Azure Landing Zones Overview

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

You have some of the best videos on azure

👍︎︎ 8 👤︎︎ u/Megisphere 📅︎︎ May 04 2021 🗫︎ replies

u/JohnSavill are Microsoft paying you to make these videos? Because they should be!

👍︎︎ 3 👤︎︎ u/Hoggs 📅︎︎ May 04 2021 🗫︎ replies

First of all - your videos are awesome! I love the way you're explaining things. There is always a clear description of the problem/context followed by a solution with enough technical details.

I've just started my blog posts series about building self-service to request for:

- Landing Zone of your choice

- Azure DevOps Project

- All required Azure AD groups, Service principals, etc.

It's strongly related to what you are describing in this video.

I named it Azure Landing Zone as a Service.

👍︎︎ 2 👤︎︎ u/kwiecek 📅︎︎ May 04 2021 🗫︎ replies

I've always found "Landing zones" an odd choice of name to describe a subscription that is integrated with the governance, tooling and support tools to be able to host and operate resources and applications in a well supported, secure production setting.

👍︎︎ 2 👤︎︎ u/craigofnz 📅︎︎ May 05 2021 🗫︎ replies

Captions

hey everyone in this video i'm going to cover a topic i've actually been very hesitant to cover simply because the microsoft documentation materials are so good i really didn't think it was required but a lot of people have pinged me asking me to kind of give an overview so in this video i'm just going to provide a 360 overview of azure landing zones as always if this is useful a like subscribe comment and share is appreciated and hit that bell icon to be notified when i release new content or do a live session now the cloud has a huge number of services really covering the entire gambit of anything i might want and it's really easy to provision them click click click hey i've got this resource stood up but that may not be the right thing for an organization am i deploying in a secure way am i deploying in a scalable way am i meeting my organizations or regulatory requirements am i deploying highly available am i cost optimized am i reinventing the wheel how will it operate this am i using the right tools because maybe what i use on-prem maybe there's a cloud native version i want to be leveraging am i following best practices is this cost optimized this goes on there's a whole set of things we need to think about we think about governance we talk about best practices i have a whole module on this in the azure master class now there's a lot of documentation about best practices about governance about how to structure a good set of components in azure where i can land my applications my business applications there are different capabilities on how i can deploy configurations onto an environment and ideally what we want is yes documentation is great and we should know that documentation we should read that that's the whole idea around kind of the cloud adoption framework which is phenomenal but would it be really nice if there were some configurations i could take as a starting point maybe as a small business just to get maybe core policy and some core structure maybe as a bigger enterprise the right foundation on what i actually want to build for my applications well that's what azure landing zones are as part of the cloud adoption framework now again the documentation is amazing so i'm not going to go into a deep dive about exactly all of the different components instead i'm really going to focus on what they are and in a certain aspect how they work and how we might actually want to use them now before i do that i do want to cover a few core concepts because they're what's going to be used by the azure landing zones now we can always think about at a very core basic level we have really an azure subscription now i might have multiple subscriptions it comes down to my size but i can think about hey i've got other subscriptions that i use within my organization and i can think of a subscription as a container for resources it is a boundary for certain types of things like a virtual network cannot span subscriptions but into this i'm actually going to place resources now the nice thing about subscriptions is i can apply things like policy role-based access control even budgets controlling certain types of spending i'm going to go into some more details about these things so we have these subscriptions now as a larger organization potentially i may also kind of have the idea of a kind of an enterprise agreement as part of an enterprise enrollment so this construct that lets me have multiple subscriptions there are things like account owners that can create subscriptions but i get this rolled up billing mechanism within my organization now within a subscription we actually have the idea of well i can create resource groups so i can create one or more resource groups and once again the whole point is i would have one or more so i've got other resource groups i can't nest them but i have these resource groups now once again i can apply things like that policy the rbac and even kind of those budgets and the whole point of a resource group is it's things that share a common life cycle they're going to get created together they run together maybe get de-provisioned together so maybe it's a particular application or maybe it's some kind of workload for example maybe it's my networking maybe it's my connectivity so these things that i place inside a particular resource group share kind of this common life cycle from birth to running to ultimate decommission now the whole point is a resource group is not a boundary of use i could absolutely have my app in here i could have virtual networks in here i could have connectivity and key vault i can spread those things around the reason we like resource groups is i can use them as part of my governance different policies an application is likely going to have the same set of people needing permissions on all of the types of objects because i can have things like hey i'll have a maybe a vm maybe a storage account maybe a sql database maybe a load balancer i want the same set of permissions so that's nice to apply at that resource group level i can then when i start to think about well i have requirements about hey i'm saying our back role based access control the ability to give a role which is a set of actions to something