What's new in the Microsoft Cloud Adoption Framework for Azure
We build the Microsoft Cloud Adoption Framework collaboratively with our customers, partners, and internal Microsoft Teams. We release new and updated content for the framework as it becomes available. These new releases pose an opportunity for you to test, validate, and refine the Cloud Adoption Framework guidance along with us.
Partner with us in our ongoing effort to develop the Cloud Adoption Framework.
March 2024
Updated articles
- Azure governance design area: Explore a new section for third-party tooling, including guidance for AzAdvertizer and Azure Governance Visualizer.
- Tools and templates: Find information about governance for AzAdvertizer.
- Resource consistency decision guide: Check out our expanded information about basic grouping for resource groups.
- Select Azure regions: We added guidance about how to plan Azure resource group deployments.
- Transition an existing Azure environment to the Azure landing zone conceptual architecture: Find tip to help you reduce the impact of regional outages.
- Security guidelines for Oracle on Azure Virtual Machines landing zone accelerator: Review new use cases for centralized identity management. These use cases include using Azure Key Vault to store credentials and using hardened operating system images.
- Storage for Azure HPC in the finance sector: Find new data to help you compare Azure Managed Lustre with Blob Storage, Azure Files, and Azure NetApp Files.
- Network topology and connectivity for an SAP migration: Explore design recommendations for Azure ExpressRoute.
February 2024
New articles
- Application identity and access management: Learn about recommendations that application owners and developers can use to design the identity and access management for cloud-native applications.
Updated articles
- Hybrid identity with Active Directory and Microsoft Entra ID in Azure landing zones: We updated this article to include information about how to design and implement Microsoft Entra ID and hybrid identity for Azure landing zones. Microsoft Entra ID is a cloud-based identity and access management service that provides robust capabilities to manage users and groups. You can use it as a standalone identity solution or integrate it with a Microsoft Entra Domain Services infrastructure or an on-premises Active Directory Domain Services (AD DS) infrastructure.
- Landing zone identity and access management: Find out about considerations and recommendations for implementing identity and access control within Azure application and platform landing zones. This article has extensive new content.
- Azure identity and access management design area: Learn about the identity and access management design area, which provides best practices to establish the foundation of your public cloud architecture. This article has extensive new content.
- Cloud adoption journey: Learn about various types of cloud adoption journeys, including when to retire, replace, rearchitect, rebuild, rehost, or replatform your solution.
- Azure migration tools decision guide: We added information about tools for application migration, modernization, replatforming, and rehosting.
- Azure workload management and monitoring: Find new guidance about sovereign workloads.
January 2024
New articles
Define a sovereignty strategy: Organizations that use cloud services can find guidance for meeting the sovereignty requirements for their countries/regions. We also updated several articles with sovereignty considerations, which you'll find under the "Updated articles" section for this month.
Advanced Azure Policy management: Find out how to manage Azure Policy at scale by using the Enterprise Policy as Code (EPAC) open-source project and integrating IaC into your environment.
Updated articles
Plan for IP addressing: We added information about IPv6 considerations. Find recommendations to help you plan for IPv6 and implement it in your existing Azure networks.
Network topology and connectivity for Azure Arc-enabled servers: Find updates about how to overcome the management challenges involved in using Private Link.
New sovereignty considerations can be found in the following updated articles:
We also added information about application migration tools and strategies. Find updates in these articles:
- Cloud adoption journey: Learn about rearchitecting or rebuilding applications that can't be replaced by SaaS or low-code solutions.
- Migration tools decision guide: Explore tools for application migration and modernization and tools for replatforming or rehosting.
December 2023
New articles
Find new guidance about Azure landing zones:
- Manage application development environments in Azure landing zones
- Modify an Azure landing zone architecture to meet requirements across multiple locations
- Incorporate Zero Trust practices in your landing zone
Updated articles
In the following articles, find updated guidance about workload discovery processes that help you understand the many dimensions involved in migrating a workload. You can use that information to help you effectively migrate cloud workloads to another region.
- Evaluate a cloud workload for relocation
- Migrate a cloud workload to another region
- How to initiate a cloud relocation project
In Centralized security operations with external identities for multitenant defense organizations, we updated our guidance for centralized security operations.
In Identity and access management for Azure Virtual Desktop, we added updates for Azure Virtual Desktop design considerations and supported identity scenarios.
November 2023
Sovereignty requirements
This new article describes how to meet digital sovereignty requirements when you adopt cloud computing. The Azure landing zone FAQ has been updated with material that corresponds to the sovereignty considerations article.
October 2023
HPC baseline computing
HPC baseline computing updates and new articles describe the benefits of Azure HPC OnDemand Platform (AzHop), compare the features of Azure Batch and Azure CycleCloud, and provide a large-scale HPC architecture for the finance industry.
