Microsoft Azure

Microsoft Frameworks for Azure

CAF Strategy
Outcome: Cloud adoption aligned with business goals.
How: Cloud adoption aligned with business goals.
CAF Plan
Outcome: Custom plan to adopt the cloud.
How: Custom plan to adopt the cloud.
CAF Ready
Outcome: Prepare Azure environment and landing zones.
How: Prepare Azure environment and landing zones.
CAF Adopt
Outcome: Migrate, modernize, and innovate workloads.
How: Migrate, modernize, and innovate workloads.
Ongoing Processes
CAF Govern
CAF Secure
CAF Manage
Outcome: Migrate, modernize, and innovate workloads.
How: Migrate, modernize, and innovate workloads.
Azure Architecture Center (AAC):
Implementation guidance for Azure solutions
Use AAC & WAF where it aligns with
the phases of the Cloud Adoption Framework
Well-Architected Framework (WAF):
Foundational principles to design workloads

8 Design Pillars for a Successful Secure Landing Zone

Identity & Access
Management

Entra ID
SSO, MFA
Conditional Access
RBAC
PIM

Security, Governance,
Compliance, Logging

Defender for Cloud
Azure Firewall
Key Vault
Azure Policy
Sentinel

Network Topology &
Connectivity

Virtual Networks
NSGs
Azure Firewall
Load Balancer
VPN / ExpressRoute

Resource
Organization

Management Groups
Governance Structure
Subscription Design

Capacity, Resiliency,
DC / DR Governance

Azure Capacity
Availability Zones
Site Recovery
Backup
BCP

Management, Operations,
Monitoring, Reporting

ARM
Automation
Azure Monitor
Log Analytics
App Insights

Billing &
Scalability

Azure Billing
Cost Management
Budgets
Reserved Instances
Savings Plans

Platform Automation
/ DevOps

Azure DevOps
Pipelines
IaC
ARM / Bicep
Terraform

Azure Compliance Offerings

Global
  • ISO 27001:2013
  • ISO 27017:2015
  • ISO 27018:2014
  • ISO 22301:2012
  • ISO/IEC 27701:2019
  • ISO 9001:2015
  • ISO 20000-1:2011
  • SOC 1 Type 2
  • SOC 2 Type 2
  • SOC 3
  • CIS Benchmark
  • CSA STAR Certification
  • CSA STAR Attestation
  • CSA STAR self-assessment
  • WCAG 2.0 (ISO 40500:2012)
US Gov
  • FedRAMP high
  • EAR
  • ITAR
  • DoD DISA SRG Level 5
  • DoD DISA SRG Level 4
  • DoD DISA SRG Level 2
  • DFARS
  • DoE 10 CFR Part 810
  • NIST SP 800-171
  • NIST CSF
  • Section 508 VPATs
  • FIPS 140-2
  • CJIS
  • IRS 1075
  • CNSSI 1253
Industry
  • PCI DSS Level 1
  • GLBA (US)
  • FFIEC (US)
  • Shared assessments (US)
  • SEC 17a-4 (US)
  • CFTC 1.31 (US)
  • FINRA 4511 (US)
  • SOX (US)
  • 23 NYCRR 500 (US)
  • OSFI (Canada)
  • FCA + PRA (UK)
  • APRA (Australia)
  • FINMA (Switzerland)
  • FSA (Denmark)
  • RBI + IRDAI (India)
Regional
  • Argentina PDPA
  • Australia IRAP Unclassified
  • Australia IRAP PROTECTED
  • Canada Privacy Laws
  • China GB 18030:2005
  • China DJCP (MLPS) Level 3
  • China TRUCS/CCCPPF
  • EU EN 301 549
  • EU ENISA IAF
  • EU model clauses
  • GDPR
  • Germany C5
  • Germany IT-Grundschutz workbook
  • India MeitY
  • Japan CS mark gold

Shared Responsibility Model

Responsibility always retained by the customer
Responsibility varies by type
Responsibility transfers to cloud provider
Information and data
Devices (Mobile and PCs)
Accounts and identities
Identity and directory infrastructure
Applications
Network controls
Operating system
Physical hosts
Physical network
Physical datacenter
SaaS
PaaS
IaaS
On-prem
Microsoft
Customer
Shared

Subscription Vending

  • Ensures every new subscription follows a standardized, compliant baseline (policies, RBAC, tags, governance).
  • Eliminates manual setup and reduces configuration drift or inconsistent environments.
  • Improves security by automatically applying guardrails, networking rules, and monitoring from day one.
  • Accelerates provisioning with automated, self-service subscription creation.
  • Reduces operational overhead for the cloud team and improves scalability.
  • Provides predictable, well-governed landing zones aligned with organizational architecture.
  • Enables faster project onboarding while maintaining central control and visibility.
Management group and subscription organization
Subscriptions
Identity subscription
Connectivity subscription
A1 subscription
A2 subscription
Sandbox subscription 1
Management group
Tenant root group
Contoso
Platform
Landing zones
Sandbox
Identity
Connectivity
SAP
Corp
Online
Connectivity subscription
Regional hub
VNet peering
A2 subscription
Virtual network
Budget
Role assignment
Policy assignment
Network Watcher
Defender for Cloud
Subscription vending automation
Data collection tool
Request pipeline
Source control
IaC modules
Deployment pipeline
Platform subscriptions
Create platform
Subscription vending
Deploy workload
Platform     Application
Establish business logic and approval process
Make a subscription request
Configure networking
Determine subscription placement
Create & configure subscription
Update subscription budget
Deploy workload and operate
CCoE
App team
Platform team
App team

