Azure Citadel
  • Blogs
  • Azure Arc
    • Overview
    • Azure Arc-enabled Kubernetes
      • Prereqs
      • Background
      • Deploy Cluster
      • Connect to Arc
      • Enable GitOps
      • Deploy Application
      • Enable Azure AD
      • Enforce Policy
      • Enable Monitoring
      • Enable Azure Defender
      • Enable Data Services
      • Enable Application Delivery
    • Azure Arc-enabled Servers
      • Prereqs
      • Scenario
      • Hack Overview
      • Azure Landing Zone
      • Arc Pilot resource group
      • Azure Monitoring Agent
      • Additional policy assignments
      • Access your on prem VMs
      • Create onboarding scripts
      • Onboarding using scripts
      • Inventory
      • Monitoring
      • SSH
      • Windows Admin Center
      • Governance
      • Custom Script Extension
      • Key Vault Extension
      • Managed Identity
    • Useful Links
  • Azure CLI
    • Install
    • Get started
    • JMESPATH queries
    • Integrate with Bash
  • Azure Landing Zones
    • ALZ Accelerator
      • Prereqs
      • Elevate
      • Bootstrap
      • Demote
      • Components
    • Deploy an Azure Landing Zone
      • Create an initial ALZ config
      • Run through the CI/CD workflow
    • Example Library Configs
      • Azure Landing Zone library
      • Azure Landing Zone library with overrides
  • Azure Lighthouse
    • Minimal Lighthouse definition
    • Using service principals
    • Privileged Identity Management
  • Azure Policy
    • Azure Policy Basics
      • Policy Basics in the Azure Portal
      • Creating Policy via the CLI
      • Deploy If Not Exists
      • Management Groups and Initiatives
    • Creating Custom Policies
      • Customer scenario
      • Policy Aliases
      • Determine the logic
      • Create the custom policy
      • Define, assign and test
  • Marketplace
    • Introduction
      • Terminology
      • Offer Types
    • Partner Center
    • Offer Type
    • Publish a VM Offer HOL
      • Getting Started
      • Create VM Image
      • Test VM Image
      • VM Offer with SIG
      • VM Offer with SAS
      • Publish Offer
      • Other VM Resources
    • Publish a Solution Template HOL
      • Getting Started
      • Create ARM Template
      • Validate ARM Template
      • Create UI Definition
      • Package Assets
      • Publish Offer
    • Publish a Managed App HOL
      • Getting Started
      • Create ARM Template
      • Validate ARM Template
      • Create UI Definition
      • Package Assets
      • Publish Offer
    • Managed Apps with AKS HOL
    • Other Managed App Resources
    • SaaS Offer HOLs
    • SaaS Offer Video Series
      • Video 1 - SaaS Offer Overview
      • Video 2 - Purchasing a SaaS Offer
      • Video 3 - Purchasing a Private SaaS Plan
      • Video 4 - Publishing a SaaS Offer
      • Video 5 - Publishing a Private SaaS Plan
      • Video 6 - SaaS Offer Technical Overview
      • Video 7 - Azure AD Application Registrations
      • Video 8 - Using the SaaS Offer REST Fulfillment API
      • Video 9 - The SaaS Client Library for .NET
      • Video 10 - Building a Simple SaaS Landing Page in .NET
      • Video 11 - Building a Simple SaaS Publisher Portal in .NET
      • Video 12 - SaaS Webhook Overview
      • Video 13 - Implementing a Simple SaaS Webhook in .NET
      • Video 14 - Securing a Simple SaaS Webhook in .NET
      • Video 15 - SaaS Metered Billing Overview
      • Video 16 - The SaaS Metered Billing API with REST
  • Microsoft Fabric
    • Theory
    • Prereqs
    • Fabric Capacity
    • Set up a Remote State
    • Create a repo from a GitHub template
    • Configure an app reg for development
    • Initial Terraform workflow
    • Expanding your config
    • Configure a workload identity
    • GitHub Actions for Microsoft Fabric
    • GitLab pipeline for Microsoft Fabric
  • Packer & Ansible
    • Packer
    • Ansible
    • Dynamic Inventories
    • Playbooks & Roles
    • Custom Roles
    • Shared Image Gallery
  • Partner Admin Link
    • Understanding PAL
    • User IDs & PAL
    • Service principals & PAL
    • CI/CD pipelines & PAL
    • Creating a dedicated PAL service principal
    • Azure Lighthouse & PAL
    • PAL FAQ
  • REST API
    • REST API theory
    • Using az rest
  • Setup
  • Sovereign Landing Zones
    • ALZ Accelerator
      • Prereqs
      • Elevate
      • Bootstrap
      • Demote
      • Components
    • Deploy Sovereign Landing Zone
      • Create an initial SLZ config
      • Run through the CI/CD workflow
      • Sovereign Landing Zone
    • Example Library Configs
      • Sovereign Landing Zone
      • Sovereign Landing Zone library with overrides
  • Terraform
    • Fundamentals
      • Initialise
      • Format
      • Validate
      • Plan
      • Apply
      • Adding resources
      • Locals and outputs
      • Managing state
      • Importing resources
      • Destroy
    • Get set up for Terraform
      • Cloud Shell
      • macOS
      • Windows with PowerShell
      • Windows with Ubuntu in WSL2
    • Using AzAPI
      • Using the REST API
      • azapi_resource
      • Removing azapi_resource
      • azapi_update_resource
      • Data sources and outputs
      • Removing azapi_update_resource
  • Virtual Machines
    • Azure Bastion with native tools & AAD
    • Managed Identities
  • About
  • Archive
  1. Home
  2. Azure Landing Zones