a user a service principle managed identity at a certain scope scope could be a subscriptions it could be a resource group so we have this azure aed so i can think about our organization is going to have an azure ad instance this may and likely will synchronize from on-premises active directory using azure ad connect as ready connect cloud sync and in there i have all these different types of objects i think about well hey yeah i have the users again they might be replicating from id or they might be cloud i might have service principles my various applications i'm not having that managed identities identities for cloud native in azure that's just inherent and automatically managed for me i may even have guests objects from other azure 80 tenants or microsoft accounts or gmail accounts or even facebook different ways i can do that and i might kind of then have groups in which i can add all these various things into it so they're identity objects i can use so i have subscriptions i have this identity and this policy and our back these are all great things but maybe i have lots of subscriptions and i don't want to have to apply policy and are back to every single subscription stamping those down so what we then have is really this concept of kind of management groups and as the name really suggests it's the ability to group objects my subscriptions together for the purpose of management so you're going to have this root management group under your tenant and then i can create different management groups to meet my needs maybe this is kind of a production management group and ultimately under there i can have a whole set of hierarchies i can nest these management groups and then i have my production subscriptions for example maybe i have deaf maybe it's based on business unit i can have different purposes for this but the whole idea is with these management groups once again i can apply those same kind of hey i have the idea of policy i have the idea of role-based access control and i have the idea of kind of these budgets so all of these constructs available to me and they inherit so all of these things no matter what level i kind of apply it to these do get inherited down so if i applied some policy at the root or production we would get inherited to child management groups and the subscription the resource group and ultimately the resource inside which is probably what i kind of care about the most so we have these great concepts to light all these things up now i've used the term our back a whole bunch of times so the whole point of role-based access control is it is that ability to have roles remember a role is just really a set of actions with different resource providers in azure assigned to some kind of identity assigned at a certain scope so i can say i want to give this group or this service principle this role at production management group or at this subscription or this resource group or even this resource and then we have the idea that on premises there are things we have to stick to maybe where i can create public ips maybe what types of service what types of resiliency we want and that's enacted by it operations hey as a developer want a resource please create this for me they make sure it meets requirements and then they only create it if it does i can't do that in the cloud so in the cloud we use policy so we have azure policy and that is our guard rails there's a huge number of these azure policies that are just built in i can create my own that i can do things like restrict what regions i use what vm skus are used what types of storage account i use do i have azure site recovery deployed am i using azure key vault mass numbers of these azure policies do i want to use tagging important metadata that i can use to think about hey what is the purpose of this resource maybe cost centers i can control all of that with policy so anything about policy is being a way to both enforce my requirements i could deny i can have an effective deny if it doesn't meet or i can use it for audit it can even remediate kind of deploy if not exists so these different capabilities but these are my guard rails and when i'm starting out in azure a key thing really is to get that policy the right way and again we'll see some of these policies a little bit later on and that can be tricky like what policies should should i be using i drew these resources and i kind of drew a vm and i drew a storage account and i said quickly click click it may not exactly sound like that way but we don't really want to create resources that way if i just create from the portal well i'm not creating in a consistent manner it's not easily repeatable i can't really track for drift so we like infrastructure as code the ability to describe that infrastructure those resources as human readable code now the native way to do that in azure is we have this concept of an azure resource manager template and what i can absolutely have is i can think about well i can create let's go up a second my arm is a json format template now over time you might see these start to migrate to bicep bicep is this new domain specific language that's far more human friendly but for now these are json templates and the reason we like these are they are declarative which means i'm not telling it how to do something i'm telling it what i want to be there hey i want a storage account that's lrs in this region make it so it's its job to go and look at what's there and does it match my configuration or does it need to go and create or does it need to modify which means these are also item potent that simply means i can re-run this thing as many times as i want it won't have an effect if the resource is there and it matches how it's described in this template great if it isn't hey it will make it so and modify it so this is super powerful because i can always just re-run this i can use it to detect drift hey this is what i want what's there hey this is what would be changed and so ideally when we create resources i really want to create these resources using a template so we use those arm json templates to actually create things so now i can also use it with things like git so i can version control i can see the changes i make between my versions now speaking of resources there are a huge number of different resources available but there are some key ones i'm really going