https://larryjameshenry.com/posts/azure-landing-zone-guide/2026-04-07T00:00:00+00:00https://larryjameshenry.com/images/featured.webpAzure Platform Engineering: The Complete Guide to Building an Enterprise Landing ZoneBuild a production-grade Azure Landing Zone from scratch. Covers all 8 CAF design areas, Terraform AVM, Bicep Deployment Stacks, and secret-less CI/CD.https://larryjameshenry.com/posts/azure-landing-zone-guide/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-landing-zone-guide/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-management-group-design/2026-04-07T00:00:00+00:00https://larryjameshenry.com/images/featured.webpDesign Your Azure Management Group and Subscription HierarchyDesign and deploy a production Azure management group hierarchy with Terraform and Bicep AVM. Covers intermediate groups, platform vs workload separation, and subscription placement.https://larryjameshenry.com/posts/azure-management-group-design/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-management-group-design/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-hub-spoke-networking/2026-04-07T00:00:00+00:00https://larryjameshenry.com/images/featured.webpHub-and-Spoke Networking for Azure Landing Zones: Azure Firewall, Bastion, and Private DNSBuild a production hub-and-spoke network for Azure landing zones. Covers Azure Firewall Premium, Bastion scaling, DNS Private Resolver, and VNet peering with gateway transit.https://larryjameshenry.com/posts/azure-hub-spoke-networking/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-hub-spoke-networking/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-identity-architecture/2026-04-07T00:00:00+00:00https://larryjameshenry.com/images/featured.webpIdentity and Access Architecture for Azure Landing Zones: Entra ID, RBAC, and PIMDesign the identity layer of an Azure landing zone. Covers Entra ID vs Azure RBAC, Privileged Identity Management (PIM), and secret-less OIDC authentication for GitHub Actions.https://larryjameshenry.com/posts/azure-identity-architecture/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-identity-architecture/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-policy-governance/2026-04-08T00:00:00+00:00https://larryjameshenry.com/images/featured.webpGovernance at Scale: Writing and Deploying Azure Policies with Terraform and BicepWrite and deploy Azure Policy definitions, initiatives, and assignments as code. Learn to use the Deny and DeployIfNotExists effects to maintain a secure landing zone foundation.https://larryjameshenry.com/posts/azure-policy-governance/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-policy-governance/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-subscription-vending/2026-04-08T00:00:00+00:00https://larryjameshenry.com/images/featured.webpSubscription Vending: Automating New Workload Onboarding with IaCAutomate Azure subscription provisioning with a PR-based vending workflow. Learn to deploy spoke networking, RBAC, and budgets using Terraform and Bicep patterns.https://larryjameshenry.com/posts/azure-subscription-vending/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-subscription-vending/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-monitor-logging/2026-04-08T00:00:00+00:00https://larryjameshenry.com/images/featured.webpCentralized Monitoring: Log Analytics, Diagnostic Settings, and Azure Monitor WorkbooksDesign a centralized logging architecture for your Azure Landing Zone using Log Analytics and Data Collection Rules. Learn to automate diagnostic settings at scale.https://larryjameshenry.com/posts/azure-monitor-logging/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-monitor-logging/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-security-baseline/2026-04-08T15:00:00+00:00https://larryjameshenry.com/images/featured.webpSecurity Baseline: Defender for Cloud and Microsoft Sentinel in a Landing ZoneEstablish a robust security baseline by deploying Microsoft Defender for Cloud and Microsoft Sentinel. Learn to automate threat detection and posture management at scale.https://larryjameshenry.com/posts/azure-security-baseline/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-security-baseline/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-landing-zone-cicd/2026-04-08T15:00:00+00:00https://larryjameshenry.com/images/featured.webpCI/CD Pipeline for Your Landing Zone: Deploying Azure Verified Modules with GitHub ActionsBuild a production-grade CI/CD pipeline for your Azure Landing Zone. Learn to implement OIDC authentication, automated testing with PSRule, and PR-driven workflows.https://larryjameshenry.com/posts/azure-landing-zone-cicd/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-landing-zone-cicd/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-landing-zone-costs/2026-04-08T15:00:00+00:00https://larryjameshenry.com/images/featured.webpCost Governance in the Landing Zone: Tagging Enforcement, Budgets, and FinOps AutomationMaster Azure cost governance by automating tagging enforcement, budget alerts, and anomaly detection. Build a FinOps-ready landing zone using Terraform and Bicep.https://larryjameshenry.com/posts/azure-landing-zone-costs/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-landing-zone-costs/images/featured.webpimages/featured.webphttps://larryjameshenry.com/posts/azure-landing-zone-ops/2026-04-08T15:00:00+00:00https://larryjameshenry.com/images/featured.webpDay-2 Operations: Maintaining and Evolving Your Azure Landing ZoneLearn how to operate, maintain, and upgrade your Azure Landing Zone. Covers policy drift remediation, RBAC reviews, and migrating to Azure Verified Modules (AVM).https://larryjameshenry.com/posts/azure-landing-zone-ops/images/featured.jpgimages/featured.jpghttps://larryjameshenry.com/posts/azure-landing-zone-ops/images/featured.webpimages/featured.webphttps://larryjameshenry.com/categories/azure/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/azure-avm-migration/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/azure-budget-alert-automation/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/azure-cost-management-landing-zone/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/azure-finops-platform-engineering/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/azure-landing-zone-cicd/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/azure-landing-zone-day-2-operations/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/azure-landing-zone-maintenance-bicep-terraform/2026-04-08T15:00:00+00:00https://larryjameshenry.com/series/azure-platform-engineering-build-an-enterprise-landing-zone-from-scratch/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/azure-policy-drift-remediation/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/azure-security-baseline-tutorial/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/azure-tagging-policy-terraform-bicep/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/bicep-deployment-stacks-guide/2026-04-08T15:00:00+00:00https://larryjameshenry.com/categories/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/cloud-security-posture-management-asb/2026-04-08T15:00:00+00:00https://larryjameshenry.com/categories/devops/2026-04-08T15:00:00+00:00https://larryjameshenry.com/categories/finops/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/github-actions-azure-oidc/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/gitops-for-azure-landing-zone/2026-04-08T15:00:00+00:00https://larryjameshenry.com/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/microsoft-defender-for-cloud-guide/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/microsoft-sentinel-landing-zone/2026-04-08T15:00:00+00:00https://larryjameshenry.com/categories/operations/2026-04-08T15:00:00+00:00https://larryjameshenry.com/posts/2026-04-08T15:00:00+00:00https://larryjameshenry.com/categories/security/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/sentinel-data-connectors-bicep/2026-04-08T15:00:00+00:00https://larryjameshenry.com/series/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/terraform-github-actions-tutorial/2026-04-08T15:00:00+00:00https://larryjameshenry.com/tags/automated-subscription-provisioning/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/azure-diagnostic-settings-policy/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/azure-governance-best-practices/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/azure-monitor-logging-tutorial/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/azure-monitor-workbooks-guide/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/azure-policy-as-code/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/azure-subscription-vending/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/bicep-lz-vending/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/bicep-policy-assignment/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/data-collection-rules-kql/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/dine-policy-remediation/2026-04-08T00:00:00+00:00https://larryjameshenry.com/categories/governance/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/landing-zone-automation/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/log-analytics-workspace-v2/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/terraform-azure-policy-tutorial/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/terraform-subscription-vending/2026-04-08T00:00:00+00:00https://larryjameshenry.com/tags/azure-bastion-scaling/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/azure-dns-private-resolver/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/azure-firewall-premium-tutorial/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/azure-governance-as-code/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/azure-hub-and-spoke-networking/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/azure-identity-architecture/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/azure-landing-zone-tutorial/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/azure-management-group-design/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/azure-pim-best-practices/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/azure-platform-engineering-guide/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/azure-subscription-hierarchy/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/azure-verified-modules-avm/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/azure-verified-modules-ptn-alz/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/caf-enterprise-scale/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/entra-id-rbac-tutorial/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/landing-zone-architecture/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/landing-zone-as-code/2026-04-07T00:00:00+00:00https://larryjameshenry.com/categories/networking/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/oidc-github-actions-azure/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/vnet-peering-gateway-transit/2026-04-07T00:00:00+00:00https://larryjameshenry.com/tags/zero-trust-azure-identity/2026-04-07T00:00:00+00:00https://larryjameshenry.com/gallery/2022-06-25T18:35:46+05:30https://larryjameshenry.com/about/https://larryjameshenry.com/images/larryjameshenry.webpAbout Larry James HenrySenior DevOps Engineer and Azure Solutions Architect specializing in Platform Engineering and PowerShell automation.https://larryjameshenry.com/tags/azure-devops/https://larryjameshenry.com/series/azure-devops-yaml-expression-masterclass/https://larryjameshenry.com/tags/ci/cd/https://larryjameshenry.com/tags/compile-time/https://larryjameshenry.com/tags/devops/https://larryjameshenry.com/tags/pipeline-expressions/https://larryjameshenry.com/tags/runtime/https://larryjameshenry.com/tags/yaml/