vault bound to the App Service.
• Dataverse service-account credentials live in Power Automate connection references.
• GitHub holds no secrets; commits with secrets get blocked by the existing global hook.

Monitoring: four signals

1. Magic-link delivery. SendGrid bounce webhook writes to hv_sync_log. Alert if bounces exceed 2% of daily volume.
2. Flow failures. Power Automate flow failure notifications post to Nate's Teams channel. Every failure writes hv_sync_log.status = Failed.
3. WordPress uptime. Azure Application Insights or a third-party pinger hits the homepage every minute. Alert on a 5-minute outage.
4. MaintainX proxy errors. WordPress logs proxy failures to a rotating log. Power Automate tails the log nightly; alerts on spikes.

Nice-to-have signals: form submission volume, magic-link-to-login conversion, Dataverse API usage against the daily cap.

1 · Magic-link plugin name

Gemini wrote: "Using an established plugin like Passwordless Login or Solid Security will handle generating the secure, time-sensitive tokens." Solid Security is a hardening plugin. It does not issue magic links. The correct plugins are Passwordless Login by Cozmoslabs or Magic Login Pro.

2 · MaintainX iframe embedding

Gemini wrote: "frame the MaintainX resident portal securely on the page." MaintainX sets X-Frame-Options: DENY or a strict CSP header. Iframe embedding fails. The correct pattern is a WordPress REST proxy that calls MaintainX server-side.

3 · Client-side API calls to MaintainX

Gemini wrote: "you can use JavaScript to make an API call directly to MaintainX." Browser-side calls expose the API key to every visitor. The correct pattern is a server-side proxy inside WordPress. The key lives in wp-config.php or Azure Key Vault.

4 · ACF free vs Pro

Gemini wrote: "The free version of Advanced Custom Fields (ACF) is incredibly robust and will likely cover 90% of your needs." True for a simple site. For 3,600 residents with multi-unit owners, snowbird addresses, vehicle fleets, and emergency contacts, the Repeater field is the right tool every day. ACF Pro at $49 per year is the correct call.

5 · Teams Adaptive Card multiplexing

Gemini did not flag the license-scrutiny angle. The service-account pattern works for occasional approvals. Heavy daily use across many staff may draw Microsoft scrutiny. Price out per-user Power Apps licenses if any approver crosses roughly 30 decisions per day.

6 · HOA-sites CSV export

Gemini wrote: "Legacy platforms typically allow you to export your user roster as a CSV file." Typical, not guaranteed. Confirm the exact HOA-sites export format with the vendor before planning the migration.

7 · "WordPress needs MySQL to be fast"

Gemini wrote: "WordPress expects data to live in its own MySQL database so it can quickly render pages." True for the Heritage Village use case. Oversimplified in general. Headless WordPress runs fine without local MySQL queries on every page. For this project the local-MySQL pattern is correct. The architecture note stands without overstating the rule.

D1 · Variance status dashboard or email-only

Default: build the read-only dashboard at /residents/forms/variance-status. Feed it from HV-DV-Sync-VarianceStatus. Send an email on every status change. Residents get both.

D2 · Adaptive Cards vs Power App for approvals

Default: both. Cards for one-click approvals (Sarah's newsletter opt-ins). Power App for Nate and Carol who need a richer queue.

D3 · Excel connector vs Export to Data Lake

Default: Excel connector. Data Lake is overkill for 3,600 residents. Revisit in year three if reporting volume climbs.

D4 · Directory privacy model

Default: opt-in per field. Name, unit, phone, email each separate. Default is everything hidden.

D5 · Message board gated or partially public

Default: keep fully gated for now. Revisit after launch based on community engagement.

D6 · Per-club and per-condo page maintenance

Default: minimum-content contract enforced by the CPT template. If a club or condo page goes 12 months without an update, it surfaces in a "stale pages" admin report.

D7 · Archive depth

Default: keep the last five years live on the site. Older minutes move to a "request archives" link that routes to office staff.

D8 · Accessibility target

Default: WCAG 2.2 AA. Build to it from day one. Audit before launch.

D9 · Multi-language

Default: English only at launch. Add Spanish in year two if resident demographics call for it.

D10 · Video hosting

Default: single YouTube channel for Heritage Village. Unlisted for resident-gated meetings. Public for the homepage pitch and tour videos.

Pre-migration prerequisites

1. Confirm the HOA-sites CSV export format with the current vendor.
2. Confirm the MaintainX license tier and API access level.
3. Confirm the Constant Contact subscriber export format.
4. Confirm the WebTrac public event feed format (if any).
5. Confirm the YouTube channel ownership for meeting videos.
6. Resolve the Non-Disclosure vs Non-Discrimination file mismatch flagged in the gaps file.
7. Run /site-search/ for known terms to surface orphan pages.

Launch gates

• All magic-link emails deliver to a test list of 20 residents with zero bounces.
• All seven upstream flows pass an end-to-end test.
• All five downstream flows pass an end-to-end test.
• The MaintainX proxy returns scoped data for three test residents (single-unit, multi-unit, tenant).
• The variance dashboard reflects a test submission within 60 seconds.
• The backup-and-restore drill completes on staging.
• The Azure Application Insights uptime monitor runs for a full week with zero alerts.
• All WCAG 2.2 AA checks pass on the homepage, Buyers hub, and Residents login page.

Known risks

• Vendor lock-in. Dataverse is a strategic bet on Microsoft. Exit cost is real.
• License creep. Power Platform licensing changes often. Review annually.
• Staff turnover. Nate is the single point of knowledge. Document flow library and onboarding.
• Email deliverability. Any domain-reputation hit locks residents out. Monitor SendGrid metrics.
• MaintainX API changes. The proxy is a thin seam; a breaking API change takes the dashboard offline. Version pin the integration.