Cloud destinations for VMware workloads

Azure VMware Solution

Fastest path to the cloud

Use VMware technology stack on Azure for symmetry with on premises

Retain VMware skills, familiar tooling

Migrate quickly/datacenter exit, no application modifications required

Private-cloud destination

Requires a portable VCF subscription from Broadcom

Azure IaaS and PaaS

Replatform for ops efficiency

Shift to Azure compute, storage, and networking infrastructure

Leverage Azure and cloud skills

Modernize with flexible IaaS and PaaS services (e.g., Azure Virtual Desktop, SQL Database, Azure App Service)

Public-cloud destination

No VMware subscriptions required

Initial migration

Azure PaaS

Refactor for maximum agility and innovation

Build-in DevOps tools, templates, and pre-configured environments

Shift focus to only app logic and data

Integrate with services like Cosmos DB, Azure Functions, Logic Apps, and Azure Kubernetes Service

Public-cloud destination

No VMware subscriptions required

Optimize over time

Migration & Modernization Approach

Migrate VMware to Azure

Move “cloud ready” workloads with minimal refactoring

Fast, low-risk vMotion to Azure VMware Solution

Land on modern infrastructure with Azure scale

Optimize to Maximum Value

Free up resources with managed VMware

Optimize costs with elasticity

Scale storage independently

Modernize with Azure Services

Connect to 200+ Azure services

Security with Defender

Free extended updates

Continue your Modernization Journey

Modernize applications to Azure PaaS

Modernize databases

Azure Local for edge use cases

Benefit across your team

Beyond the SOC
Data security admin
Proactive data security posture management
Discover protection gaps and streamline controls
IT admin
Risk investigation
Accelerate IT troubleshooting
Identity admin
User risk and sign-in risk
Risk related to workload identities
Beyond the SOC
Data security admin
Proactive data security posture management
Discover protection gaps and streamline controls
IT admin
Risk investigation
Accelerate IT troubleshooting
Identity admin
User risk and sign-in risk
Risk related to workload identities

Business Foundation

Service Module
What is it?

The service module Business Foundation covers the basic needs of our Managed Services customers.

In this module standard activities are covered that every customer needs when having a Success Plan

Corporate Web Development

What we do

24/7 Expert Desk
Allocate resources & secure knowledge transfer
Provide access ITSM tooling
Customer Service Management and Single
Point of Coordination (SPOC)
Service Reporting
Microsoft Premier Support option for
Dynamics 365 and Azure

What does the customer get?

An ‘open’ line to support, guided by an intuitive ITSM tool
Access to a skilled market team of professionals
Manage knowledge from your environment through the total customer market team.
A dedicated contact person to coordinate all needs of the customer within the operations
Access to all lines of support including Microsoft

Platform Support Services

Service Module
Corporate Web Development
What is it?

The service module Platform Support Services focuses on all the support services HSO offers regarding (Azure) Infrastructure and Platform support. This includes monitoring, optimizations, and support services.

Based on this secure and updated platform multiple actions can be executed this will be described in the module Development and Continuous improvements

What we do

Azure Platform (PAAS) and Azure Infrastructure (IAAS) support
Resource Health Monitoring and Optimization including monthly Operational check.
Update, Security and Patch Management for Azure resources
Platform Usage optimization for Azure ARM

What does the customer get?

A fully managed and secure (infrastructure) platform through the total stack.
A platform that is up-to-date and frequently is checked for updates.
Monthly the customer receives a report about the status of the platform and environments including advice for improvements.
Continuously the platform is monitored and managed by our teams.

Business Continuity

Service Module
What is it?

Within the service module Business Continuity, HSO ensures the continuity of the Dynamics 365 and Azure environment platform from an application management point of view.

This means remedying application failures without changing its functionality. These failures can also be detected by our monitoring services. This implies that the user can report the loss of functionality of the Dynamics application to us, but also that we can detect incidents ourselves (monitoring).

