{"id":251,"date":"2021-03-31T00:00:00","date_gmt":"2021-03-31T00:00:00","guid":{"rendered":"https:\/\/azure.microsoft.com\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture"},"modified":"2025-06-26T03:24:10","modified_gmt":"2025-06-26T10:24:10","slug":"deploy-key-design-principles-with-enterprise-scale-architecture","status":"publish","type":"post","link":"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/","title":{"rendered":"Deploy key design principles with enterprise-scale architecture"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Tailwind Traders<sup>1<\/sup> is a retail company that is looking to adopt Azure as part of its IT strategy. The IT team is familiar with deploying infrastructure on premises and is now researching what they need to do in order to run their workloads within Azure. They&#8217;ve been doing some research and have found the <a href=\"https:\/\/docs.microsoft.com\/azure\/cloud-adoption-framework?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">Microsoft Cloud Adoption Framework for Azure<\/a> and <a href=\"https:\/\/docs.microsoft.com\/azure\/cloud-adoption-framework\/ready\/landing-zone?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">Azure landing zones<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When embarking on any project or new implementation, there are always key design and decision points to be discussed and fully understood. Deploying an enterprise-scale landing zone and subsequent resources to the cloud is no different. The enterprise-scale architecture prescribed in this guidance is based on the <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/cloud-adoption-framework\/ready\/enterprise-scale\/design-principles\" target=\"_blank\" rel=\"noopener\">design principles<\/a> that serve as a compass for subsequent design decisions across critical technical domains.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The Tailwind Traders IT team is sitting down to discuss the critical design areas as laid out within the <a href=\"https:\/\/docs.microsoft.com\/azure\/cloud-adoption-framework\/ready\/enterprise-scale\/design-guidelines?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">enterprise-scale landing zone documentation<\/a>. There are several areas that they need to discuss:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/docs.microsoft.com\/azure\/cloud-adoption-framework\/ready\/enterprise-scale\/enterprise-enrollment-and-azure-ad-tenants\/?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">Enterprise Agreement (EA) enrolment and Azure Active Directory tenants<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/docs.microsoft.com\/azure\/cloud-adoption-framework\/ready\/enterprise-scale\/identity-and-access-management\/?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">Identity and access management<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/docs.microsoft.com\/azure\/cloud-adoption-framework\/ready\/enterprise-scale\/management-group-and-subscription-organization\/?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">Management group and subscription organization<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/docs.microsoft.com\/azure\/cloud-adoption-framework\/ready\/enterprise-scale\/network-topology-and-connectivity\/?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">Network topology and connectivity<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/docs.microsoft.com\/azure\/cloud-adoption-framework\/ready\/enterprise-scale\/management-and-monitoring\/?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">Management and monitoring<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/docs.microsoft.com\/azure\/cloud-adoption-framework\/ready\/enterprise-scale\/business-continuity-and-disaster-recovery\/?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">Business continuity and disaster recovery<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/docs.microsoft.com\/azure\/cloud-adoption-framework\/ready\/enterprise-scale\/security-governance-and-compliance\/?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">Security, governance, and compliance<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/cloud-adoption-framework\/ready\/enterprise-scale\/platform-automation-and-devops\" target=\"_blank\" rel=\"noopener\">Platform automation and DevOps<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"subscriptions-and-management\">Subscriptions and management<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">One of the first decision points they need to think about is how they want to set up their environment in terms of management group hierarchy and platform operation owners. There are many ways to start to segment your environment. Start by defining the criteria for subscription provisioning and the responsibilities of a subscription owner. This will establish a cross-functional DevOps platform team to build, manage, and maintain your enterprise-scale architecture. Application DevOps teams will be given subscription owner permissions to create and manage application resources through a DevOps model.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Using subscriptions to help split up your environment can help with management of costs and day-to-day management responsibilities. Management groups provide governance guardrails, and subscriptions provide a management boundary for governance and isolation, which creates a clear separation of concerns.