Home Azure Azure Landing Zone – Reference architecture

Azure Landing Zone – Reference architecture

Azure · 23. March 2024

The Landing Zone for the Microsoft Cloud environment is a reference architecture that supports companies in the secure and scalable provisioning of Azure resources.

What are the 5 focus topics when designing the Azure Landing Zone?

Security

The Landing Zone provides a secure environment in which sensitive data and applications are protected. This includes security measures such as multi-factor authentication, network security and access controls.

Scalability

The zone is designed to adapt easily and quickly to changing business requirements. We achieve this, for example, through the use of automated scripts and templates.

Governance

Effective governance is important in order to manage the landing zone effectively and optimize operations. This includes, for example, defining roles and responsibilities, implementing policies and monitoring the use of resources.

Cost efficiency

A landing zone should be designed in such a way that the costs of operating Azure resources are minimized. This includes, for example, optimizing resource utilization and using Azure cost management tools.

Automation

The automation of processes is important in order to improve the efficiency and scalability of the landing zone. This includes, for example, the automation of deployments and updates as well as configuration and change management.

Conclusion

Always plan your environment to be scalable. Build your “Architectural Runway” within sight, e.g. for your 1000 employee company. It does not need multiple landing zone subscriptions, and don’t make it too complicated, especially at the beginning.

Here is the Microsoft for an Mission Critical reference architecture:

Azure Mission Critical Architecture Landing Zone
Azure Mission Critical Architecture Landing Zone

Source: Mission-critical baseline architecture in an Azure landing zone

The landing zone should be in a separate subscription in which the shared resources are created.

Microsoft documents often recommend the use of multiple subscriptions, but this only makes sense in larger environments.
If you want to familiarize yourself with this topic and design such a solution as an architect, whether network, security or infrastructure, you should take a look at the Microsoft reference documents on the Cloud Adoption Framework.

Azure landing zone conceptual architecture
Conceptual Architecture

Source: Azure landing zone architecture

You can find more reference architectures on the Microsoft Azure Architecture Center website here and you can find out how to implement the right naming conventions right from the start here.

If you already started your journey and you want to review what was already build, I highly recommend the tool Azure Quick Review.

Spread the knowledge
Avatar for Andreas Hartig
Andreas Hartig
Andreas Hartig - MVP - Cloud and Datacenter Management, Microsoft Azure

Related Posts

IT and OT and a dragon IT architect from the shadowrun world walking through a production plant taking notes without humans
IT-Architecture

IT and OT: Bridging the Gap with Modern Infrastructure Management

· 10. May 2025

For decades, Operational Technology (OT) and Information Technology (IT) have operated in parallel silos, each serving distinct purposes. However, the rise of IoT, Industry 4.0, and cloud-driven automation has forced…

Spread the knowledge
Read more
Azure Service Lifecycle and a dragon IT architect from the shadowrun world reading an ebook on a notebook without showing text on the book and with Azure icons on the book cover
IT-Architecture

Azure Service Lifecycles: Understanding Preview and GA Releases – 2025

· 3. May 2025

Azure Service Lifecycles are an important part of your roadmapping. When using them you’ll often encounter terms like Private Preview, Public Preview, and General Availability (GA). Understanding these phases is…

Spread the knowledge
Read more
Azure and draw.io and how to use icons shapes with a dragon IT architect from the shadowrun world
IT-Architecture

Azure architecture icons in your Documents

· 19. April 2025

If you need to document your Azure setup or showcase a new solution design, it’s best to utilize the official Azure Architecture Icons. Introduction Creating Azure architecture diagrams is essential…

Spread the knowledge
Read more
Azure Managed Disk Types 2025 with a dragon IT architect from the shadowrun world
Azure

Azure Managed Disk Types – 2025

· 12. April 2025

Azure offers a variety of managed disk types tailored to different workloads and performance needs. Azure Managed Disk Types Azure provides Standard SSD, Premium SSD, Standard HDD, and Ultra Disk…

Spread the knowledge
Read more
Automatic Virtual Machine Activation with a dragon IT architect from the shadowrun world
Azure

AVMA – Simplifying Offline Device Activation

· 29. March 2025

AVMA can help in the ever-evolving world of IT, where managing software licenses across virtual machines (VMs) can be a daunting task, especially when dealing with offline devices. Traditional methods…

Spread the knowledge
Read more
An IT Architect dragon from the Shadowrun universe looking at an IT architectural drawing, themed around Azure and Active Directory naming conventions
Azure

Azure Arc – ReservedResourceName issue Onboarding

· 22. March 2025

On premise and Azure naming conventions and reserved resource names do collide, when you do an Azure Arc Onboarding with an ReservedResourceName error. It is important to remember the Azure…

Spread the knowledge
Read more