RedDogSME logo
Book
Back to guides

Azure Architecture Guide

CAF, WAF, Landing Zones, and ADRs for Azure Decisions

How teams use Microsoft guidance, systems thinking, and ADRs to approve Azure and AI architecture decisions.

Guide3 Min Read
Azure Landing ZoneCloud Adoption FrameworkWell-Architected FrameworkADR

Quick Answer

A Microsoft-aligned Azure decision connects the business goal, workload design, platform structure, operating model, and owner actions.

Use CAF for adoption and governance, Azure Landing Zone guidance for platform structure, the Well-Architected Framework for workload tradeoffs, and ADRs for material decisions.

When This Matters

Use this guide when Azure or AI work starts spanning more than one service, team, subscription, data source, or operating owner.

Common situations:

  • a new workload needs production approval
  • subscription structure is unclear
  • identity and access decisions affect security review
  • cost governance needs owners
  • AI Foundry is moving toward production
  • monitoring and runbook ownership are inconsistent
  • the team needs a practical architecture plan before build work expands

Microsoft guidance helps when it turns discussion into decisions.

What To Decide

Start with these questions:

  1. What business goal does the Azure work support?
  2. Which subscriptions and environments are in scope?
  3. Who owns identity, cost, operations, security, and exceptions?
  4. Which Microsoft guidance applies to this decision?
  5. What AI decision questions apply: use case, experience, data grounding, trust boundary, action safety, cost, and ownership?
  6. Which decisions need ADRs?
  7. Which work belongs in Azure Architecture Assessment, Architecture Blueprint Sprint, Pilot to Production Build, Architecture Office, Managed Governance, or internal execution?

The review should reduce ambiguity before implementation starts.

Azure Components

The review can touch:

  • management groups and subscription structure
  • Entra ID, RBAC, PIM, and managed identities
  • networking, private endpoints, firewall, and DNS
  • Azure Policy and Defender for Cloud
  • Azure Monitor, Log Analytics, and Application Insights
  • Container Apps, Static Web Apps, Functions, App Service, and AKS
  • Azure AI Foundry, AI Search, and model deployments
  • Bicep, Terraform, and GitHub Actions

The component list changes by workload. The decision model should not.

Systems Thinking

Review Azure and AI work as one production system. A change in one area usually affects another.

  • Identity choices affect security review, operations, and audit.
  • Network choices affect integration, developer workflow, cost, and incident response.
  • AI grounding choices affect data ownership, retrieval quality, permissions, evaluation, and content safety.
  • Logging choices affect cost, support, compliance, and owner accountability.

Use Microsoft guidance to name the tradeoffs your team will own.

Microsoft Alignment

Use each Microsoft framework for its proper job:

GuidanceUse it for
Azure Landing ZonesEnvironment structure, subscriptions, policy, network, and shared services
Cloud Adoption FrameworkStrategy, plan, govern, secure, manage, and operating model
Well-Architected FrameworkReliability, security, cost, operations, and performance tradeoffs
Microsoft AI Decision FrameworkUse case fit, experience shape, data grounding, trust boundary, action safety, cost, and ownership
Azure AI Foundry guidanceAI project structure, connected services, identity, evaluation, and operations

ADRs connect the guidance to the choice your team actually made.

Common Mistakes

  • Treating Microsoft guidance as a checklist instead of a decision aid.
  • Starting with diagrams before naming the business goal.
  • Applying enterprise patterns without confirming operating capacity.
  • Skipping cost ownership while discussing platform maturity.
  • Implementing policy before defining an exception process.
  • Choosing an agent before proving the use case, data boundary, action safety, and owner model.

The approach should fit the team that must operate it.

RedDogSME Recommendation

Use Azure Architecture Assessment when the team needs Microsoft-aligned direction before approving more work. Use Architecture Blueprint Sprint when target architecture and scope need approval. Use Pilot to Production Build when implementation can be scoped.

Use Architecture Office or Managed AI and Cloud Governance when decisions need recurring review against the same guidance.

What To Bring

Bring the business goal, current Azure shape, known gaps, owner concerns, AI use case details, and the decisions that need approval.

Related guides

How to Run an Azure Architecture Board With a Recurring Review Cadence

A practical model for recurring Azure architecture decisions, owner actions, ADRs, cost review, AI governance, and implementation oversight.

Read next

Azure Landing Zone Drift: Warning Signs and What to Review

How Azure landing zones drift across identity, networking, policy, logging, cost, and ownership, and what teams should review before adding more workloads.

Read next

When Does a Growing Azure Program Need a Landing Zone?

Practical signs that an Azure program needs landing zone structure as workloads, users, or AI services grow.

Read next