Azure Landing Zone

Why is Azure Landing Zone?

Let's say we are setting up a new Azure Account where we provide access to the team. Over time, we may lose control over the resource creation tier, naming convention, Unwanted resources being created, and not following best practices.

To resolve it, we need to approach the option of setting up some guidelines or rules that need to be followed, which helps in best practices, allowing only allowed resources to be created and specific tiers to be created. This set of rules falls under a single ruleset called Azure Landing Zone. It is not limited to Azure. It is cloud agnostic and applies to other cloud providers like AWS and GCP.

What is Azure Landing Zone?

Azure Landing zones are an output of a multi-subscription azure environment that accounts for scale, security, governance, identity, and networking. Azure Landing zone also provides a scalable module approach to building your environment based on a common set of design areas.

What are the benefits of Landing Zone in Azure?

Improved Security Controls

You are applying a set of policies in different environments.

Resource Creation

Only allowed resources are created so that any unwanted resources or unused resources in the application can be avoided for creation.


Allowing only specific tiers to be created for environments specific, like LRS in Dev env, GRS, or ZRS in Production env. Defining the tier policy which helps us in managing the cost-effectively. 

The Azure Landing zone can start with a small-scale application and evolve or support high-level enterprise applications.

How to Implement Azure Landing zone?

  1. Azure Landing zone can be created by applying azure policies using ARM templates or Terraform modules.
  2. Azure Blueprints are a predefined set of policies that Microsoft provides. They are nothing but a single policy or multiple policies together.
  3. IaC set up and configure an environment per your requirements.