Edit

Share via

What's new in the Microsoft Cloud Adoption Framework for Azure

We build the Microsoft Cloud Adoption Framework collaboratively with our customers, partners, and internal Microsoft Teams. We release new and updated content for the framework as it becomes available. These new releases pose an opportunity for you to test, validate, and refine the Cloud Adoption Framework guidance along with us.

Partner with us in our ongoing effort to develop the Cloud Adoption Framework.

December 2025

New guidance

AI agent adoption guidance for organizations: Discover how to adopt AI agents effectively by using a step-by-step framework for planning, governance, integration, and measurement that maximizes business impact.

Updated articles

  • Security control mapping with Azure landing zone: We improved clarity and readability throughout the article, simplified terminology for the Microsoft Cloud Security Benchmark, and updated implementation guidance to reference Azure Verified Modules for Terraform and Bicep deployments.

  • Azure landing zone frequently asked questions (FAQs): We broadened sovereign landing zone guidance to apply to all organizations that have sovereignty needs rather than only government organizations.

  • Encryption and key management in Azure: We added guidance about choosing the right Azure key management solution. We enhanced Key Vault recommendations by clarifying when to use Azure Key Vault Managed HSM for centralized scenarios and explaining the benefits of multiple key vaults.

  • Azure workload management and monitoring: We added guidance about using Azure service groups to organize workload resources across subscriptions and resource groups. We introduced health models in Azure Monitor (preview) to define and track resource health.

  • Migrate Azure landing zone custom policies to Azure built-in policies: We simplified the policy migration guidance by consolidating references to Azure Verified Modules for Terraform and Bicep update guides and removing redundant step-by-step instructions.

  • Overview of network topology and connectivity for Azure: We improved readability by adding better formatting to the Connectivity, Corp, and Online management group descriptions. We added a tip that simplifies understanding the Corp (internal-facing) and Online (public-facing) management groups.

  • Subscription considerations and recommendations: We enhanced platform subscription guidance to include a separate dedicated security subscription and emphasized not combining platform responsibilities into a single subscription. We added recommendations for quota management using quota groups and automation. We also introduced an operational excellence section that includes Azure Service Health guidance.

  • Update Azure landing zone custom policies: We simplified policy update guidance by consolidating Bicep update instructions and updating references to Azure Verified Modules for Terraform and Bicep.

  • Independent software vendor (ISV) considerations for Azure landing zones: We added a recommendation for ISVs to include a separate Security management group under the Platform management group. We noted that we plan to add the Security management group to future updates.

  • Platform landing zone implementation options: We restructured the article to focus specifically on platform landing zone implementation and simplified guidance to two main approaches. It includes the recommended infrastructure as code (IaC) accelerator with a detailed four-phase approach, and the portal-based accelerator. We replaced multiple implementation variants with improved options and enhanced Azure Verified Modules guidance for both Bicep and Terraform.

  • What is an Azure landing zone?: We restructured deployment guidance to emphasize the IaC accelerator as the recommended approach. We enhanced application landing zone descriptions with subscription vending details and clarified the landing zone P1 subscription purpose.

  • Manage your cloud estate with enhanced security: We added guidance to review Microsoft Secure Future Initiative requirements and integrate them into security assessments.

  • Assess your workloads for cloud migration: We replaced AppCAT references with the GitHub Copilot app modernization tool and detailed its capabilities, including dependency capture, code revision, containerization, deployment file generation, and AI-assisted coding.

  • Security teams, roles, and functions: We added a new section about minimum viable security teams for small organizations and enhanced explanations about how security roles transform with cloud adoption and modern development practices.

November 2025

Updated articles

  • Govern Azure platform as a service (PaaS) solutions for AI: We improved explanations of key concepts like provisioned throughput units (PTUs), retrieval-augmented generation (RAG), and role-based access control (RBAC) by adding definitions and practical examples. We also reorganized content into clearer steps and added concrete examples, like using a generative AI gateway to manage costs and implementing version control for training datasets.

  • Security considerations for the Azure Integration Services landing zone accelerator: We updated the integration services security guidance to fix typos, correct grammatical errors, and improve consistency. We also cleaned up link formatting by removing unnecessary URL parameters.