to always want for example i can think about what are some of the key things like a log analytics workspace i want that deployed i want things like azure security center deployed i want those things i'm probably going to have a virtual network within my subscription but then i might have more organizational wired resources so here i have a local v-net but i might have maybe things like virtual one to govern that overall set of networking for the company and these become spokes off of that virtual one this would have my express route my site to site vpn whatever i need my azure firewall or maybe i don't use vwan but i still need a kind of connectivity hub which would have express route gateway and or site to side vpn and or azure firewall so i'm probably going to have those more centralized set of resources i might also have things like well azure keyboard i might have a central azure key vault in a certain subscription i mean really the list goes on i might be migrating resources hey i'll have an azure migrate instance so we also have these key sets of resources i want now i've talked about a lot of different things i've not even talked about landing zones yet and the reason is landing zones really are going to do this work for me that's the whole point you need to understand what the constructs are because all these decisions when i'm saying well yeah there were policies you need some of those and how you want to structure things a certain way that's the hard part is knowing what ones to use and landing zones do that for me now before we look at landing zones i want to cover one other construct in azure and i'm running out colors here so we'll pick um i don't know i'll do yellow may not show that well we'll see actually yeah and it's an azure blueprint so i can think about i have this azure i'm just going to call it blueprint if i thought about some of the types of resource i've mentioned resource groups as a way to bring things out of a common life cycle well i can define resource groups within blueprints i can have multiple resource groups i can specify hey policies i want so i can absolutely include in here hey at this resource group i want this policy or maybe it's just at the root subscription i want this policy role-based access control i i can add those things as well so i could add kind of an r back over here these arm templates that i have hey guess what i can specify arm templates so i can say hey yeah i want this particular template deployed to this resource group maybe i'm deploying a different template under this resource group and the whole point of this is once i've got these blueprints that bring together these core types of structure hey well i can just take that and essentially assign it to a subscription which is going to stamp down that configuration oops onto that particular subscription so that blueprint can encompass all of these different constructs together to just make it reality deploy onto the subscription now note when we talk about azure landing zones ideally we're using them on empty subscriptions we're just kind of stamping this out green field but if you have an existing subscription of existing resources in it they're going to work with those brownfield scenarios as well so you don't have to worry so we have all these fundamentals down again there are quite a few of them but the key point is this is what azure landing zones are literally going to use now there are a number of different azure landing zones really depending on do we want to start small i hey i'm focusing really on a subscription i want to get the basic constructs maybe some key policies in place and then i want to deploy my application into that or am i thinking enterprise hey i want to get all of the things in place for maybe my enterprise i want to have connectivity maybe v1 maybe some more hub and spoke where i'll use not using vwan but i'm setting up an express rail gateway or a site site vpn maybe i want to integrate with azure devops i might have all these different options there's a whole set of different landing zones that i select and that's the point as a company i can choose to kind of start small and grow or i can just hey i'm going to go 20s enterprise or i might yeah i'll use to start small and then i'll move to the enterprise in the future i do recommend reading the documentation so if we go and look at the landing zone implementation options firstly on this left hand side you'll see there's a mass of documentation this is all part of the cloud adoption framework and i'm really going and looking at these azure landing zone section over here and i'm just focusing on the implementation options but again the documentation is fantastic i can see what is a landing zone it's got a nice little video about it it talks about the key design areas remember i talked about a lot of these in my little picture but it's going through those different elements how do i pick what landing zone i should actually use and they're talking about here look hey i can start small and expand or i can just go straight into enterprise scale and it talks about well what are the decision criterias i might use what are my initial considerations but i'm going to look at the implementation options and what we can see here is there's fundamentally two when i think about starting small and these actually can build on each other because what we have here is this cloud foundation blueprint now if we look at this cloud foundation blueprint it talks about its design principles the deployment options the different resource the governance all of these different things but what we can just jump over to is hey look let's deploy the blueprint sample this is actually deploying how i can use this gives me all the different instructions and remember i talked about those blueprint things well this is because it's just native part of blueprints now i can go and look at a nice picture of what this is actually going to do and we can see here when it's using kind of an azure active directory and it's going to go and deploy a vault log analytics see he's got storage accounts it's using azure policy azure security center so okay it's going to go and deploy these things for me so if we actually now just jump over to my azure subscription i can just go and look at blueprints and i'm going to my blueprint definitions over here on the left and if i select