CAFfe Zeit

A lot of topics around the Microsoft Cloud Adoption Framework
de en

New Platform Management Group and Subscription for Security in Azure Landing Zones

2025-07-16

Microsoft recently introduced a significant update to the Azure Landing Zones (ALZ) architecture: the addition of a dedicated Security Management Group and Security Subscription within the platform structure. Read the official blog post on TechCommunity here.

Why this change makes sense

Previously, Microsoft Sentinel was installed by default on the central Log Analytics Workspace (LAW) in the Management Subscription. This led to a mix of operational and security logs. The new structure allows:

  • Separation of operational and security logs, improving clarity and security.
  • Flexibility for customers and partners to configure Microsoft Sentinel as needed.
  • Utilization of the 31-day free trial of Sentinel when the customer is ready.

Further Information

These changes have already been reflected in the Microsoft Learn documentation for Azure Landing Zones. Implementation tools and accelerators will be updated in the coming months.

Conclusion

Introducing a dedicated security structure within the Azure Landing Zone architecture is a logical step to enhance governance and security in the cloud. Organizations gain more control and clarity over their security implementations.

CAF Govern Secure
de
© 2025 by Niels Ophey
Thanks to the Bilberry Hugo Theme