Why you need an Azure Landing Zone

A defined and structured Landing Zone is key component of the Microsoft Cloud Adoption Framework. But what exactly is a Landing Zone, and why is using one important? I’ll try and provide an overview and give some specific examples of the Design Areas, as well an overview of options around enterprise scale in this post.

What is a Landing Zone?

A Landing Zone is a method of achieving scalable and modular growth within Microsoft Azure. A Landing Zone does this by providing common design areas that need to be considered for the majority of Cloud Adoption journeys. Essentially, Landing Zones provide a foundation for growth, but in a scalable and modular fashion – acknowledging that there is no single technical solution for all types of environment.

It is important to note that some Landing Zones vary significantly compared to others – because they are modular, and vary with business and technical requirements. This variation is to be expected, and the Landing Zone concept breaks this down using it’s modular approach – by covering specific design areas.

The Landing Zone concept is essentially all about getting the right foundations in place to allow growth at scale – with the right elements (Design Areas) in place to support your growth. For an enterprise public cloud environment this is an essential part of the adoption journey.

Landing Zone Design Areas

Whether you are designing for a large, multi-location, enterprise hybrid-cloud deployment, or deploying a simple, isolated test environment, each of the design areas below should be considered within your Landing Zone. Note: I’ve provided some example questions against each Design Area here for thought, but these are not exhaustive in any way!

  • Enterprise enrolmentDo we have a tenant in place that will support our growth and needs moving forward? Will we use EA/CSP/PAYG etc? How will we structure our subscriptions?
  • IdentityHow will identity and access be controlled and managed?
  • Network topology and connectivityWhat will our network topology be? How will our resources and locations be connected? What will our needs look like in days/weeks/years to come?
  • Resource organizationHow will we organise our resources to allow for growth without red tape? Considering our needs around management groups, subscriptions, our business areas, different teams and more.
  • Governance disciplinesHow do we stay compliant? How do we enforce security requirements? How do we ensure our data sovereignty?
  • Operations baseline – How will we manage, monitor and optimise our environment? How will we maintain visibility within our environment and ensure it operates as required?
  • Business continuity and disaster recovery (BCDR) – How will we architect for continuity and protect our data? Have we considered the need to replicate data or provide a method of restoration? Do our proposed methods meet the RPO and RTO objectives of our organization?
  • Deployment options – How will we deploy our Landing Zone and resources moving forward? Will this be a manual process? Will we consider Infrastructure as Code? What methodologies for deployment could we use? 

You can read more about these design areas within the Cloud Adoption Framework: Design areas of a well-architected landing zone – Cloud Adoption Framework | Microsoft Docs

What about Enterprise Scale?

For me – this is perhaps the most relevant area, as the majority of customers I work with, have enterprise needs. Thankfully, the Cloud Adoption Framework also covers Landing Zones for enterprise scale, including reference architecture (to demonstrate design areas and best practices), and Azure Resource Manager (ARM) templates to accelerate the process.

There are a number of example implementations for enterprise scale Landing Zones available – and these also include ARM templates and documentation to provide straightforward deployment. For example: https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/wingtip/README.md 

Image from GitHub Link above

Enterprise Scale – Design Principles

Enterprise Scale design principles serve as pointers for organizational decisions towards achieving your required Azure growth. These are the critical principles that need organisational decisions to achieve enterprise scale, and the provided reference architectures (above), are based on these Principles.

  • Subscription democratization – Considering how Subscriptions can be used to enable management and scale aligned to business needs and units.
  • Policy-driven governance – Using Azure Policy correctly to provide compliance, whilst ensuring application owners are not hindered in migrating their workloads and applications. 
  • Single control and management plane – Providing a consistent experience for operations teams, utilising role-based access and policy-driven controls.
  • Application-centric and archetype-neutral – Using a focus on application-centric migration, rather than a lift and shift mentality. Also focusing on providing a foundation for all application types that the enterprise could deploy. 
  • Align Azure-native design and roadmaps – Using Azure-native services and capabilities, ensuring that the enterprise can benefit from new capabilities.
  • Recommendations –  Balancing functionality, using preview services for testing/development/future enhancements, and using technical roadmaps to allow migration. 

You read more about the Design Principles here (Microsoft Docs).

Enterprise Scale – Design Guidelines, and Critical Design Areas

Enterprise Scale Design Guidelines provide an enterprise viewpoint for each of the Critical Design Areas. These viewpoints provide an important reference for anyone starting to design a Landing Zone for an enterprise environment.

Any decisions made against the Critical Design Areas will have a significant impact. Many of the areas are heavily linked, so decisions made in one area impact others, and vice versa. These interrelations and interdependencies necessitate time spent evaluating each Critical Design Area, both individually and as a group – ensuring that there are no conflicts or missed requirements, for example.

The Critical Design Areas are:

I have linked each Critical Design Area above to the Docs page for each, which provides more detail, Design Considerations, and Design Recommendations.


Congratulations if you have made it this far! I hope this has been a useful look into Azure Landing Zones, the considerations for each Design Area, and the Enterprise Scale elements that need to be considered.

A Landing Zone provides an organization with a scalable and modular platform, built on solid practises, reference architectures, design considerations, and more. A  Landing Zone is a key component of the Cloud Adoption Framework – ensuring the cloud journey starts in the right way.

Skip to content