Home Azure Azure Landing Zone – Reference architecture

Azure Landing Zone – Reference architecture

Azure · 23. March 2024

The Landing Zone for the Microsoft Cloud environment is a reference architecture that supports companies in the secure and scalable provisioning of Azure resources.

What are the 5 focus topics when designing the Azure Landing Zone?

Security

The Landing Zone provides a secure environment in which sensitive data and applications are protected. This includes security measures such as multi-factor authentication, network security and access controls.

Scalability

The zone is designed to adapt easily and quickly to changing business requirements. We achieve this, for example, through the use of automated scripts and templates.

Governance

Effective governance is important in order to manage the landing zone effectively and optimize operations. This includes, for example, defining roles and responsibilities, implementing policies and monitoring the use of resources.

Cost efficiency

A landing zone should be designed in such a way that the costs of operating Azure resources are minimized. This includes, for example, optimizing resource utilization and using Azure cost management tools.

Automation

The automation of processes is important in order to improve the efficiency and scalability of the landing zone. This includes, for example, the automation of deployments and updates as well as configuration and change management.

Conclusion

Always plan your environment to be scalable. Build your “Architectural Runway” within sight, e.g. for your 1000 employee company. It does not need multiple landing zone subscriptions, and don’t make it too complicated, especially at the beginning.

Here is the Microsoft for an Mission Critical reference architecture:

Azure Mission Critical Architecture Landing Zone
Azure Mission Critical Architecture Landing Zone

Source: Mission-critical baseline architecture in an Azure landing zone

The landing zone should be in a separate subscription in which the shared resources are created.

Microsoft documents often recommend the use of multiple subscriptions, but this only makes sense in larger environments.
If you want to familiarize yourself with this topic and design such a solution as an architect, whether network, security or infrastructure, you should take a look at the Microsoft reference documents on the Cloud Adoption Framework.

Azure landing zone conceptual architecture
Conceptual Architecture

Source: Azure landing zone architecture

You can find more reference architectures on the Microsoft Azure Architecture Center website here and you can find out how to implement the right naming conventions right from the start here.

If you already started your journey and you want to review what was already build, I highly recommend the tool Azure Quick Review.

Spread the knowledge
Avatar for Andreas Hartig
Andreas Hartig
Andreas Hartig - MVP - Cloud and Datacenter Management, Microsoft Azure

Related Posts

A dragon from the Shadow Run world working as an IT Architect and training for the Azure AZ 104 training
Azure

Azure Administrator AZ-104 – free training

· 18. January 2025

When seeking the most valuable Azure Hyperscaler certification, many individuals opt for the “The Microsoft Certified: Azure Administrator Associate (AZ-104)“. Obtaining this certification demonstrates your proficiency in managing cloud services…

Spread the knowledge
Read more
A dragon IT Architect in the shadowrun world, sitting in a datacenter and deploying an Azure VPN Gateway to his HomeLab
Azure

Connect Ubiquiti UniFi UDM to Azure VPN

· 14. December 2024

My homelab and private network are segmented by a Ubiquiti Unifi UDM Pro for security and using some features like WAN port load balancing and failover. When setting up my…

Spread the knowledge
Read more
A dragon IT Architect in the shadowrun world using the Microsoft OSConfig Powershell Module to secure his Windows Server 2025
IT-Architecture

Windows Server 2025 – Microsoft.OSConfig

· 30. November 2024

With Windows Server 2025, Microsoft introduces significant advancements in security baselines and drift control through the Microsoft.OSConfig PowerShell module, ensuring systems remain compliant and secure. What is OSConfig? With Windows…

Spread the knowledge
Read more
A dragon who is an IT Architect in the shadowrun world currently troubleshooting common DNS issues
IT-Architecture

Easy Troubleshooting Common DNS issues in Home Labs

· 16. November 2024

Setting up a home lab is a fantastic way to experiment with networking, virtualization, and various IT services. However, one of the most common issues that can arise in a…

Spread the knowledge
Read more
A dragon who is an IT Architect in the shadowrun world
IT-Architecture

Becoming an IT Architect: A Comprehensive Guide

· 2. November 2024

How do you become an IT architect and what do you need to learn to fulfill this role and “earn” this “title”? Understanding the Role The title “IT Architect” is…

Spread the knowledge
Read more
Azure Arc enabled servers with Microsoft technology and modern design, without dragons
Azure

What the best connection type to Azure Arc enable a server in 2024?

· 28. October 2024

There are several ways to connect servers to Azure and enable them with Azure Arc, including using the Azure Arc Gateway. Today we will look at the options and when…

Spread the knowledge
Read more