Microsoft has recently made an important change to the Azure Landing Zones (ALZ) architecture: the introduction of a dedicated Security Management Group and a Security Subscription within the platform structure. Here is the official blog post on TechCommunity.
Why This Change Makes Sense
Previously, Microsoft Sentinel was installed by default on the central Log Analytics Workspace (LAW) in the Management subscription. This led to a mixing of operational and security logs. The new structure enables:
- Separation of operational and security logs, improving clarity and security.
- Flexibility for customers and partners to configure Microsoft Sentinel according to their own requirements.
- Use of Sentinel’s free 31-day trial, when it makes sense for the customer.
More Information
These changes have already been updated in the Microsoft Learn documentation for Azure Landing Zones. The implementation tools and accelerators will be updated in the coming months.
Conclusion
The introduction of a dedicated security structure within the Azure Landing Zone architecture is a logical step towards improving governance and security in the cloud. Organizations gain more control and clarity over their security implementations.