So, you’re making the move to Azure. This is going to transform the way your business works, with vastly superior server agility, higher data capacity, and greater compliance capabilities. But it doesn’t happen overnight. Your organization needs a way to securely migrate all its data to the cloud.

A Clean and secure Azure cloud migration requires planning and resources to get it right. It means knowing your stuff when it comes to the Cloud Adoption Framework (CAF) and putting the right digital architecture in place ready for your resources, subscriptions, and any other parts of your enterprise architecture. You can make sure all of this is in place with an Azure Landing Zone.

What is an Azure Landing Zone? 

An Azure Landing Zone is a pre-provisioned environment that is put in place to help your organization move its services and subscriptions to the cloud from a legacy system.

Just as you wouldn’t build a house without a solid foundation, you don’t want to jump into the cloud without a solid base from which to build your cloud architecture. Based on migration models from a huge number of businesses that have successfully migrated to the cloud, an Azure Landing Zone acts as a blueprint for your entire enterprise cloud architecture.

Azure Landing Zones work for multi-cloud and hybrid cloud configurations too, via Azure Arc. This allows control of both your physical and cloud networks via a single interface.

Five Principles for Successful Landing Zone Migration

Based on Microsoft’s Azure Landing Zone Conceptual Architecture, there are five main principles that should be included in your Landing Zone that will help to build a strong foundation for your migration. These principles correspond roughly to the blueprint laid out in the Conceptual Architecture:

1. Connectivity

Adding a Connectivity Subscription to your Landing Zone gives you the option to add networking services, such as connectivity tools, IP address mapping, firewalls, and more. These help build and maintain a safely connected environment so you are able to access cloud servers without a hitch, and maintain security and compliance straight from the cloud.

2. Identity 

If your information is highly sensitive and needs to be kept in a secure location, an Identity Subscription should be included in your Landing Zone. This gives users access to Azure Key Vault, Cost Management, and Azure Monitor, for more control over your subscription spend and cloud usage overall.

3. Governance

In order to properly manage your virtual network, a Management Subscription is needed. A Management Subscription gives you the ability to maintain dashboards in the Azure portal and automation accounts, so you can manage inventory and access updated management and change tracking information. It also gives you the ability to track and log changes to your cloud environment more accurately.

Need help with Azure migrations, governance, or cost management? Learn more about MessageOps Azure GlidePath™ services.

4. Landing zone

Going back to our house-building analogy—you wouldn’t start building a house without a structural engineer. The same is true for your Azure Landing Zone. There is a landing zone management subscription available, which gives you greater control over how you build on, and scale, your landing zone. It includes recovery services, Azure dashboards, and templates for virtual machines.

5. Security

Unlike the four above points, security is added either at the subscription level, or resource level, and is then applied automatically beyond that. However, you’ll still need to configure your security settings for each subscription to ensure the data you move will be safe and in compliance with any industry regulations.

Depending on how your business operates, the blueprint laid out in the Azure Landing Zone Conceptual Architecture below might not be a direct fit with your operating goals, so you may wish to configure your landing zone differently.

Microsoft Azure Landing Zone Conceptual Architecture
Microsoft’s Azure Landing Zone Conceptual Architecture | Credit: Microsoft

However, if your operating model does fit with this blueprint, you can use Microsoft’s out-of-the-box implementation program, the Azure Landing Zone Accelerator.

What is the Azure Landing Zone Accelerator? 

The Azure Landing Zone Accelerator is a walk-through service that helps companies set up their Azure environment based on the Conceptual Architecture above. In January 2022, Microsoft announced availability for this service on Azure Arc too, meaning organizations who operate a multi-cloud or hybrid cloud approach can also use the accelerator. Learn more about Azure landing zone accelerator.

Need more help?

If this all sounds a little complicated, why not get an expert to lead your migration? Our Microsoft experts have helped many businesses successfully move to the cloud, iron out growing pains, and build a foundation for security and scalability with Azure.

MessageOps has a long history in fast, secure, and efficient cloud migrations, and can help your organization with an Azure Landing Zone buildout for added efficiency and accuracy. Learn more about our Azure GlidePath™ services including migrations, governance and cost management.

For more information on Azure cloud migration, or any of the topics mentioned in this blog, get in touch with our team today.

Was this article helpful?