In production assuming you're using HTTP validation you're going to end up routing the well-known ACME URL requests over to your ACME client. If you have a load balancer in front you can handle it there and keep IIS totally out of it. But you could also handle the route in IIS and make a back-end request to the ACME process in your code.
Once the well-known URL on your domain is setup to route to the ACME client, then you probably want a command line client (I like 'lego') scripted to run periodically and check which certs need refreshing. The last step is getting to certs back into IIS and bound to the specific site, which can be done in Powershell.
Overall it's fairly straightforward but will take hours to get it fully working and it does adds a few moving parts to your setup. I'd say not enough ROI if you need less than a dozen certs.
The Azure situation is currently a bit of a debacle. Let's Encrypt wasn't designed with particular care toward the Windows ecosystem (or PaaS providers in general), but this guy isn't helping much either.