Brownfield alignment scenarios
This series starts with an introduction that describes recommendations for transitioning an existing Azure environment into an Azure landing zone conceptual architecture. It includes considerations for moving resources and subscriptions. There are four distinct articles that describe transitioning scenarios based on the existing Azure environment. The final article provides guidance about maintaining a cloud environment over time.
- Transition an existing Azure environment to the Azure landing zone conceptual architecture
- Scenario: Transition a single subscription with no management groups to the Azure landing zone conceptual architecture
- Scenario: Transition management groups to the Azure landing zone conceptual architecture
- Scenario: Transition a regional organization environment to the Azure landing zone conceptual architecture
- Scenario: Transition an environment by duplicating a landing zone management group
- Journey toward the target architecture
Updated CAF Azure regions decision guide
Learn how to select Azure regions for your cloud footprint by considering the characteristics of each region, like availability zones, region pairs, available services, and nonfunctional requirements, like region proximity and capacity. We’ve also provided new guidance about operating across multiple Azure regions. As part of this change, we simplified the guidance about selecting Azure regions for migrations.
Network topology and connectivity for Azure Virtual Desktop
The updates to the Network topology and connectivity for Azure Virtual Desktop article describe two new scenarios to help you understand how to manage network topology and connectivity at scale in Azure Virtual Desktop. The first scenario describes a hub-and-spoke architecture with hybrid connectivity over managed networks. The second scenario describes a hub-and-spoke architecture with public networks. Both scenarios use Remote Desktop Protocol Shortpath (RDP Shortpath).
September 2023
Plan for IP addressing
This article was updated with relevant information about IPv4 exhaustion and IPAM (IP address management) tools.
Guidance for documenting and deploying alerts
To support the imminent general availability of Azure Monitor baseline alerts for an Azure landing zone, we have created Cloud Architecture Framework documentation about baseline alerts. Find out what baseline alerts are and where to go for more information about how to enhance your Azure platform by using Azure Monitor alerts.
Azure VMware Solution network design guides
These guides describe the Microsoft-recommended approach to help you design network connectivity for Azure VMware Solution private clouds. They explore four design areas: connectivity with on-premises sites, connectivity with Azure virtual networks, inbound internet connectivity, and outbound internet connectivity. Each design area is covered in a dedicated article, which presents architectural options, including their pros and cons. There are also two articles that cover the basics of Azure VMware Solution networking and guidance on how to prioritize requirements and related design areas.
Azure VMware Solution network design guide: Inbound internet connectivity
Azure VMware Solution network design guide: Networking basics
Azure VMware Solution network design guide: Outbound internet connectivity
Azure VMware Solution network design guide: Connectivity with on-premises sites
Azure VMware Solution network design guide: Connectivity with Azure virtual networks
July 2023
Landing zone regions
This article explains how landing zones use Azure regions. It also explains how to add a region to an existing landing zone and considerations for migrating your Azure estate to a different region.
Enhanced migration guidance
This article describes how to ensure that configurations are in place when you migrate your landing zone. It explores tasks, such as preparing your identity, enabling hybrid Domain Name System (DNS) services, and enabling subscription vending.
New best practices for SAP landing zone accelerator security on Azure
This series provides guidance for your SAP environment in Azure. You can find best practices for security operations to secure your SAP environment in Azure, security recommendations for SAP on Azure that runs on a SQL Server database, and guidance about the flow of SAP data from source SAP systems to downstream targets. Learn how to use Azure Synapse Analytics to build a modern data platform to ingest, process, store, serve, and visualize data from various sources.
June 2023
Updated machine learning inference during deployment
Learn about the best practices for deploying machine learning models in production environments by using Azure Machine Learning. Explore architectural considerations and deployment methods (real time and batch inference). Learn how to ensure consistency, monitor performance, implement security measures, and create a plan for updates.
New landing zone sandbox environments
This article describes how to use a sandbox environment, including configuring networking, enabling audit logging, assigning a budget, and setting an expiration date.
April 2023
Network topology and connectivity for Azure VMware Solution
When you use a VMware software-defined datacenter (SDDC) with an Azure cloud ecosystem, you have a unique set of design considerations to follow for both cloud-native and hybrid scenarios. This article provides key considerations and best practices for networking and connectivity to, from, and within Azure and Azure VMware Solution deployments.
Network considerations for Azure VMware Solution dual-region deployments
Learn how to configure network connectivity when Azure VMware Solution private clouds are deployed in two Azure regions for disaster resiliency. If there are partial or complete regional outages, the network topology in this article allows unaffected components (private clouds, Azure-native resources, and on-premises sites) to maintain connectivity with each other and with the internet.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for