  • Business continuity and disaster recovery for Azure Virtual Desktop: We clarified the active-active host pool section by explaining the two-region setup with user assignment and failover procedures, and we added guidance about FSLogix profile storage behavior in the active-passive scenario.

  • Manage your cloud estate with enhanced security: We improved formatting consistency and clarity. We enhanced the business continuity and disaster recovery recommendation by clarifying the distinction between disaster recovery planning and resilient architecture design with more precise, actionable language.

  • Prepare your secure cloud estate: We improved terminology and formatting. We changed resiliency to reliability throughout the availability section to align with Well-Architected Framework terminology. We also clarified the distinction between resilience patterns and recoverability mechanisms in the design recommendation, and standardized spacing between bullet points for better readability.

October 2025

Updated articles

  • Microsoft Cloud Adoption Framework for Azure: We improved readability and logical flow. We moved the methodology explanation to appear earlier in the article, reorganized the foundational and operational methodology sections for better clarity, and simplified the organization type table. We also removed promotional language throughout to focus on practical guidance for Azure adoption.

  • Ready your Azure environment for workloads: We updated the Ready methodology to focus specifically on Azure landing zones. We clarified guidance for platform versus application landing zones and improved the structured four-phase implementation journey. We replaced generic landing zone concepts with detailed explanations of subscription vending, governance setup, and workload deployment patterns. We improved the navigation to guide users directly to Azure landing zone implementation rather than general setup guidance.

  • Azure Arc connectivity design for Oracle Exadata Database@Azure: We added guidance for using Microsoft Entra ID to manage Secure Shell (SSH) authentication and privileged access monitoring on Azure Arc-enabled Oracle Exadata cluster nodes. We updated the article to include detailed steps to enable centralized identity verification, configure role-based access control (RBAC) policies, deploy Azure Monitor agents, and implement security auditing for SSH access and privileged actions.

  • Hybrid identity with Active Directory and Microsoft Entra ID in Azure landing zones: We updated this guidance to emphasize modern authentication practices and added security warnings about legacy authentication mechanisms. We reorganized content sections for improved clarity, enhanced recommendations about protecting domain controllers, and added guidance for Azure Arc integration with identity services.

  • Application identity and access management: We expanded the introduction to clarify coverage of both component-to-component authentication and user identity management, reorganized content sections for better logical flow, and enhanced design considerations with questions about user types and authentication service compatibility.

  • Landing zone identity and access management: We enhanced security recommendations by adding guidance about phishing-resistant multifactor authentication (MFA) to protect against credential-based attacks. We also clarified the principle of just-enough access with just-in-time (JIT) enforcement and expanded role assignment examples to show separate production and dev/test environments. We updated terminology to reflect the retirement of classic Azure administrators.

  • Identity and access management design area: We enhanced the introduction to emphasize the foundational role of identity in cloud security and added warnings about the risks of poorly secured identity. We clarified team responsibilities by distinguishing between platform identity teams and application administrators. We improved terminology to better reflect current best practices for Zero Trust and identity architecture.

  • What is an Azure landing zone?: We clarified terminology and improved conceptual understanding. We enhanced the introduction to better explain Azure landing zones as the standardized approach for all organizations that use Azure. We also clarified the distinction between platform landing zones (shared services) and application landing zones (workload hosting), and improved descriptions throughout the article for better consistency and accuracy.

  • Network topology and connectivity for Azure Arc-enabled servers: We updated this guidance to reflect current service capabilities and best practices. We clarified that Azure Arc gateway is now generally available, noted that indirectly connected mode is retired as of September 2025, and enhanced recommendations for Azure Private Link implementation, including Domain Name System (DNS) considerations and Azure ExpressRoute resiliency practices.

  • Azure App Service application landing zone accelerator: We aligned this article with current terminology and framework guidance. We changed the title and references to application landing zone accelerator to clarify that this accelerator deploys workloads into application landing zones rather than creating the underlying Azure landing zone platform. We also improved clarity throughout the article about the accelerator's role in App Service deployments.

  • Azure Integration Services application landing zone accelerator in an Azure landing zone: We aligned this article with current Cloud Adoption Framework terminology and guidance. We changed the title and references to application landing zone accelerator to clarify that this accelerator deploys workloads into application landing zones rather than creating the underlying platform. We also restructured the content to emphasize the importance of starting with an established Azure landing zone and improved guidance about using the accelerator within existing enterprise environments.