Corporate Web Development
What we do
Assurance Management for Dynamics Applications and Azure (Incident Management)
Problem Management & Root Cause Analysis for Dynamics Applications and Azure
Technical Service Operation
Full Scope One Version Update Management for Dynamics Applications. Optional One Version Workshops.
What does the customer get?
An ‘open’ line to support, guided by an intuitive ITSM tool
Access to a skilled market team of professionals who can act on occurring incidents and problems.
A dedicated contact person for escalation purposes
Structural sessions on ‘what’s coming’ regarding the Dynamics platform
Our team will always act based on business impact for you as customer (Agile)
Manage the impact of the Microsoft CE waves for your environment

Service & Data Availability

Service Module
Corporate Web Development
What is it?

The service modules Service & Data Availability focusses on backup and recovery services. HSO will ensure that Azure workloads, and Dynamics 365 Cloud Hosted environments are backed up, disaster proofed, and highly available.

HSO will develop a backup and DR plan based on policies best suited for the business, considering a few critical areas including safety, and long-term retention of sensitive data for audit and compliance regulations

What we do
Data Availability and Recovery management (Azure Backup)
User Access & Security for Azure IAM and D365 Application (audit service)
Data Clean-Up and Data Growth management for Azure Data Lake
What does the customer get?
A backed up and high available Azure platform
A backed up and high available D365 cloud hosted environment
For our customers, we manage the data growth through our tooling and implement data cleaning to optimize Azure costs.

Development & Continuous Improvement

Service Module
What is it?

With the service module Development & Continuous Improvement, we adapt the existing functionality of your business applications and extend it with new functionality to continuously improve your business processes and platforms.

Corporate Web Development
What we do
Azure DevOps Automation and Maintenance
Change Development Services for D365 Applications, Azure, Modern Workplace and Integrations
Build & Release Management for D365 Applications
Deployment and management of environments
Engagement & Advisory Service (architect level)
What does the customer get?
Automated pipelines including management on these pipelines
Through waterfall or agile project methodology we deliver changes through your total platform
A dedicated release manager can guide you as a customer through all the necessary steps including the technical needs
Full deployed environment based on the project requirements including the customer data
Temporary extension of your IT team (Application management)

Monitoring & Business Insights

Service Module
Corporate Web Development
What is it?

The service module Monitoring & Business Insights covers monitoring and insights over the Microsoft stack including applications, infrastructure, data, and integrations.

With this service, HSO will be the guard for her customers. To protect and monitor the environment 24/7!

What we do
Infrastructure monitoring
Application Monitoring D365 Platform (F&O & CE)
Integration Monitoring for Azure Integrations & Analytics
Azure cloud monitor
What does the customer get?
Customer end to end process can be monitored through the different components
First line 24/7 response based on your guidelines!
Business incidents will be prevented through these services
Collect data from a different perspective that will give insight into improvements

Modern Workplace Management

Service Module
What is it?

With the service module Modern Workplace we offer the necessary service to run and optimize the modern workplace environment including the 1st, 2nd and 3rd line support for the end users.

With the service module Network Management we can fully monitor and support network components like firewalls, routers and switches.

Corporate Web Development
What we do
Empowering the end-users with 1st Line support
Supporting the on- and offboarding of new employees
Manage the lifecycle of your devices
Manage the Devices
Manage Team meeting rooms
Manage the local devices (printers) and local Network
What does the customer get?
First-line end-user support based on XLA service.
Access to a skilled team of professionals for 2nd line support
A dedicated contact person who is responsible for delivering the services to you.
Access to all lines of support including Microsoft

Cost Management

Service Module
Corporate Web Development
What is it?

The service module Cost Management ensures optimizing and controlling the Microsoft Azure Cloud consumption. Cost and performance of cloud resources also involves understanding the interplay of cloud consumption and business processes while continuously monitoring the full stack.

With the module “Cost management” we provide full visibility of the future cloud environment source expenses and helps you decrease them. It answers both cost related and utilization-related questions.

What we do
Data Availability and Recovery management (Azure Backup)
User Access & Security for Azure IAM and D365 Application (audit service)
Data Clean-Up and Data Growth management for Azure Data Lake
What does the customer get?
A backed up and high available Azure platform
A backed up and high available D365 cloud hosted environment
For our customers, we manage the data growth through our tooling and implement data cleaning to optimize Azure costs.

Security & Compliance

Service Module
What is it?

The Microsoft Trusted Cloud was built on the foundational principles of security, privacy, compliance, and transparency, and these four key principles guide the way we do business in the cloud.

With the service module Security & Compliancy HSO supports our customers on the area’s which are not covered by Microsoft, to identify security risks and define the measures to mitigate the risks by offering our competencies in the areas.

Corporate Web Development
What we do
Azure DevOps Automation and Maintenance
Change Development Services for D365 Applications, Azure, Modern Workplace and Integrations
Build & Release Management for D365 Applications
Deployment and management of environments
Engagement & Advisory Service (architect level)
What does the customer get?
Automated pipelines including management on these pipelines
Through waterfall or agile project methodology we deliver changes through your total platform
A dedicated release manager can guide you as a customer through all the necessary steps including the technical needs
Full deployed environment based on the project requirements including the customer data
Temporary extension of your IT team (Application management)