It’s been a great few weeks lying in the french riviera sun. But it’s been busy in the community! Here are some updates.

CAF

As some of you know I’m a real fan of Enterprise Scale Landing Zones. This design methodology gives so much flexibility and fosters accountability. Landing Zones are explained in the Microsoft Cloud Adoption Framework for Azure or CAF for short. CAF gives a holistic approach to setting up, managing, governing an Azure environment, and more. It’s additional to the Azure Well-Architected Framework. Both are highly recommended reads. Here are some CAF related topics.

Cloud Adoption Framework for Azure Hybrid and Multicloud

Microsoft is really investing in hybrid and multicloud. If you look at the investments made in the different Azure Arc capabilities (Servers, Kubernetes, Data Services, etc.), and they are not finished, you can tell Microsoft wants to be the primary public cloud. The cloud where you can manage not only Azure resources, but also resources in AWS, GCP, but also on-premises or on a private cloud, from a single pane of glass.

There are new CAF scenarios available for Azure Hybrid and Multicloud as Thomas Maurer is mentioning. Have a look if you find this as fascinating as me.

Power Platform Landing Zones

Microsoft is also creating reference implementations of different landing zone scenarios. Kristian Nese is one of the engineers working on those templates. He recently shared there is a new reference implementation: Power Platform Landing Zones. Haven’t got the time to try it out, but it sounds promising. Here’s the guide and code.

ALZ Bicep repo

Landing zones isn’t just about architectural patterns. It’s also about managing them with Infra as Code. Microsoft has released this incredibly useful repo to use Bicep to deploy landing zones. It’s full of well documented Bicep code to get you up to speed with deploying Infra as Code using the latest and greatest.

Naming generator

As part of the Microsoft CAF repo, they have published an Azure resource naming generator. Seems really promising and flexible at first glance. Still on my todo list to check it out though.

“The Azure Naming Tool was built to accelerate Azure deployments using the Cloud Adoption Framework (CAF) as a baseline. Recognizing the lengthy, complex process it was for organizations to develop a standardized naming convention, the tool takes the complexity out of the process to generate a customizable naming convention within minutes.”

Azure Landing Zone Review Assessments

The CAF can be overwhelming as it has so much coverage. And the content is increasing. Microsoft has released review assessments, to get personal recommendations. The results look a bit like with Azure Advisor, specific steps to take to get to a better cloud environment.

Security

For some reason I get a lot of security related community stuff in my feeds. Perhaps they just stand out (to me). Here are some security related updates.

Microsoft Defender for Cloud Labs

Defender for Cloud is mainly a security posture management tool in Azure. There are labs available to learn Defender for Cloud.

Such tools can be daunting to learn. I find these kind of tutorials always extremely useful as it gives hands-on experience and a fast way of learning new stuff.

RBAC: permissions.cloud

A great multicloud RBAC overview: https://permissions.cloud/ This tool makes it easier to see which roles there are, and with the Policy Evaluator you can actually see the effective permissions.

Windows Security Configuration Framework

Well they actually sum it up really good why this is useful:

“Even when configuring policies, with thousands of policies available in Windows, choosing the “best” setting is difficult. It’s not always obvious which permutations of policies are required to implement a complete scenario, and there are often unintended consequences of security lockdowns. Because of this, with each release of Windows, Microsoft publishes Windows security baselines, an industry-standard configuration that is broadly known and well-tested. However, many organizations have discovered that this baseline sets a very high bar for some scenarios.”

This framework gives guidance into how to security configuration for different types of set up compared to the windows security baselines.

Other stuff

As my IT career started of with years of help desk work, this would have been an awesome tool to use. Unfortunately no one told me, or maybe I didn’t payed attention. Watch the video and learn. Shared by the legendary Swift on Security

So, you want to be an architect?

Do you have aspirations in becoming an architect? Well, when do you know you are an architect? This blog and video I find highly enlightening.

MEM/intune etc

If you are intested in Microsofts Endpoint Management solutions, read all about it in this community news letter. And if you’re really into those kinds of topics, here’s another one.

System Design

Alex Xu is a hero. He’s the author of System Design Interview, a book to prepare for job interviews in big tech. As part of those interviews you need to know system design. Alex Xu shares system design snippets as linkedIn posts and has now bundled all of them in a book. It’s free! I’m reading it right now! Loving it!