Azure Landing Zones
2 minute read
Organization and governance design considerations
An Azure subscription serves as a boundary for Azure policy assignments
Deployment settings
| Option | Choice | Description |
|---|---|---|
| Azure cloud environment | Azure cloud | |
| Directory | grinntec | |
| Region | West Europe |
Azure core setup
| Option | Choice | Description |
|---|---|---|
| Resource prefix (Root ID) | grinntec | |
| Platform subscription options | dedicated | |
| Customer Usage Selection Options | Enabled |
Platform management, security, and governance
| Option | Choice | Description |
|---|---|---|
| Deploy Log Analytics workspace and enable monitoring for your platform and resources | yes | |
| Log Analytics Data Retention (days) | 30 | |
| Management subscription | grinntec-management | |
| Agent Health | yes | Helps you understand which monitoring agents are unresponsive and submitting operational data |
| Change Tracking | no | Tracks changes in virtual machines |
| Update Management | no | Manage operating system updates for your Windows and Linux virtual machines |
| VM Insights | no | Monitors the performance and health of your virtual machines and virtual machine scale sets |
| Service Map | no | Automatically discovers application components on Windows and Linux systems and maps the communication between services |
| SQL Assessment | no | Assess the risk and health of your server environments |
| SQL Vulnerability | no | Provides visibility into your security state |
| SQL Advanced Threat Protection | no | Detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. |
| Microsoft Defender for Cloud | no | Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) |
| Microsoft Sentinel | no | Cloud-native solution that provides SIEM and SOAR |
Network topology and connectivity
| Option | Choice | Description |
|---|---|---|
| Networking topology | Hub and spoke with Azure Firewall | |
| Connectivity subscription | grinntec-connectivity | |
| Address space | 10.100.0.0/16 | |
| Region | West Europe | |
| DDoS Network Protection | ||
| Private DNS Zones for Azure PaaS Services | ||
| VPN Gateway | ||
| ExpressRoute Gateway | ||
| Azure Firewall |
Identity
| Option | Choice | Description |
|---|
References
Change tracking and inventory overview
SQL Advanced Threat Protection
Last modified July 21, 2024: update (e2ae86c)