Overview
Azure Landing Zone is the result of a multi-subscription environment focused on Scale, Security, Governance, Networking, and Identity & Access Management. Our Azure architects will conduct a series of workshops covering the 8 design areas of Azure Landing Zone and will design, followed by the implementation of a secure, scalable, compliant, and cost-effective Azure foundation.
What Mismo Systems offers
Azure Landing Zone Design workshops (1 week)
We conduct a series of workshops around the following 8 design areas of Azure Landing Zones:
- Azure Billing and Microsoft Entra tenant: focuses on your Azure billing offer and the association of that offer with a Microsoft Entra tenant.
- Identity and Access Management: Focuses on the identity and access management solution that best suits your Azure environment.
- Resource Organization: Focuses on establishing a consistent pattern for organizing the resources you deploy on the cloud for - naming, tagging, membership design, and management group design.
- Network Topology and Connectivity: Focuses on how secure and effective connectivity is to other Azure services, external users, and on-premises infrastructure.
- Security and Compliance: Equipped with encryption, network firewalls, and layered access controls, Azure Landing Zones represent a comprehensive approach to security, ensuring your data is secure.
- Management: focuses on understanding requirements and implementing those requirements consistently across all workloads in a cloud environment.
- Governance: Focuses on establishing tools and measures for effective governance, including cost management, management baseline, Azure policy, Azure advisor.
- Platform Automation and DevOps: Focuses on automation and using infrastructure as code for resource provisioning, management, and operations, etc.
During these workshops we educate the customer about each design area, understand the business and technical requirements, and assist the customer in reaching design decisions and considerations.
Azure Landing Zone Design (1 week)
After conducting all the design workshops, we analyze all the business and technical requirements, key decisions, and considerations and prepare a detailed Azure Landing Zone design document that includes the following:
- Azure Billing and Microsoft Entra tenant
- Azure billing offer and subscription purchasing model (EA, MCA, CSP)
- Define Microsoft Entra tenant
- Identity and Access Management
- Hybrid identity with Active Directory and Microsoft Entra ID or Microsoft Entra ID
- Landing zone identity and access management
- Application identity and access management
- Management Group hierarchy and subscription structure
- Naming and Tagging Standards
- Resource Groups
- Network Topology and Connectivity
- Traditional Hub and Spoke or Virtual WAN network topology
- IP Addressing
- Connectivity to Azure
- Connectivity to Azure PaaS services
- Connectivity to other clouds providers
- Limit cross-tenant private endpoint connections
- Inbound and Outbound internet connectivity
- Network segmentation
- Network encryption and inspection
- Secure privileged access
- Encryption and key management
- Service Enablement Framework
- Security control mapping
- Inventory and visibility
- Monitor Azure platform landing zone components
- Business continuity and disaster recovery
- Operational compliance considerations
- Workload management and monitoring
- Track costs
- Optimize cloud investment with Cost Management
- Create and manage budgets
- Monitor usage and spending
- Keep Azure landing zones up to date
- Azure Policies
- Platform automation and DevOps
- Platform automation
- Subscription vending
- DevOps considerations
- Development strategy
Azure Landing Zone Implementation (2 week)
Once the Azure Landing Zone design document is reviewed and signed off, we implement it following Microsoft recommended practices.
Deliverables
- Up to 6 design workshops to present, discuss and explore Azure design proposals
- Azure Landing Zone design documentation
- Azure Landing Zone implementation as per the finalized design
- No Resource/Application creation or Migration is included in this project