enterprise architecture

Overview

azure enterprise architecture

As a minimum, configure the platform management group including its children. Deploy subscriptions for identity, management, and connectivity.

Dedicated subscriptions allow for better control of permissions with PIM.

Create a hub virtual network in the connectivity subscription. [express-route] circuits or [[site-to-site]] VPN connections terminate in the hub virtual network. Consider deploying [virtual-wan] instead of manually creating virtual networks and peerings.

Create virtual networks with small address ranges.

Use [[blueprints]] to deploy infrastructure for applications. Each applications is deployed in it’s dedicated landing zone subscription with a dedicated virtual network that is connected to the hub virtual network with vnet peering.