Pular para o conteúdo principal
Products
Deploy Azure Landing Zone - Foundation
https://catalogartifact.azureedge.net/publicartifacts/frametype.alz-foundation-b07ef7fe-d995-484e-bec6-b41ba32898d4/image1_marketplaceOfferLogo216x216.png

Deploy Azure Landing Zone - Foundation

por Frametype Solutions

CAF-aligned Azure Landing Zone with hub-spoke networking, Zero Trust, governance, and Lighthouse.

Production-grade Azure Landing Zone. CAF-aligned from day one.


A Complete Azure Landing Zone Foundation in Your Subscription
Deploy a production-grade, CAF-aligned Azure Landing Zone into a single Azure subscription. Five resource groups, hub-spoke networking, Zero Trust controls, governance policies, and Azure Lighthouse support access are all configured from day one through a guided deployment experience.
Who This Offer Is For
Organizations beginning their Azure journey who need a governed, production-ready cloud foundation without building landing zone infrastructure from scratch
IT teams formalizing an existing Azure subscription with CAF-aligned structure, consistent naming, tagging, and security controls
Platform engineers who need a repeatable, extensible starting point that grows into a full enterprise landing zone without replacing existing infrastructure
The Problem This Solves
Building a landing zone manually means assembling dozens of interdependent resources - virtual networks, NSGs, route tables, Key Vault, Log Analytics, policy assignments, RBAC, and Lighthouse - in the right order, with the right configuration, every time. Most organizations either skip critical controls to move faster or spend weeks getting the foundation right before any workloads can be deployed. This offer eliminates that tradeoff.
Key Differentiators
  • CAF-Aligned by Default: Five resource groups structured around Cloud Adoption Framework (CAF) separation principles: management, networking, security, identity, and workload, with consistent naming and tagging applied at deployment time. No post-deployment cleanup required.
  • Azure Verified Modules Aligned: The ARM JSON package submitted to Marketplace is compiled from Bicep source authored in alignment with Azure Verified Modules (AVM) standards, ensuring WAF-aligned defaults and CAF-compliant resource configuration are baked in at build time, not applied after deployment.
  • Hub-Spoke Networking Ready: A hub and spoke virtual network topology with Network Security Groups (NSGs), route tables, and peering configured at deployment. Outbound internet traffic is restricted to HTTPS only at the NSG level. The routing layer is pre-staged for Azure Firewall integration in Tier 2 without replacement of existing infrastructure.
  • Zero Trust by Design: No public IP addresses on platform resources, PIM-eligible Just-in-Time (JIT) support access with multi-factor authentication (MFA) required, and Key Vault protected with a CanNotDelete lock. Every architectural decision maps to one of the three Zero Trust principles: Verify Explicitly, Use Least Privilege, and Assume Breach.
  • Governance from Day One: Azure Policy assignments for backup and Microsoft Defender for Servers, Role-Based Access Control (RBAC) for two customer-defined Entra ID security groups, budget alerts with configurable thresholds, and diagnostic settings routing platform telemetry to Log Analytics, all configured at deployment time, not as a follow-up task.
  • Support Access via Azure Lighthouse: Optional read access for monitoring and JIT Contributor access (PIM-eligible, MFA required, 8-hour maximum) scoped to the five operational resource groups. No standing access to your subscription. Delegation is revocable at any time.
From Starter to Enterprise
This offer is Tier 1, the first of a three-tier Azure Landing Zone suite. The hub-spoke network topology, route table configuration, and subnet layout are designed for forward compatibility. Tier 2 adds Azure Firewall, a default route, Private Domain Name System (DNS) zones, and multi-subscription peering that extends this foundation rather than replacing it. Tier 3 adds Management Group hierarchy and enterprise-scale governance. Organizations can start here and grow without rebuilding.

Delivered by frameType Solutions
frameType Solutions is a Microsoft partner specializing in Azure infrastructure, cloud adoption, and Well-Architected Framework aligned solutions.

For detailed deployment instructions and configuration options, visit our product page or refer to the frameType GitHub repository.

Visão geral

https://catalogartifact.azureedge.net/publicartifacts/frametype.alz-foundation-b07ef7fe-d995-484e-bec6-b41ba32898d4/image0_alzFoundationMarketplace1280x720.png
https://catalogartifact.azureedge.net/publicartifacts/frametype.alz-foundation-b07ef7fe-d995-484e-bec6-b41ba32898d4/image2_alzFoundationQuickSetupGuide1280x720.png
https://catalogartifact.azureedge.net/publicartifacts/frametype.alz-foundation-b07ef7fe-d995-484e-bec6-b41ba32898d4/image5_alzFoundationArchitectureDiagram.png

Outros aplicativos de Frametype Solutions

Deploy Azure Firewall w/Basic SKUFrametype Solutions
+1
Azure Firewall deployment configured w/Basic SKU to provide essential network security for SMB.
NaN out of 2
Deploy Azure Virtual Desktop - PoCFrametype Solutions
+1
Cloud-native AVD proof of concept with FSLogix profiles. No Active Directory required.
NaN out of 2