  • Azure Virtual Desktop network topology and connectivity design guidance: We clarified technical guidance for implementing Virtual Desktop within Azure landing zones. We reorganized the content into distinct sections that cover networking components, recommendations, and detailed scenarios. We also enhanced architectural guidance for different deployment patterns and improved clarity for Remote Desktop Protocol (RDP) Shortpath implementation and DNS configuration requirements.

  • Virtual WAN network topology in an Azure landing zone: We clarified implementation steps for Azure landing zones. We reorganized the content into distinct sections that cover hub-and-spoke architecture creation, deployment planning, connectivity options, routing configuration, security controls, and monitoring practices. We enhanced the article with updated diagrams, improved accessibility descriptions, and simplified the migration guidance to focus on essential steps for implementing Virtual WAN within enterprise environments.

September 2025

New articles

Updated articles

  • Create your AI strategy: We added a new section that explains why structured planning matters. We added detailed guidance about how to identify high-impact AI use cases, select service models, and develop responsible AI and data strategies. We also added a table of Azure tools and resources to support implementation.
  • Microsoft Cloud Adoption Framework for Azure: We updated the introduction to position the framework as the authoritative Azure adoption blueprint, streamlined problem and audience value messaging, and expanded scenarios to map challenges to ideal use cases. We also added concise key takeaways that summarize return on investment (ROI), risk reduction, scalability, industry breadth, and continuous value.
  • Enterprise-scale support for Azure Virtual Desktop: We refocused the article around an action-oriented flow. The flow includes the foundation (landing zone), deployment (accelerator), expansion (capacity or proximity), then optimization (design areas and tools). We also condensed regional guidance and added a compact tools table.
  • Identity and access management for Azure Arc-enabled servers: We revised the guidance to focus on practical steps for securing identities and access. We added diagrams, checklists, and tips for managed identities, role-based access, and service principals. We also expanded resource links and next steps for easier navigation.
  • Connectivity to Oracle Cloud Infrastructure: We turned a bullet list into a phased, action-first guide for Azure and Oracle Cloud Infrastructure (OCI) connectivity. We added clear sections, numbered steps with rationale, FastPath and availability zone guidance, operational access options, and cost and governance cues. We also consolidated links into a tools table, improved visuals, and merged prior recommendations into outcome-driven instructions.
  • Connectivity to other cloud providers: We changed a considerations list into a prescriptive, sectioned guide that helps you choose and implement the right cross‑cloud connectivity pattern fast. We added clear option evaluation, numbered steps for planning, FastPath performance guidance, and implementation and optimization patterns. We consolidated links into a concise tools table and upgraded diagrams with accessible, descriptive context.
  • Azure landing zone design principles: We expanded subscription democratization into clear numbered actions. We also strengthened policy-driven governance by tying Azure Policy to security, compliance, and safe self-service.
  • Azure application landing zone accelerators: We clarified how application landing zones build on the Azure environment, updated guidance about subscriptions and required services, and streamlined information about accelerators. We also updated the introduction to focus on Azure application landing zone accelerators and added direct links to accelerator resources.
  • Hybrid and multicloud adoption with Azure Arc and Azure landing zones: We updated the article to focus on unified hybrid and multicloud adoption with Azure Arc and Azure landing zones. We reorganized and clarified the guidance, added new examples and diagrams to show how on-premises, multicloud, and edge resources can be projected into Azure for centralized management, and replaced detailed tables with streamlined, actionable steps.
  • Use infrastructure as code to deploy and manage your Azure environment: We focused on using infrastructure as code (IaC) for Azure, explained when to use Bicep or Terraform, and gave quick tips for designing and sharing modules. We also added guidance about how to automate deployments with pipelines.
  • Assess cloud risks: We revised the article to clarify the cloud risk assessment process. Key sections are now numbered, guidance is expanded, and the risk register is presented in a table for better readability. We also improved details about risk categories and analysis.
  • Build a cloud governance team: We rewrote the introduction and major sections to clarify cloud governance as an ongoing process with defined functions, team selection, authority, and scope, including a new emphasis on RACI matrices and cross-functional roles. We also updated diagrams, added quick links, and replaced outdated content.
  • Document cloud governance policies: We made the guidance clearer and more actionable. We also restructured the content into four numbered steps with best practices, switched the diagram image format, and replaced bullets with concise, numbered lists for each recommendation.
  • Enforce cloud governance policies: We clarified that enforcement is a shared responsibility, emphasizing automation wherever feasible and manual processes only when needed. We reorganized and simplified the guidance, added clearer numbering to key sections, and updated references to Azure tools and best practices.
  • Monitor cloud compliance: We revised the article to focus on monitoring cloud compliance rather than cloud governance, updated section headings for clarity, and reorganized recommendations into clearly numbered steps.
