Azure Landing Zone Accelerator

Build Your Azure Landing Zone with Confidence in 6 Weeks

Stylisher divider in meshcloud blue

Are you a Cloud Foundation Team looking for the right path to build your Azure Landing Zone? Our Azure Landing Zone Accelerator provides you with an Azure security baseline you can own with full confidence.

Azure Landing Zone Accelerator
Logo NRW Bank. Promoting ideas.

Our offering: Landing Zone Accelerator

Don't let Azure Complexity bring you down!

Implementing best practices like Azure Enterprise Scale is overwhelming at first. With our team of Azure Landing Zone specialists, we will work closely with you to break down complexity and help you master the skills, tools and processes you need to confidently navigate your organization’s Azure journey.

Landing Zone Accelerator Essentials

Essential Azure Landing Zone knowledge

Together, we implement the essential capabilities of your Azure Landing Zone

In our hands-on Landing Zone Workshops, our Azure experts guide you through all essential Landing Zone capabilities, creating visible results every week:

  • Documenting the shared responsibility model
  • Establishing a resource hierarchy
  • Implementing service and location restrictions
  • Enforcing centralized audit logging
  • Aligning identity and access management
  • Understanding basic cost management in Azure

This includes good understanding, hands-on implementation and integrated documentation, one capability at a time.

Do you have questions? Book an expert call and we’ll answer them.

Optional extensions

Our flexible extensions let you tailor the Landing Zone Accelerator to your needs

New to Infrastructure as Code (IaC)?
Join our IaC-Bootcamp.

Mastering your tool setup is key if you are aiming to own and evolve your Azure Landing Zone over time. So don’t worry if Git and terraform still feel new to you. In our 1-day bootcamp, we’ll help you set up your toolchain and teach you how to use it with ease.

You’ll get familiar with the following tools:

  • Git
  • terraform
  • terragrunt
  • collie CLI

Networking worries?
Enable standardized connectivity with our extension.

Networking can be a tough nut to crack. Whether you’re looking for a cloud-only network or on-prem connectivity to connect to your datacenter. In this 2 week extension to the Landing Zone Accelerator we’ll help you choose the networking setup that best fits your organization’s needs, set you up on the cloud side and walk you through your roadmap for the on-premise side.

We offer the following Azure networking setups:

  • cloud-only
  • on-premise connectivity

FAQ – Landing Zone Accelerator (LZA)

The Landing Zone Accelerator is a good match for your needs, if your organization meets one or more of the following characteristics:

  • The need for cloud infrastructure in your company is growing and more and more people and teams need access to the cloud and different use cases have to be taken into account.
  • You already have the first workloads running in the cloud that you want to organize and transfer to consistent governance.
  • You have already clarified the organizational requirements, that you are responsible for cloud integration (Azure) and also have the corresponding mandate (and, as an effect, access to administrative privileges in Azure).
  • You want to build up and retain the skills in-house to secure and operate the cloud infrastructure so you remain independent
  • You want to ensure that cloud accounts are secured according to specific rules (e.g. restrict certain services or locations, enforce encryption, etc.) and are set up according to the “everything as code” principle.
  • While making the cloud compliant you still want to maintain the speed and flexibility of cloud technologies to foster innovation.
  • The use of industry and manufacturer standards and best practices is important to you
  • You benefit from the extensive experience of year-long experts in building highly scalable cloud governance solutions and want to adopt them for your company
  • You currently want to put Azure into operation in a focused manner, and in the future you may also want to provide other cloud platforms in the company
  • You may have been building a landing zone for some time, you finally want to get results, but the coordination with all stakeholders seems to drag on endlessly

Further, you need access to a cloud environment in Azure (e.g. an Azure Tenant) which we can use to build up the landing zone architecture within your organization.

We designed the landing zone accelerator to be an empowerment programme for a team of two roles:

  1. An Architect who designs the system landscape to integrate the cloud.
  2. An Engineer who implements the foundational cloud security and provisioning automations.

These can be two people or both roles combined in one person, but shouldn’t be more than three to ensure fast progression of the accelerator format.

Being in contact with other stakeholders can support small decisions along the way, however we explicitly refrain from time-consuming alignment meetings before we build something to collect feedback on. Rather, we create an MVP during the accelerator which you iteratively improve afterwards as stakeholders are available. To enable you to do so, we put all tools, workflows and foundations in place along the accelerator.

