Azure Landing Zone

August 29, 2023

 Easier to use

One of the biggest challenges with cloud adoption is orchestrating a flawless migration process. Transitioning to the cloud is such a critical stage in cloud implementation that it determines the resulting cloud infrastructure’s efficiency, safety, and governance. You have to plan the cloud transition or migration just right to get the most out of your cloud investment and ensure that the hosted processes meet your organization’s needs.
An Azure landing zone is an environment that follows key design principles across eight design areas. These design principles accommodate all application portfolios and enable application migration, modernization, and innovation at scale. An Azure landing zone uses subscriptions to isolate and scale application resources and platform resources. Subscriptions for application resources are called application landing zones, and subscriptions for platform resources are called platform landing zones

 Azure landing zone architecture

An Azure landing zone architecture is scalable and modular to meet various deployment needs. A repeatable infrastructure allows you to apply configurations and controls to every subscription consistently. Modules make it easy to deploy and modify specific Azure landing zone architecture components as your requirements evolve.

The Azure landing zone conceptual architecture (see below figure) represents an opinionated target architecture for your Azure landing zone. You should use this conceptual architecture as a starting point and tailor the architecture to meet your needs.
A diagram of a system with a lot of icons on it.

Design areas: The conceptual architecture illustrates the relationships between its eight design areas. These design areas are Azure billing and Azure Active Directory tenant (A), identity and access management (B), resource organization (C), network topology and connectivity (E), security (F), management (D, G, H), governance (C, D), and platform automation and DevOps (I).


Resource organization: The conceptual architecture shows a sample management group hierarchy. It organizes subscriptions (yellow boxes) by management group. The subscriptions under the "Platform" management group represent the platform landing zones. The subscriptions under the "Landing zone" management group represent the application landing zones. The conceptual architecture shows five subscriptions in detail. You can see the resources in each subscription and the policies applied.

Azure Landing Zones design areas

Building a Landing Zone involves configuring, populating, and customizing various cloud computing aspects to develop a suitable cloud deployment framework for a particular use case or requirement. Azure provides eight main design areas for creating and customizing a Landing Zone. These are also the fundamental principles for planning cloud migrations, and not just on Azure:

  1. Enterprise enrolment: Represents the billing mechanism and the company’s relationship with Microsoft. It revolves around creating, activating, and managing Microsoft services subscriptions, licenses, and payment plans.
  2. Identity and access management (IAM): Access control underpins security and compliance in any cloud infrastructure. IAM erects a security boundary that allows only permitted users, apps, and services to access protected corporate resources hosted on the cloud.
  3. Resource organization: Focuses on how subscriptions, resources, and solutions are set up in order to align with specific goals. This means finding the most efficient resource combination for cloud migration.
  4. Network topology and connectivity: The networking aspect looks at how various resources and tools communicate with each other, within and outside the cloud environment.
  5. Business continuity and disaster recovery: Ensures you have measures in place to keep the business running in case of a disruption. For instance, you might want a continuity or recovery plan that kicks in after a data loss incident.
  6. Governance policies: A good cloud governance model gives you visibility and control over your cloud investments, usage, and security.
  7. Deployment options: Involves configuring the various solutions, tools, and resources for integration onto the Azure platform.
  8. Operations baseline: Represents the minimum standards (in terms of security, control, networking, performance, application portfolio, etc.) you must achieve in order to successfully port, run, and manage workloads on Azure.


Need help deploying Landing Zones and migrating to Azure?

Moving from an on-prem IT setup to a cloud infrastructure is a delicate and technically demanding venture. But Eubitech is here to lend you a helping hand in deploying the stepping stones to cloud migration and fully implementing the Azure platform. We specialize in helping organizations adopt Microsoft solutions and integrate them into their everyday operations.