  • Unified hybrid and multicloud operations: We revised the strategy guidance to position Azure as the unified control plane for hybrid and multicloud environments. The update introduces a prescriptive framework for aligning business drivers, vision, metrics, principles, and technology mapping, with detailed recommendations about how to use Azure Arc, Azure Monitor, Azure Kubernetes Service (AKS), Microsoft Fabric, Azure IoT, Azure Local, Microsoft Defender for Cloud, and Microsoft Entra ID for unified management and modernization.
  • Prepare your organization for the cloud: We updated the article to focus on cloud operating models instead of just cloud management. We clarified the definitions and responsibilities for centralized, shared management, decentralized, and hybrid models. We also improved the table to better reflect platform landing zones and updated examples for different organization types.
  • Identity and access management for Oracle Database@Azure: We refocused the guidance on federated identity, role-based access control (RBAC), Azure Arc integration, and enhanced security with Microsoft Defender. We clarified deployment steps and automated group management, and we added new sections for hybrid and security best practices.
  • Manage and monitor Oracle Database@Azure: We expanded and restructured the guidance, adding detailed instructions about multilayer monitoring, security integration, and Log Analytics workspace strategy. We clarified best practices, updated stakeholders, and provided new tables and references for metrics, tools, and resources.
  • Network topology and connectivity for Oracle Database@Azure - Get started: We provided a clearer, sequential approach for designing network connectivity, emphasizing foundational steps before advanced scenarios. We added guidance about how to configure network security groups (NSGs), coordinate Azure and OCI rules. Finally, we summarized the key design areas in a new implementation sequence table.
  • Platform automation and DevOps for Oracle Exadata Database@Azure: We enhanced guidance for deploying Oracle Exadata Database@Azure by using IaC. We added details about Azure Arc integration, new Azure Verified Modules for monitoring and governance, and extra sections on security, diagnostics, and hybrid management considerations. We also clarified next steps and related resources for streamlined deployments.
  • Security for Oracle Database@Azure: We expanded and restructured the article to emphasize defense-in-depth, Azure Arc integration, and Microsoft Defender for Cloud. We added detailed recommendations for dual-platform governance, network security, encryption, key management, and operational isolation. Finally, we provided more links to relevant Oracle and Microsoft documentation.
  • BCDR for Oracle Database@Azure by using Exadata Database service: We updated the article to focus on Oracle Exadata Database@Azure, clarified disaster recovery concepts, and added references to Oracle Maximum Availability Architecture (MAA). We improved explanations of backup options, updated links, and included more details about recovery time objective (RTO), recovery point objective (RPO), and service-level agreements (SLAs).
  • AKS landing zone accelerator: We clarified the overview and guidance. We also edited the architecture diagram and description, revised section titles, and removed redundant conceptual and resource sections for better readability.
  • Network connectivity for Azure Arc-enabled SQL Managed Instance: We updated the documentation to reflect that, as of September 2025, indirectly connected mode for Azure Arc-enabled data services is retired and only directly connected mode is supported. We clarified that connectivity to Azure is required and recommended that organizations verify business requirements and environment compatibility with directly connected mode. We also improved language around network connectivity considerations and deployment recommendations.
  • Management and monitoring for Azure Arc-enabled servers: We replaced references to Log Analytics agent with Azure Monitor agent, and we updated the related documentation links.
  • Prepare workloads for cloud migration to Azure: We clarified instructions and improved step-by-step details in several sections. We emphasized validating environments and expanded recommendations for network connectivity, authentication, and performance testing.
  • Secure overview: We provided clearer, more actionable guidance for applying the Cloud Adoption Framework Secure methodology across every phase of cloud adoption. We modernized the language; emphasized continuous security posture improvement, incident response, and the CIA Triad; and streamlined the cloud security checklist for easier navigation and tracking.
  • Define your naming convention: We streamlined content, updated examples, and removed outdated sections to help teams easily adopt effective naming practices.
  • Security considerations for the Azure Integration Services landing zone accelerator: We updated terminology for clarity, added links to relevant Azure documentation, and improved guidance about key security practices, such as encryption, managed identities, and deployment automation. We also refined our recommendations to ensure that we use the most secure and current Azure services and features.
  • Network topology and connectivity considerations for the Azure Integration Services landing zone accelerator: We improved clarity and consistency, added more Azure service links, and refined several technical terms and explanations for network topology and connectivity in Azure Integration Services. We also reorganized recommendations, enhanced guidance for private endpoints, and expanded details about Domain Name System (DNS), App Service Environment, and service-specific networking designs.
  • Governance considerations for the Azure Integration Services landing zone accelerator: We clarified the governance definition and updated automation recommendations to include GitHub Actions, the Azure Pipelines service in Azure DevOps, Bicep, and Terraform. We also added disaster recovery resource links for Logic Apps, Function Apps, and Data Factory.
  • Identity and access management considerations for the Azure Integration Services landing zone accelerator: We updated the article for clarity and added direct links to Microsoft documentation. We also improved terminology and references to help guide identity and access management decisions for Azure Integration Services.