this i want to create a new blueprint now they're providing templates i'm going to create my own blueprint because i could modify this and if i just search for caf that's the cloud adoption framework and i can see the foundation and migration landing zone so i'm going to start with foundation now i'm going to give it a name give it something useful in your way so maybe it would be mice i might say savile tech blueprint say yes foundation now the definition is going to store it somewhere and then i can assign it at a different scope so i might choose to store it in my management groups optionally i could pick a subscription i don't need to but then i can see all of the artifacts now remember i talked about artifacts i could have things like um role-based access control we had all these different types of things that i could have policies are back templates actually creating resource group so the artifacts we're actually seeing in the portal is using those things so we jump back over i can see well at the subscription level it's deploying a whole bunch of policies we can see the artifact type and these are doing policy assignments okay so we're going to deploy a cost center tag to resource groups we're going to apply cost center tag and its value from the resource group enable azure security center we're specifying allowed locations for resources so i'm going to pick hey i only want to deploy to east u.s too maybe in west u.s too i want network watcher for virtual networks resource types i don't want in my environment secure transfer to storage account should be enabled so i can't just use a non-secure way restricting what type of storage account restricting what type of vms and then we're deploying here we can see we're actually deploying a template so we're actually deploying azure security center then it's creating a resource group for shared services remember this is a simple deployment so the key vault my log analytics is still in the same subscription but we're going to put it in a different resource group so it's going to create a resource group for shared services and then into there create a key vault using a template and then create a log analytics workspace using a template and then it's creating resource groups for network identity service and my first application because each app should go to its own resource group just to put me on my way for good practices so it's going to lay those things down now you'll notice a lot of these have parameters some of them are populated some of them are not so when i actually went to deploy this assign it to a subscription i will have to tell it those various parameters for example which storage account skus am i going to allow maybe i don't want lrs i want everything grs so i have that resiliency cross region maybe i only want certain types of virtual machines so basically i would now save this draft then i would publish it then i could assign it and at the point of assignment well that's when it would actually stamp that down now an important point what we're really doing here is we're getting these things stood up we're getting started we're kind of learning these things these are very modular so when i think about this when i do an assignment of a blueprint we actually have locking options so with locking option i could say things like hey it's read only i can't change the control plane anything about it which would be bad for a lot of things like a virtual network i couldn't create new subnets i can say hey it's do not delete or i can say don't lock most of the time because the way we're using these blueprints for landing zones that assignment is going to be don't lock they're very modular we're learning we're iterating i don't need to do the locking this is really all about getting these things laid down getting that good structure we're going to build on that in the future so i don't need to really lock those things when we do the assignment hey i can just say don't block there was one of them now additionally we saw there was one for azure migrate now if i look at the create a blueprint once again we'll go to the caf migration landing zone once again i'm not really going to fill this in because i just want to get to the details of it if we look at the artifacts this time we can see well there's this deploy key vault for log analytics and keyboard deploy a v-net landing zone to bring resources into but deploy azure migrate this is not deploying any policies this time and remember the reason for this is this is modular the way i would use this is i really think about hey i've already deployed that foundational one this is item potent so that deploy key vault deploy log analytics well it would already be there it won't deploy again but it will deploy the virtual network landing zone and it will deploy the azure migrate so i can have these build on their modules so when i thought about my picture and i drew a blueprint well definitely yes i'll deploy that foundational one and then i say hey i want to do migrations i could then deploy also the migration blueprint again i'm not locking it to the same subscription so then i adding on those additional services to it and that's really the key point for those small scale um i can build on them i should also point out so i'm showing you the blueprint model there is also if i just quickly find the link there is a terraform version of this so if we jump back over to our portal over here and we actually go to our landing zone implementation options so great these were the start small but if we keep scrolling down there's another start small and this is terraform so this will actually if you're an organization that's maybe using multiple clouds maybe i'm using on-premises vmware and kubernetes and hyper-v i really don't want to use the blueprints i'm using terraform already i want to carry on using that well there's a whole set of terraform modules i can use and go to the terraform registry and it's really doing very similar things but it's a whole bunch of different terraform files to actually do those deployments so i can use that terraform landing zone instead so that's my model great go ahead i can absolutely use my terraform instead so i get that choice so that's the small scale that makes sense and we could kind of see actually if we look back at the documentation for a second if we scroll up it has these kind