วีดีโอ

Great and useful information!

I prefer breaking changes in December because our business slows down mid December and would give me time to digest the changes, Jan gets crazy with new year budgets. So far, as a Microsoft partner who deploys dozens of landing zones per year, I’ve found the new terraform bootstrapping process overly complex and prone to failure. Failures so far are due to using azure devops organization that is different than target azure tenant

Jarred spoke about switching to the MS hosted runners for better security. Are they still self hosted runners that are centrally managed or did he mean the GitHub hosted runners? If it's the GitHub hosted runners, is there any doco on why that's more secure/preferred?

it is great content. Learned a lot.

As someone that worked very little in azure with infrastructure, this was very hard to follow.

Are we supposed to create all required subscription first? is this applicable for terraform as well?

Do we need to provision subscription before we start Azure Landing zone accelerator?

more Subscriptions = longer it takes to view combined cost analysis. We can't view costs are MGMT group scope, only Sub scope.

Tremendous work as always, thank you for keeping this on your priority list, so many depend on your outstanding work!

Thanks guys !

Thank you for posting this video so quickly! 👍

Good Q/A, great work community !!

Awesome input from both John and Stu and I really look forward to co-pilot using AVM and the autocomplete in visual studio code for both bicep and terraform for AVM.

Absolutely enjoyed the valuable and vibrant exchanges! Love the work!

Great video for Ops Nazis - doesn't address the central concept of how to handle "application environments" despite the enthusiastic belief of the presenters.

What happened to the terraform caf modules? Will this merge into AVM?

Hi, why isn't the documentation on the official Microsoft website? Such a great concept if it's not flop after a couple years

Great update!

Fantastic WORK EVERYONE 🤩

14/03/24 - still waiting for demo video ?

Great Content, thanks for your outstanding work to deliver this to the community. Helps me a lot in my job

First

Very informative video on subscriptions. Just one thing when you say 'overlapping ip assignments within an address space...' could you clarify what you mean by 'ip assignments'. I understand we can't have overlapping ip address with a subnet so was wondering what you meant by overlapping ip assignments?

Not particularly sure why the Azcaf project as just not furthered and supported. It was a great project.

Think this would be awesome i spend considerable time validating and tracking modules.

Demo ?

No demos just talk, super diappointed.

Great initiative !!

I know it is an old video, but Kevin and Matt don't seem to be on the same page. At 5:30 (th-cam.com/video/8ECcvTxkrJA/w-d-xo.html), Kevin recommends App A to have all three stages under Corp. But 10:15 (th-cam.com/video/8ECcvTxkrJA/w-d-xo.html) Matt recommends not exactly that. What am I missing here?

Amazing! I need to learn more about how to democratize the platform, but this video was an excellent start. Studying for the AZ-305 has me wondering if I have just been going rogue with some migrations. Love the content and can't wait to check out the rest of your stuff!

Great discussion. If an Azure Kubernetes Service (AKS) cluster is operational within a subscription that necessitates on-premises connectivity via ExpressRoute, while simultaneously utilizing a public Load Balancer (LB) to make an application accessible over the internet, the question arises as to whether this subscription will fall under the Corporate (Corp) management group or the Online management group?

Great video and guidance as always, Jack!

If an enterprise is to adopt the cloud adoption framework using Terraform and landing zones, should the root management group and high-level management group (and other near-root level resources) be made manually to follow security best practices, or are there ways of defining those via code securely? If so, does documentation exist on best practices how to do that securely? Or is it typical for organizations to just make those high-level resources manually then IAC the other downstream resources? Struggling on a recommendation on where IAC starts to become "everything as code". When using the portal accelerator and following the enterprise scale model, it's obviously going to require fairly beefy permissions, but that's a one-time deployment, and an organization can then utilize IAC to do the rest from within the subscriptions, or utilize RBAC at the Landing Zone management group to further scope permissions out.

Look forward to seeing the updates to the TF module.. currently using a custom template to provide the flexibility... Great update and lots of new useful information and features :)

Ivory tower discussion.. All the points mentioned are pro multiple subscription and nothing to the contrary. We are a 50 person organization with an IT team of 5 people. Why should we create a management group hierarchy and multiple subscriptions and increase the complexity from the get go ?

Great video, but as someone getting started with the "proper" way to structure my Azure layout, one thing I'd like to see clarified is what exactly is meant by "corp" vs. "online"? What would go in a corp management group vs online? Is Corp meant just for internal applications that should never be customer facing? And therefore is "online" meant to be your actual deployed products that are released into the world for customers to use? I haven't found in any of the documentation what exactly the differences are besides a very complex all-encompassing enterprise-level diagram of how to 100% layout an organization from scratch. Thanks!

At 36:09 we see all stages of Corp App 1 and Corp App 2 under the same management group with no additional layer in between. Is this best practice? How about adding a Corp App 1 MG and Corp App 2 MG and place the stages there. Otherwise you could end up with dozens of subscriptions under Corp.

Would be nice to see something on how you govern the change of policy. If you have multiple subs for multiple envs under a single branch of the hierarchy a single change to policy with unintended consequences has a larger blast radius. I wonder if having a management group for policy changes would be beneficial where it mirrors "online" or "corp" but you can move a subscription like dev into it, to test that the policy is the expected change for a trial period before moving it back and applying the policy for real.

Good idea for content

Thanks for the videos guys. I've just shared this with my client as they're at a critical juncture with their journey. Hopefully, this will help them design a subscription model which is aligned with the organisation's operating model and industry regulations.

Good videos, I like it! Would love to see a discussion about Platform subscriptions.

@Jack Tracey why would Cloud Networking Team would object to different subscriptions? What about Secure Hub-spoke landing zone with different subscription? Any idea Great Knowledge Base Info. Please keep coming with videos with your advisory about what to use not use as well.

Is there a set time/date for the community call? How can someone join the call? Thanks!

Great discussion, really insightful, helpful and useful. Having tried to the prod/test/dev MGs under a Corp/Online hierarchy, I would love to hear more about why "it just doesn't scale" @10:25 some tales from the field would be awesome to hear, policy can be a very tricky discussion to have with customers for sure! cheers and thanks for the videos.

Good video, the linked FAQ are really handy!

Dream team at work!

Loving the content chaps!

Good informative stuff.. let us have next deep dive sessions

Awesome vid, great content and key areas covered in 15 mins. Good work.

good stuff gents