August 2025

New articles

  • Capacity planning for Oracle Autonomous Database@Azure: Learn about planning compute, storage, and autoscaling to optimize performance and cost for Oracle Autonomous Database@Azure. Independently scale compute and storage, schedule noncritical downtime, and enable storage and compute autoscaling for variable workloads. Align capacity decisions with workload patterns and disaster recovery requirements, including Autonomous Data Guard parity.
  • Capacity planning for Oracle Database@Azure by using Exadata Database Service: Learn about planning network, delegated subnets, and Exadata infrastructure sizing for Oracle Database@Azure by using Exadata. Optimize capacity by using independent scaling, online expansion, symmetric virtual machine cluster adjustments, and cost controls like scaling to zero. Make early storage and backup layout choices that support resilience, external backups, and future growth without rework.
  • Set up identity in Azure: Learn how to establish a secure identity foundation in Azure by creating individual user accounts, assigning least‑privilege roles, and enforcing multifactor authentication (MFA). Apply built-in roles with just-in-time (JIT) elevation via Microsoft Entra Privileged Identity Management (PIM) and restrict Global Administrator use. Use security defaults or Conditional Access policies to balance protection and flexibility.

Updated articles

  • Manage access to resources in Azure: We restructured this article around three actions: apply least privilege, use Microsoft Entra ID groups instead of individual assignments, and run regular access reviews. We added prescriptive tables and steps, and explicit Owner role limits. We removed duplicated portal walkthroughs, zone variants, and passive introductory text.
  • Create your AI strategy: We surfaced the decision tree earlier to guide service model choices up front. We split Microsoft Copilot consumption from low-code agent building for clearer paths. We streamlined wording in tables and headings for faster scanning.
  • Select Azure regions: We updated our region selection guidance to make it clearer and more actionable. We simplified steps to check data residency and compliance, choose regions close to users to reduce latency, and validate service availability, pricing, zones, pairs, and capacity. We simplified language and tables to map each scenario directly to an action. We clarified that paired regions are optional and updated multi‑region guidance.
  • Execute migration to the cloud: We added new guidance to help organizations migrate from Azure Analysis Services, Azure Synapse Analytics, and non-Microsoft business intelligence (BI) tools to Power BI and Microsoft Fabric. These updates streamline data and analytics transitions, provide step-by-step support for moving assets like pipelines and notebooks, and provide strategic planning resources to accelerate adoption and unlock the full value of the Microsoft unified data platform.
  • Organize Oracle Database@Azure resources for consistent deployments: We added prescriptive naming and tagging guidance with Oracle-specific constraints and examples. We expanded security and isolation into clear actions, such as environment Azure role-based access control (RBAC), network segmentation, monitoring, and Microsoft Sentinel integration. To reduce operational risk, we formalized multi‑subscription architecture, such as onboarding permissions, provider registration, billing consolidation, zone mapping, and Exadata sharing. We centralized tooling in a resources table so that teams can implement faster.
  • Prepare workloads for the cloud: We streamlined how organizations prepare workloads for Azure migration. We renamed and restructured sections for clarity, consolidated deployment steps, and aligned instructions with real-world practices. These changes make the content easier to follow and more actionable for cloud migrations.
  • Capacity planning for migrating Oracle workloads to Azure Virtual Machines: We improved clarity and alignment with current Azure best practices for migrating Oracle workloads. We simplified language throughout and reorganized guidance for storage planning. We also improved explanations for Automatic Workload Repository (AWR) reports, VM sizing, and disk configurations to help teams make informed decisions during migration.