of design principles and if we click that again it does show us really what that's doing i've got these kind of base lines but if we actually go and look at the blueprint picture of that actual one over here it's showing us that architecture this is exactly what it's deploying and it's going through the different policies that it's actually giving us so we can understand what we're getting so it's laying down really that core foundation that we want to use perfect what about if we're not small scale what about if we have a larger organization and i want to start enterprise ready now if i'm enterprise ready i'm not going to deploy everything into one subscription i'm probably going to have the idea of a set of shared services and then separate things for my applications also because now we're going to be dealing with multiple subscriptions we're not going to use blueprints anymore we're shifting so the small scale they use a blueprint it's just in the portal i can stamp that down for the enterprise scale remember these arm templates well arm templates actually don't have to only deploy resources into a resource group i can actually do arm templates that deploy resource level to actually grow and create resource groups subscription level things i can really deploy everything through a resource group so these enterprise scale will actually use arm templates to create the entire structure now once again there's different options here so once again if we go and look at the documentation there's really three things we're dealing with here we'll see we have this caf enterprise scale landing zone and we can see all of the details around this in a second but really there's two variants of this we have a variant that adds in hybrid connectivity using virtual wan so we have this because the just regular enterprise scale landing zone assumes everything's in azure it's not dealing with any connectivity to on-premises so this enterprise scale landing zone with virtual one adds in virtual wan to give me that hybrid connectivity the v1 has functionality to do express route and sites like vpn and spoke to spoke communications through azure firewall it does all these marvelous things or i want hybrid connectivity but i don't want to do it through v1 i just want to have regular gateways well then i can use this option and what's interesting about these these are all templates they're not using blueprints but they actually have a custom ui in the portal when you deploy them that lets you select well which you want for example things like azure devops is optional i don't have to deploy it so let's actually look for a second and if we actually go and let's start with the design principles over here so this is talking about the enterprise scale design principles you want to quickly review this but then it actually shows you the architecture so this is the landing zone in enterprise scale so it's focused around the idea that yes these network watchers and security center keys shared services networking and it has this picture of high level architecture and it's huge and it's this gigantic picture that maybe looks fairly scary and it's actually two fairly scary looking pictures it's actually not as bad as it seems what this is really showing if we click on one of them and i'll try and zoom in just a little bit we can think about well it's talking about those enterprise enrollments that we covered in the past like how i maybe do those billing it's talking about yes there's kind of my azure ad for my various identities maybe advanced i am using things like pim just in time access and various types of controls conditional access mfa then it was about an entire management group structure you might want to use that hierarchy i can have and then it just breaks it down into well different subscriptions and it's breaking down into one me an identity subscription where i have maybe domain controllers i'm actually having domain controllers in azure we have management subscriptions i have things like connectivity subscriptions you can see if i scroll out for a second my connectivity maybe has my virtual one hub because this is the v1 option then i have my landing zone application one application two so they each have their own subscription and the core services that they use notice it's a load balancer they have their own v-net applications and it's peering into that connectivity subscription and then maybe either a sandbox subscription and maybe completely optionally we light up azure devops so this is the version that i'm using v1 the other picture is essentially exactly the same the only difference here now is i've got devops options i've got management subscriptions but i'm not using v1 in the connectivity subscription anymore it's just a hub v-net and then i would say well we aren't going to turn on azure firewall or express rail or vpn but then i still have landing zone subscriptions for my application i'm still using peering from my app subscription to get to that connectivity subscription so it's really about how is it lighting up that hybrid connectivity is it using v1 or am i really just manually doing things now from the main page you'll actually notice well there's a deploy option so if i actually hit deploy it's taking me to the github repo it's showing me the enterprise scale foundation and it's going to show me what it's doing so it's showing me the management group structure it's going to use it's then show me the resources so i've got an azure subscription for management okay log analytics workspace security center optionally so i'm going to pick do you want a sub for domain controllers optionally do i want to add in github then it's got these various azure policies and so these are the resources it's going to create for me so it's showing me exactly what it's going to do now if i deployed this and then later on decided actually i want to use v1 or i want to add in that subscription for connectivity i can manually do it and at the bottom of the page notice it's showing me hey look when you deploy this through the portal it's got this custom where i can pick the bits i want but all the way at the bottom i can actually get an arm template that would add virtual one or add hub and spoke to this one i've already deployed or it's telling me hey you can manually create them by following these steps so it gives me that ability to grow