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">One thing they want to make sure is clear at the start is who is responsible within the subscriptions. What they don&#8217;t want to happen is a complete lack of governance because the roles and responsibilities weren&#8217;t defined at the start. Some suggestions&nbsp;to ensure the subscription owners are thinking about and implementing are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Perform an access review in Azure Active Directory (Azure AD)\u00a0Privileged Identity Management quarterly or twice a year to ensure that privileges don&#8217;t proliferate as users move within the customer organization.<\/li>\n\n\n\n<li class=\"wp-block-list-item\">Take full ownership of budget spending and resource utilization.<\/li>\n\n\n\n<li class=\"wp-block-list-item\">Ensure policy compliance and remediate when necessary.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">If Tailwind Traders wanted to ensure that their governance conditions were met and applied to each subscriptions <a href=\"https:\/\/docs.microsoft.com\/en-gb\/azure\/cloud-adoption-framework\/ready\/enterprise-scale\/management-group-and-subscription-organization?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">Management Groups<\/a>. This is a topic that the Cloud Adoption Framework covers to guide people around design considerations and recommendations. So, although it&#8217;s something that the Tailwind Traders team needs to discuss, they aren&#8217;t completely alone and have guidance available to them.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"networking\">Networking<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The networking and how you want your cloud environment to either act as a standalone environment or integrate with your existing environment(s) will be a very important part of Tailwind Traders design meetings. They need to plan for <a href=\"https:\/\/docs.microsoft.com\/learn\/modules\/design-ip-addressing-for-azure\/?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">IP addressing<\/a>, Domain Name System (DNS) and name resolution, the <a href=\"https:\/\/docs.microsoft.com\/en-gb\/learn\/paths\/architect-network-infrastructure\/?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">overall topology<\/a>, any network encryption, and traffic inspection requirements, and <a href=\"https:\/\/docs.microsoft.com\/learn\/modules\/design-a-hybrid-network-architecture\/?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">hybrid connectivity<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Every organization will have different requirements, existing setups, and complexities to overcome on their cloud adoption journey. Having discussed their needs and options, the Tailwind Traders team are looking to speak to a <a href=\"https:\/\/partner.microsoft.com\/\" target=\"_blank\" rel=\"noopener\">Microsoft Partner<\/a> to leverage outside experience and ensure they are heading in the right direction with their networking design and haven&#8217;t missed anything or misunderstood anything.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"security-governance-and-compliance\">Security, governance, and compliance<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Tailwind Traders are acutely aware they have some issues with their current environment. Right now, passwords and secrets are stored within a password-protected Microsoft Excel spreadsheet which has its challenges. Also, a lot of the resources they have deployed on-premises violate the company naming convention, so they want to avoid those issues following them into the cloud.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Discussing governance, they are keen to use <a href=\"https:\/\/docs.microsoft.com\/azure\/key-vault\/general\/?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">Azure Key Vault<\/a> instead of their Excel spreadsheet for their passwords and secrets. Still, they need to ensure they set up the correct security boundaries, and the people within the IT department are ready for the change from them being able to see everything to only the things they need. So, a discovery exercise internally will be carried out to ensure everyone understands the forthcoming changes and their access is right from the start of the change.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">They are also looking to implement <a href=\"https:\/\/docs.microsoft.com\/azure\/governance\/policy\/overview?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">Azure Policy<\/a> within Azure to help ensure new resources follow the company <a href=\"https:\/\/docs.microsoft.com\/azure\/cloud-adoption-framework\/ready\/azure-best-practices\/resource-naming?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">naming convention<\/a>. The team is also excited to see how <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/cloud-adoption-framework\/ready\/enterprise-scale\/security-governance-and-compliance#azure-security-benchmark\" target=\"_blank\" rel=\"noopener\">Azure Security Benchmark<\/a> and <a href=\"https:\/\/docs.microsoft.com\/azure\/security-center\/security-center-introduction?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">Azure Security Center<\/a> can help with their <a href=\"https:\/\/docs.microsoft.com\/azure\/compliance\/offerings\/offering-pci-dss?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">PCI DSS<\/a> compliance needs.