Azure Landing Zones
Plan, build, and manage your Azure Landing Zones with the support and expertise of Netrix’s certified Microsoft engineers.
What are Azure Landing Zones?
Azure Landing Zones are a set of policies and hierarchical resources that allow for grouping within Azure as well as centralized management and monitoring. Landing Zones are based on two of Microsoft’s best practices known as the Cloud Adoption Framework and the Well-Architected Framework. The policies that get implemented have many purposes, including providing security baselines, cost control measures, and best-practice configurations.
By leveraging Landing Zones, you can deploy Azure with confidence, ensuring:
A strong foundation for Azure using only the resources you need, preventing surprise monthly bills
Your resources are configured securely based on proper governance and policies
Users can deploy in Azure with minimal friction thanks to role-based access control for business units while retaining centralized visibility for IT
Plan & Envision
During the initial planning and envisioning period, we’ll work with your team during half-day workshops to execute the following:
Review Management Group and subscription hierarchy to determine proper inheritance structure
Design least privilege requirements for teams in Azure
Design initial policies required to put guardrails up in the environment
Review capabilities of Infrastructure as Code solutions
Design requirements for IaaS deployments (VMs, Storage, Networking)
Design requirements for common PaaS deployments (App Services, Key Vaults, Automation, SQL, etc.)
Review logging with first- and third-party solutions
Cost Management Review
Design budgeting best practices and alerting
The flexibility of this offering allows your team to handle as much, or as little of the implementation as you’d like. Whether you’re strictly looking for oversight and guidance, or complete execution of all resources, our team can support your Azure Landing Zone deployment.
Regular review meetings every 1-2 weeks to determine status of deployment and support your team as they execute.
Our team will help with the deployment of management hierarchy, deploy and create initial test resources, and deploy, validate, and create a portion of the client’s production resources.
Netrix will deploy, validate, and create all client resources in Azure.
Azure Landing Zones not only require an upfront implementation to define policies but also require careful ongoing management to ensure your policies evolve as your goals and needs do. Netrix provides ongoing oversight for three key components of your Azure Landing Zones.
Azure Policy Monitoring
Monthly review of Azure Policy compliance, exemptions, and coverage with exemption management.
Azure Advisor Monitoring
Review Azure Advisor recommendations for cost, security, reliability, operational excellence, and performance and cleanup recommendations as
Infrastructure as Code Management
Update IaC templates to fix deployment issues and create new IaC templates quarterly.
5 Reasons to Migrate to the Cloud
The cloud isn’t new, but many organizations have yet to migrate their workloads and operations. Transformation can seem like a daunting task and cost fears and resource limitations can leave organizations hesitant to realize the benefits. Check out our whitepaper covering five reasons migrating to the cloud can set your business up for growth and success.
Why work with Netrix?
Tightly Integrated and Longstanding Microsoft Partnership
Since 2005, Netrix has provided engineering expertise, complementary solutions, and supporting services for the Microsoft technology stack. As a Microsoft Gold Partner, we have the expertise to deploy and support your team’s new or existing Microsoft infrastructure.
Specialized Migration Partner in the Azure Migration & Modernization Program
As a member of AMMP, Netrix provides the right mix of best practice guidance, resources, and expert help at every stage of your cloud journey. We meet customers wherever they are in their cloud journey so you can move forward with confidence – right from planning the move to making it happen successfully.
Frequently Asked Questions
What are the requirements to participate?
- Participation by multiple teams including security, networking,
- 8-12 hours per week for 2-3 weeks for design
- Continued participation 1-2 times per week for implementation
What will Landing Zones help with?
Azure Landing Zones are a solution for Azure users who struggle with:
- Total Cost of Ownership
Why should I get support when implementing Landing Zones?
The risks of doing it yourself if your team isn’t well versed in Landing Zones,
- Providing over permissions that can affect resources users shouldn’t have access to, leading to deletes, moves, and changes your IT department hasn’t sanctioned
- Incorrect policies can lead to users spinning up unapproved or nonbudgeted services which lead to higher bills
- Under-permissioned users can lead to experience issues and disruptions to business processes
- Without proper Landing Zones, your Azure environment could lack a security baseline