in the future but if we scroll all the way back up to the top of this if we say deploy to azure hit that button we're going to go to essentially a subscription and then it's going to show me this custom ui to actually leverage and deploy that so here's my enterprise scaling zone i'm giving it a region to deploy to i would have a company prefix now this i want to be unique for my company so maybe it would be savile mg or whatever i'm going to pick there i would have something there and it's got like information again this is unique at the tenant scope max 10 characters i think that's what sav will take wrong because there we go it's that kind of day and then it's got all these questions hey yes i'm deploying log analytics what's my retention going to be um what is my management subscription i would pick the one i've created already which solutions do i want deployed do i want these other components added i could then integrate with kind of devops again i've already picked anything for this landing zone configurations i have all these different steps i can actually deploy as part of this now i can actually go and look at the template and a template would show me all of the different things it's actually going to use now it's going to break the ui when i do that if i change anything but fundamentally what this is doing is there's a whole set of resources and what these resources are actually doing are calling other templates if i go back to the github they don't really need to know this but if i go up a level i can see the arm templates so here's the foundation here's adding v1 adding hub and this foundation template is really just calling templates in this auxiliary folder that add the various components hey azure devops log analytics management groups policies all of those things have just been called to actually go and configure that all up solution so it's going to stamp down that configuration for me and that's the key point it's doing this structure it's laying down this foundation now as i mentioned there are other versions there's a version with virtual wan now once again for the virtual wan i could just say hey i want to go and deploy that thing it's going to show me the github page for that and now it's showing me what it is going to deploy so notice here it's adding this connectivity subscription whereas adding in virtual wan i can see that over here it's going through all the different components the management group structure network topology of how it's going to work huge amounts of detail so if you're thinking about doing this you really want to read through these pages it gives you all of the detail you need the management the monitoring all of the detail of what it's going to do but once again it's fundamentally just using arm templates to deploy all of those various components and once again you can if you want kind of go and have a look at everything it's doing and once again it's calling these sub templates to actually go and do the work if you look at just the main v1 json file you'll see it sets up a bunch of variables if i can find the variable section all these parameters so we have all of these variables which are the deployment urls which are all those auxiliary templates that call the individual parts that do things so it's just calling those to actually do the deployment and likewise there's the one with hybrid connectivity and once again if we look at that one it has its own github page once again it goes through showing us the picture of this once again this time it's showing us hey this connectivity subscription where i would go and add my own express route gateway my vpn gateway and it will prompt you for that as it deploys once again you can go and peek around i can look at how that main hub spoke and once again we can go and see the various templates it's going to use hubspot connectivity to actually go and set all of these different things up and that's really what we're doing here i mean that's the point of these landing zones so landing zones show on a small scale start small is creating a sub putting some basic policies in place some basic resource group structure and then i can go and create my resources the enterprise are actually stamping out a full kind of set of management groups i get my subscriptions i need the core services it's going to ask me all those questions about things to really make it enterprise ready a place to land my applications there's now going to be a place for my applications to land and if i then add the versions like the v1 or the hybrid there's a separate subscription with all my connectivity that will appear to my app subscription to give it that hybrid connectivity through so that's the point of landing zones it's a landing place for my applications that's following best practices around leveraging the cloud rather than me kind of struggling and creating stuff and then realizing well that's not quite right use the landing zones again start small if you need to and i can grow and there's documentation in there for how to do that growth or i might stamp down one of those enterprise ones that again the picture looks way scarier than it really is it's just stamping out some core services that put us in a great position to then grow and deploy my applications across different subscriptions but it's putting those key constructs in place for me and it's just going to help me get up and running without making those mistakes that tend to happen it's going to put those best practices those guard rails that good foundation which is all this is foundation of a house they all have the kind of the same bits and we have rebar and concrete and pipes but you might lay them out slightly differently but then we build great stuff on top this is putting the foundation down for azure that's what this is for and that's it so as always i hope this was useful look at the documentation it's phenomenal don't forget about those pages to help me decide what i want to do good luck in using those azure landing zones until next time take care you

Info

Channel: John Savill's Technical Training

Views: 22,592

Rating: 4.9738221 out of 5

Keywords: azure, azure cloud, azure governance, microsoft azure, landing zones, governance, blueprints, subscriptions, management groups

Id: mluS8ovuBKg

Channel Id: undefined

Length: 44min 56sec (2696 seconds)

Published: Tue May 04 2021