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2021\/03\/4b7b218a-0abc-497b-afd7-d2b86228b116.webp\" alt=\"Azure Security Centre Regulatory compliance\" title=\"\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Figure 1: Azure Security Centre Regulatory compliance<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The team knows they have only covered a portion of the critical design areas as suggested by the enterprise-scale landing zone documentation. They need to have several other meetings to talk more before they start to deploy their landing zone, but they are excited about the progress that they have made and are excited about future discussions. The team is enjoying the fact that the enterprise-scale landing zone is there to help guide them through their cloud adoption journey.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">We&#8217;ll continue exploring Tailwind Traders and their cloud adoption journey using enterprise-scale architecture in future blog posts. However, if you&#8217;d like to learn more about enterprise-scale landing zones, please join Sarah Lean&nbsp;and I on April 7 at 8:00 AM PST, or 3:00 PM GMT, on <a href=\"https:\/\/aka.ms\/landingzone-qa\" target=\"_blank\" rel=\"noopener\">Learn TV<\/a> where we will be doing a Q&amp;A and deployment of a enterprise-scale landing zone live.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"learn-more\">Learn more<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Check out additional blog posts in our Tailwind Traders cloud adoption series powered by <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/cloud-adoption-framework\/?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">Microsoft Cloud Adoption Framework for Azure<\/a> and <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/cloud-adoption-framework\/ready\/landing-zone\/?WT.mc_id=modinfra-10032-salean\" target=\"_blank\" rel=\"noopener\">Azure landing zones<\/a>.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Choose the landing zone for <a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/choose-the-landing-zone-for-your-cloud-adoption-journey\/\" target=\"_blank\" rel=\"noopener\">your cloud adoption journey<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\">Accelerate your cloud adoption with the <a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/accelerate-your-cloud-adoption-with-the-start-small-and-expand-landing-zone\/\" target=\"_blank\" rel=\"noopener\">start small and expand landing zone<\/a>\u00a0<\/li>\n\n\n\n<li class=\"wp-block-list-item\">Scale cloud adoption with <a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/scale-cloud-adoption-with-modular-designs-for-enterprisescale-landing-zones\/\" target=\"_blank\" rel=\"noopener\">modular designs for enterprise-scale landing zones<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\">Leverage <a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/leverage-enterprisescale-reference-implementations-for-your-cloud-adoption\/\" target=\"_blank\" rel=\"noopener\">enterprise-scale reference implementations<\/a> for your cloud adoption<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<p class=\"wp-block-paragraph\"><sup>1<\/sup>Tailwind Traders is a fictional company that we reference within this blog post in order to help illustrate how companies can leverage the Cloud Adoption Framework in real world scenarios.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When embarking on any project or new implementation, there are always key design and decision points to be discussed and fully understood. Deploying an enterprise-scale landing zone and subsequent resources to the cloud is no different. The enterprise-scale architecture prescribed in this guidance is based on the design principles that serve as a compass for subsequent design decisions across critical technical domains.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","_alt_title":"","footnotes":"","msx_community_cta_settings":[]},"categories":[1482],"tags":[1509],"audience":[3054,3053],"content-type":[1481],"product":[],"tech-community":[],"topic":[],"coauthors":[139],"class_list":["post-251","post","type-post","status-publish","format-standard","hentry","category-management-and-governance","tag-customer-enablement","audience-business-decision-makers","audience-it-decision-makers","content-type-thought-leadership","review-flag-1680286581-56","review-flag-1-1680286581-825","review-flag-3-1680286581-173","review-flag-7-1680286581-146","review-flag-8-1680286581-263","review-flag-alway-1680286580-106","review-flag-integ-1680286579-214","review-flag-lever-1680286579-649","review-flag-new-1680286579-546","review-flag-on-pr-1680286585-571","review-flag-partn-1680286579-901"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Deploy key design principles with enterprise-scale architecture | Microsoft Azure Blog<\/title>\n<meta name=\"description\" content=\"When embarking on any project or new implementation, there are always key design and decision points to be discussed and fully understood. Deploying an enterprise-scale landing zone and subsequent resources to the cloud is no different. The enterprise-scale architecture prescribed in this guidance is based on the design principles that serve as a compass for subsequent design decisions across critical technical domains.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Deploy key design principles with enterprise-scale architecture | Microsoft Azure Blog\" \/>\n<meta property=\"og:description\" content=\"When embarking on any project or new implementation, there are always key design and decision points to be discussed and fully understood. Deploying an enterprise-scale landing zone and subsequent resources to the cloud is no different. The enterprise-scale architecture prescribed in this guidance is based on the design principles that serve as a compass for subsequent design decisions across critical technical domains.