We help you to get set up your toolstack, understand the components and go step-by-step to bring all parts together. We focus on the essential parts of a landing zone architecture, e.g. the shared responsibility model, service and location restrictions, audit logs etc. to ensure you set basic security boundaries consciously before letting users into the cloud. That way, you control what users are able to do in the cloud and prevent forbidden behaviour.

Git and terraform are among the industry-standard tools when it comes to follow an IaC approach. Therefore, if you master these tools you can benefit from this state-of-the-art method of infrastructure management.

For your case, we offer an IaC Bootcamp that helps you get comfortable with tools like git and terraform. We’ll ensure you manage the necessary workflows to get along in the LZA and own your landing zone deployments afterwards.

Yes, we build the LZA workflows to be used in best practice IaC GitOps.

Yes, as the whole LZA approach is based on terraform and GitOps, you are able to insert your existing modules. That way, our setup is future-proof to add further support for more service or other platforms besides Azure at a later stage.

Yes, we have two specialized modules which focus on both cloud networking and on-premise connectivity. Building on the foundation we establish in the LZA, we will ensure to have basic networking services running after two additional weeks.

No, the LZA builds only on native platform tools and tooling available as Open Source without dependencies on further tooling. Of course, as our meshStack product is build on similar principles and technologies, we ensure you can smoothly migrate to this solution if you want to do so at some point.

We know that aligning with other teams (e.g. IAM, Security, Infrastructure etc.) is challenging in large organizations. After all, that is what stalls many companies’ cloud journeys. That is why we follow a different approach: We implement a working landing zone architecture (based on the Azure Enterprise Scale Framework) to show hands-on how the parts work together. Instead of talking about powerpoint slides, we deliver a workable and self-documenting technical artifact.

With the implementation in hand (e.g. a landing zone with existing service policies), we ask other stakeholders for their specific feedback. Moving target discussions therefore converge to questions like: “Is this sufficient? If not, what do we need to add or change?”. This way, we talk about specific requirements which are actionable. We move forward and get into a mode of iterative improvements, eventually succeeding in an aligned green-lighted landing zone.

That way, we progress fast together during the Landing Zone Accelerator and create the prerequisites for continuous stakeholder alignment afterwards in a realistic timeframe for your organization.

You will be able to operate and maintain a foundational Azure landing zone. This includes all workflows for a proper Infrastructure-as-Code (IaC) approach. From there, you can start to extend the policies on your own. Use the Cloud Foundation Maturity Model (CFMM) and the Cloud Foundation community to define your path forward. Visit for more information.

After the compact build phase with the Landing Zone Accelerator, next steps include:

  • Tailoring landing zones to specific use cases (e.g. cloud-native or lift&shift workloads) to strike the optimal balance between security and application team empowerment
  • Provide cloud environments to application teams on-demand to scale your company’s cloud adoption quickly
  • Use the Cloud Foundation Maturity Model (CFMM) to inspire further creation of capabilities that are valuable to your organization.

With meshcloud, we specialize in the building and running of scaling cloud foundations. With our customers, we operate cloud infrastructure for thousands of users and projects. We build cloud foundations in many organizations in different stages of their cloud journey.

We are currently offering the LZA for Azure specifically as a pilot offering. If AWS or Google Cloud are your focus, please reach out to us with your request and let us know.

Please reach out to us with your question. We are happy to hear your feedback and provide the answers.

Our proven path to Azure Landing Zones

Our mission is to Empower You

We follow a proven repeatable process that combines a powerful tool stack with best practice content and specialized cloud engineers that will guide you and your organization through the Azure security jungle.

Our approach includes:

GitOps Tool Stack

We set you up with open-source tools like Git and terraform to prevent you from lock-in.

Azure Best Practices

We follow Azure Landing Zone best practices, specifically Azure Enterprise Scale.

A Strong Community

You join a flourishing community that meets regularly and provides a large set of validated Landing Zone modules.

No Powerpoint 🙂

All our results are documented in your individual  docs website, not another slide deck to be forgotten.

Let’s break through the security wall together

Ready to get started with meshcloud's Azure Landing Zone Accelerator?

Contact us today to schedule a consultation and learn more about how we can help you build an Azure Landing Zone that meets your organization’s unique needs.

Schedule Expert Call onlineLearn more about Landing Zones