Azure Landing Zones

Microsoft regularly updates Azure Landing Zones and its governance guardrails, so it makes sense to use that. But how do you customise it, extend it, and merge it with your own IP? These labs are aimed at partners but anyone who wants to go deeper with ALZ will get something from these labs.

Introduction

Azure Landing Zones (ALZ) has evolved significantly. Microsoft maintains the open source repositories including governance guardrails and best practices. There is enormous value in leveraging that IP and knowing that you are building your platform landing zone based on Microsoft’s recommended configuration and that it will be updated to keep pace with the velocity of innovation in public cloud.

The introduction of the Azure Landing Zone Accelerator means you can quickly establish a solid CI/CD configuration, and these labs will walk through an example process. It is not mandatory to use the ALZ Accelerator if you are experienced in setting up CI/CD pipelines for Terraform deployments, but it is highly recommended to secure powerful workload identities in line with recommended standards.

The move to Azure Verified Modules (AVM) for modular and structured infrastructure deployment has been a game changer, especially when combined with the flexibility of the alz Terraform provider.

Content

ALZ Accelerator

Learn how to use the Azure Landing Zone Accelerator to get to a GitHub CI/CD configuration recommended by Microsoft.

Deploy an Azure Landing Zone

Follow this guide to deploy an Azure Landing Zone using Azure Verified Modules

Example Library Configs

A reference guide to common library patterns if you know what you are doing with Landing Zone libraries and the alz provider.

Combining it with your own IP

Historically you could have accused Azure Landing Zones of being monolithic, forcing you to choose between adopting and falling in line with the Microsoft approach, or forging your own path and developing your own platform landing zone infrastructure as code standards including policy.

Now the combination of Azure Verified Modules and the Azure Landing Zone library approach allows you to build on the Microsoft managed IP, giving you the ability to extend, augmenting and override that baseline with your own IP and definitions for a true level of flexibility.

These labs are designed for partners who need to deeply understand how ALZ works — particularly those with existing landing zone IP or custom Azure Policy guardrails. You’ll learn how to integrate your assets alongside the Microsoft-maintained baseline and get the best of both worlds.

Expected Knowledge

Before diving in, you should be familiar with:

Foundation Knowledge Required

  • Cloud Adoption Framework (CAF) and Platform Landing Zones (PLZ) concepts
  • Application Landing Zones and Well-Architected Framework (WAF) principles
  • Azure Policy and governance fundamentals
  • Terraform infrastructure as code
  • GitHub workflows and CI/CD pipelines

Understanding the Azure Landing Zone approach provides a solid foundation that will help with:

  • Standard platform landing zone deployments (ALZ / PLZ)
  • Deploying Sovereign Landing Zones (SLZ)
  • Azure Monitoring Baseline Alerts (AMBA)
  • AI Landing Zones (AI LZ) and other application landing zone accelerators