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Azure Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/microsoftazure\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-31T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-26T10:24:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2021\/03\/4b7b218a-0abc-497b-afd7-d2b86228b116.webp\" \/>\n<meta name=\"author\" content=\"Sarah Lean\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@azure\" \/>\n<meta name=\"twitter:site\" content=\"@azure\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sarah Lean\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/\"},\"author\":[{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/sarah-lean\/\",\"@type\":\"Person\",\"@name\":\"Sarah Lean\"}],\"headline\":\"Deploy key design principles with enterprise-scale architecture\",\"datePublished\":\"2021-03-31T00:00:00+00:00\",\"dateModified\":\"2025-06-26T10:24:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/\"},\"wordCount\":1060,\"publisher\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2021\/03\/4b7b218a-0abc-497b-afd7-d2b86228b116.webp\",\"keywords\":[\"Customer Enablement\"],\"articleSection\":[\"Management and governance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/\",\"name\":\"Deploy key design principles with enterprise-scale architecture | Microsoft Azure Blog\",\"isPartOf\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2021\/03\/4b7b218a-0abc-497b-afd7-d2b86228b116.webp\",\"datePublished\":\"2021-03-31T00:00:00+00:00\",\"dateModified\":\"2025-06-26T10:24:10+00:00\",\"description\":\"When embarking on any project or new implementation, there are always key design and decision points to be discussed and fully understood. Deploying an enterprise-scale landing zone and subsequent resources to the cloud is no different. The enterprise-scale architecture prescribed in this guidance is based on the design principles that serve as a compass for subsequent design decisions across critical technical domains.\",\"breadcrumb\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/#primaryimage\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2021\/03\/4b7b218a-0abc-497b-afd7-d2b86228b116.webp\",\"contentUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2021\/03\/4b7b218a-0abc-497b-afd7-d2b86228b116.webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog home\",\"item\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Management and governance\",\"item\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/category\/management-and-governance\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Deploy key design principles with enterprise-scale architecture\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#website\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\",\"name\":\"Microsoft Azure Blog\",\"description\":\"Get the latest Azure news, updates, and announcements from the Azure blog. From product updates to hot topics, hear from the Azure experts.\",\"publisher\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\",\"name\":\"Microsoft Azure Blog\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp\",\"contentUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Azure Blog\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/microsoftazure\",\"https:\/\/x.com\/azure\",\"https:\/\/www.instagram.com\/microsoftdeveloper\/\",\"https:\/\/www.linkedin.com\/company\/16188386\",\"https:\/\/www.youtube.com\/user\/windowsazure\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/person\/c702e5edd662b328b49b7e1180cab117\",\"name\":\"shakir\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g7664e653ea371ce16eaf75e9fa8952c4\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g\",\"caption\":\"shakir\"},\"sameAs\":[\"https:\/\/azure.microsoft.com\"],\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/shakir\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Deploy key design principles with enterprise-scale architecture | Microsoft Azure Blog","description":"When embarking on any project or new implementation, there are always key design and decision points to be discussed and fully understood. Deploying an enterprise-scale landing zone and subsequent resources to the cloud is no different. The enterprise-scale architecture prescribed in this guidance is based on the design principles that serve as a compass for subsequent design decisions across critical technical domains.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/","og_locale":"en_US","og_type":"article","og_title":"Deploy key design principles with enterprise-scale architecture | Microsoft Azure Blog","og_description":"When embarking on any project or new implementation, there are always key design and decision points to be discussed and fully understood. Deploying an enterprise-scale landing zone and subsequent resources to the cloud is no different. The enterprise-scale architecture prescribed in this guidance is based on the design principles that serve as a compass for subsequent design decisions across critical technical domains.","og_url":"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/","og_site_name":"Microsoft Azure