July 2025

Updated methodologies

  • CAF Plan:

    1. Prepare your organization for the cloud: Learn how to prepare your organization for successful Azure cloud adoption by choosing and implementing appropriate cloud operations models that distribute responsibilities across governance, security, and operations teams. Discover guidance for how to select centralized, shared management, or decentralized approaches based on organizational size, maturity, and business requirements to ensure strategic alignment and operational effectiveness.
    2. Prepare your people for the cloud: Learn how to equip your team with essential Azure skills through targeted training, expert support, and continuous learning programs to accelerate cloud adoption success and reduce implementation risks. Discover systematic approaches for how to assess skill gaps across Azure fundamentals, environment management, and cloud-native development while you establish sustainable learning cultures that maximize your cloud investment returns.
    3. Plan migration (if applicable)
      • Discover your existing workload inventory: Learn how to create a comprehensive workload inventory and prioritize assets for successful Azure cloud migration by using automated discovery tools and business value frameworks. Discover systematic approaches for identifying existing infrastructure, applications, and dependencies across all environments while gathering crucial business requirements to guide your cloud adoption strategy.
      • Select your cloud migration strategies: Learn how to select cloud migration strategies for your workloads by using the "8 Rs" framework (Retire, Retain, Rehost, Replatform, Refactor, Rearchitect, Rebuild, Replace). This guide helps you align business drivers with appropriate migration approaches, from decommissioning obsolete systems to building cloud-native solutions. Discover when to modernize during migration, how to communicate decisions effectively, and establish success metrics that validate business outcomes for each strategy.
      • Assess your workloads for cloud migration: Learn about conducting thorough workload assessments for Azure migration. This guide covers architecture analysis, performance metrics collection, dependency mapping, and compliance validation. Discover automated assessment tools like Azure Migrate and AppCAT, risk management strategies, and systematic approaches to evaluate application code compatibility and database dependencies for successful migration planning.
    4. Plan your Azure environment for cost estimation: Learn how to create accurate Azure cost estimates by planning architectures, selecting appropriate services and tiers, and defining regional deployment strategies for your cloud environment. Discover systematic approaches for documenting architectural decisions, using cost estimation tools, validating assumptions through test deployments, and establishing cost baselines to support effective financial planning and governance.
    • Template: Cloud adoption plan template for cloud-native startups: Learn how to create a comprehensive cloud adoption plan for Azure-native startups by documenting operation models, training strategies, landing zone architecture, and workload requirements to accelerate your cloud journey. Use structured templates that cover responsibility assignments, continuous learning programs, resource hierarchy plans, and technical specifications to ensure successful cloud-native business development.
    • Template: Cloud adoption plan template for migration: Learn how to create a comprehensive cloud adoption plan template for Azure migration by documenting your operation model, training strategies, platform architecture, and detailed workload requirements. Use structured frameworks to capture business and technical details, define responsibilities, plan Azure landing zone components, and establish success metrics for a successful cloud migration.
    • Guide: Shared management cloud operations: Learn how to implement a shared management cloud operations model that scales Azure adoption through platform engineering by building reusable platform capabilities and establishing clear team responsibilities. Discover systematic approaches for creating modular platform services, enabling self-service infrastructure, coordinating multiple specialized teams, and applying product management practices to accelerate workload delivery across enterprise environments.

