Improve landing zone security

When a workload or the landing zones that hosts it requires access to any sensitive data or critical systems, it's important to protect the data and assets. Improving landing zone security builds on the test-driven development approach to landing zones by expanding or refactoring the landing zone to account for heightened security requirements.

Landing zone security best practices

The following list of reference architectures and best practices provides examples of ways to improve landing zone security:

• Microsoft Defender for Cloud: Onboard a subscription to Defender for Cloud.
• Microsoft Sentinel: Onboard to Microsoft Sentinel to provide a security information event management (SIEM) and security orchestration automated response (SOAR) solution.
• Secure network architecture: Reference architecture for implementing a perimeter network and secure network architecture.
• Identity management and access control: Series of best practices for implementing identity and access to secure a landing zone in Azure.
• Network security practices: Provides additional best practices for securing the network.
• Operational security provides best practices for increasing operational security in Azure.
• The Security Baseline discipline: Example of developing a governance-driven security baseline to enforce security requirements.

Test-driven development cycle

Before beginning any security improvements, it's important to understand the "definition of done" and all "acceptance criteria". For more information, see the articles on test-driven development of landing zones and test-driven development in Azure.

Next steps

Understand how to improve landing zone operations to support critical applications.

Improve landing zone operations