Blog","article_publisher":"https:\/\/www.facebook.com\/microsoftazure","article_published_time":"2021-03-31T00:00:00+00:00","article_modified_time":"2025-06-26T10:24:10+00:00","og_image":[{"url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2021\/03\/4b7b218a-0abc-497b-afd7-d2b86228b116.webp","type":"","width":"","height":""}],"author":"Sarah Lean","twitter_card":"summary_large_image","twitter_creator":"@azure","twitter_site":"@azure","twitter_misc":{"Written by":"Sarah Lean","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/#article","isPartOf":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/"},"author":[{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/sarah-lean\/","@type":"Person","@name":"Sarah Lean"}],"headline":"Deploy key design principles with enterprise-scale architecture","datePublished":"2021-03-31T00:00:00+00:00","dateModified":"2025-06-26T10:24:10+00:00","mainEntityOfPage":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/"},"wordCount":1060,"publisher":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/#primaryimage"},"thumbnailUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2021\/03\/4b7b218a-0abc-497b-afd7-d2b86228b116.webp","keywords":["Customer Enablement"],"articleSection":["Management and governance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/","name":"Deploy key design principles with enterprise-scale architecture | Microsoft Azure Blog","isPartOf":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/#primaryimage"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/#primaryimage"},"thumbnailUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2021\/03\/4b7b218a-0abc-497b-afd7-d2b86228b116.webp","datePublished":"2021-03-31T00:00:00+00:00","dateModified":"2025-06-26T10:24:10+00:00","description":"When embarking on any project or new implementation, there are always key design and decision points to be discussed and fully understood. Deploying an enterprise-scale landing zone and subsequent resources to the cloud is no different. The enterprise-scale architecture prescribed in this guidance is based on the design principles that serve as a compass for subsequent design decisions across critical technical domains.","breadcrumb":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/#primaryimage","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2021\/03\/4b7b218a-0abc-497b-afd7-d2b86228b116.webp","contentUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2021\/03\/4b7b218a-0abc-497b-afd7-d2b86228b116.webp"},{"@type":"BreadcrumbList","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/deploy-key-design-principles-with-enterprise-scale-architecture\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog home","item":"https:\/\/azure.microsoft.com\/en-us\/blog\/"},{"@type":"ListItem","position":2,"name":"Management and governance","item":"https:\/\/azure.microsoft.com\/en-us\/blog\/category\/management-and-governance\/"},{"@type":"ListItem","position":3,"name":"Deploy key design principles with enterprise-scale architecture"}]},{"@type":"WebSite","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#website","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/","name":"Microsoft Azure Blog","description":"Get the latest Azure news, updates, and announcements from the Azure blog. From product updates to hot topics, hear from the Azure experts.","publisher":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/azure.microsoft.com\/en-us\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization","name":"Microsoft Azure Blog","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp","contentUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp","width":512,"height":512,"caption":"Microsoft Azure Blog"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/microsoftazure","https:\/\/x.com\/azure","https:\/\/www.instagram.com\/microsoftdeveloper\/","https:\/\/www.linkedin.com\/company\/16188386","https:\/\/www.youtube.com\/user\/windowsazure"]},{"@type":"Person","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/person\/c702e5edd662b328b49b7e1180cab117","name":"shakir","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g7664e653ea371ce16eaf75e9fa8952c4","url":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g","caption":"shakir"},"sameAs":["https:\/\/azure.microsoft.com"],"url":"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/shakir\/"}]}},"msxcm_display_generated_audio":false,"msxcm_animated_featured_image":null,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Azure Blog","distributor_original_site_url":"https:\/\/azure.microsoft.com\/en-us\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/comments?post=251"}],"version-history":[{"count":1,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/251\/revisions"}],"predecessor-version":[{"id":43680,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/251\/revisions\/43680"}],"wp:attachment":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/media?parent=251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/categories?post=251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/tags?post=251"},{"taxonomy":"audience","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/audience?post=251"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/content-type?post=251"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/product?post=251"},{"taxonomy":"tech-community","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/tech-community?post=251"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/topic?post=251"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/coauthors?post=251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}