Azure Landing Zones alignment with Azure Innovations

[Windows Server]

Keeping up with the latest Azure advancements in your Azure Landing Zone

Azure Landing Zones (ALZ) have become a cornerstone for many customers' cloud environments, providing a structured approach to building scalable, secure, and compliant Azure architectures. As organizations increasingly adopt Azure, they rely on landing zones to ensure a consistent foundation that aligns with best practices across governance, networking, identity, and resource management. At the same time, Azure itself is evolving at an unprecedented pace, introducing new services, capabilities, and enhancements to existing offerings. These advancements empower customers to optimize their operations, improve their performance, and strengthen their security posture, keeping them competitive and resilient in a rapidly changing digital landscape.

To keep pace with Azure’s constant evolution, the Azure Landing Zone team is dedicated to aligning its guidance and tools with the latest innovations; it's one of our design principles also "Alignment with Azure-native design and roadmaps".

By continuously incorporating the latest features and capabilities where appropriate to do so, ALZ ensures customers can take full advantage of new Azure features while aligning with the ALZ guidance. The ALZ team is always updating the published guidance and accelerators (Portal, Terraform, Bicep and Subscription vending), offering actionable guidance and implementation patterns tailored to new Azure capabilities for new and existing ALZ customers. This commitment helps customers confidently adopt new services while leveraging ALZ as a foundation for innovation, security, and operational excellence.

Our approach

Given the size of ALZ and the sheer amount of Azure services that are deployed, the ALZ team relies on multiple inputs for evolving the current reference implementation:

• Customers and partners' feedback (GitHub issues, direct feedback through engagements,...etc)
• ALZ core team feedback
• Continuous alignment with and requests from various ALZ related Azure Product Groups 
• Internal and external communities
• Telemetry
• Microsoft Events and announcements

The ALZ team triages all those inputs and prioritizes what features to adopt based on severity, impact to new and existing ALZ customers, deprecation date (if any), amount of work and complexity, and other signals. 

Microsoft Ignite 2024

The latest Microsoft Ignite event as an example had lots of exciting new announcements that can contribute to improve your Azure Landing Zone operations and enhance your security posture. Some of the announcements that we are thinking about at the moment are (but not limited to):

• Azure Network Security Perimeter (Public Preview)
• Fallback to Internet for Private DNS Zone (preview)
• DNS security policy (preview)
• DNSSEC (preview)
• Azure Bastion Premium SKU
• Azure Firewall Management NIC requirement

We will use the same approach and criteria stated above to prioritize implementing those features. Let's discuss how you can track this process and have a saying on how we prioritize.

What are we working on now?

Before Microsoft Ignite, we shared a public survey with the features and capabilities we want to bring to Azure Landing Zones and thanks to the community's responses we started prioritizing and working on the following features:

• Adding Azure Bastion to all accelerators and refreshing its guidance
• Default outbound access for virtual machines
• Removing non zone-redundant virtual network gateway SKUs
• Private DNS resolved guidance and implementation
• Migration from NSG flow logs to Virtual network flow logs
• Azure Virtual Network manager updates

How can you help us prioritize going forward?

The ALZ team maintains a roadmap on the Enterprise-Scale GitHub repository where we share updates and statuses on different ALZ workstreams including new features we are considering integrating into ALZ.

 

We also encourage you to share your thoughts, ideas and suggestions for work items we have on our roadmap using the discussions tab of the repository. This will help us prioritize features and capabilities we bring into ALZ.

 

 

 

View the full article