  • CAF Migrate:

    1. Plan your migration: Learn how to create comprehensive migration plans that define workload sequences, data transfer paths, and rollback strategies for successful Azure cloud migrations. Explore detailed guidance for migration readiness assessment, dependency management, stakeholder engagement, and how to choose appropriate migration methods to ensure secure and efficient cloud adoption process.
    2. Prepare workloads for the cloud: Learn how to prepare workloads for successful Azure cloud migration by validating compatibility, resolving infrastructure problems, and conducting comprehensive tests in Azure environments. Explore step-by-step guidance for how to fix compatibility problems, validate network connectivity and authentication flows, performance tests, and create reusable infrastructure templates to ensure reliable cloud adoption.
    3. Execute migration to the cloud: Learn how to implement successful Azure cloud migration with structured guidance for both near-zero downtime and planned downtime approaches, which includes stakeholder preparation, environment setup, and data migration validation. Explore comprehensive migration implementation strategies that cover database replication, cutover procedures, fallback options, and post-migration support to ensure business continuity throughout your cloud migration process.
    4. Optimize workloads after migration: Learn how to optimize workloads after Azure migration through performance fine-tuning, cost management, monitoring validation, and backup verification to ensure efficient cloud operations. Explore comprehensive post-migration strategies that include user feedback collection, hybrid dependency management, and regular architecture reviews to maximize your cloud investment and operational excellence.
    5. Decommission source workloads after migration to the cloud: Learn how to safely decommission source workloads after successful Azure cloud migration by obtaining stakeholder approval, optimizing software licenses, and preserving data for compliance requirements. Explore step-by-step guidance about how to reduce operational costs, ensure regulatory compliance, and update documentation to complete your cloud migration life cycle.
    • Guide: Migration wave planning: Learn how to organize workloads into structured migration waves for successful Azure cloud adoption by using an iterative approach that reduces risk and complexity while you build team experience. Explore comprehensive guidance for dependency management, workload prioritization frameworks, timeline plans, and wave implementation strategies to accelerate your cloud migration journey.

  • CAF Modernize:

    1. Prepare for cloud modernization: Learn how to prepare your organization for successful cloud modernization by defining modernization scope, assessing team skills and readiness gaps, and establishing cross-functional collaboration frameworks. Explore structured approaches to prioritize workloads by using business value and technical risk assessment matrices.
    2. Plan your cloud modernization: Learn how to plan cloud modernization projects through structured approaches for choosing appropriate modernization strategies, establishing phased implementation timelines with governance frameworks, and implementing deployment strategies with comprehensive risk mitigation and stakeholder approval processes.
    3. Execute modernizations in the cloud: Learn how to implement cloud modernization projects through stakeholder preparation, controlled development, comprehensive tests, and safe deployment strategies. This article covers how to develop modernizations in nonproduction environments, conduct thorough validation that includes performance and security tests, and deploy by using in-place or parallel approaches with progressive traffic routing and post-deployment stabilization.
    4. Optimize workloads after cloud modernization: Learn about optimizing Azure workloads after cloud modernization to maximize benefits and establish continuous improvement practices. This guide covers validating configurations by using Azure Advisor, establishing operational readiness through monitoring and cost controls, testing backup and recovery procedures, and measuring actual outcomes against modernization goals. Discover how to implement systematic feedback collection, automate optimization processes, and create ongoing modernization cycles to prevent legacy system drift and ensure long-term cloud success.
    • Guide: Modernization guidance to replatform, refactor, and rearchitect: Explore modernization guidance for cloud workloads by using three core strategies: replatform to move components to Azure PaaS services with minimal code changes, refactor application code for improved performance and cloud optimization, and rearchitect to redesign architecture for enhanced scalability and cloud-native capabilities. The guide provides categorized resources and architectural patterns for each modernization approach.

  • CAF Cloud-native:

    • Plan cloud-native solutions: Learn how to plan cloud-native Azure solutions through strategic business alignment, architectural design, and deployment preparation. This article covers how to define measurable business objectives and requirements, explore validated architecture patterns and Azure service selection, plan integrations with existing systems, and establish deployment strategies that include progressive exposure and rollback procedures to ensure successful delivery of new workloads or features.
    • Build cloud-native solutions: Learn how to build resilient cloud-native Azure solutions by using best practices for development, testing, CI/CD, and monitoring to create production-ready applications at scale. Explore guidance about how to apply Well-Architected Framework principles, implement comprehensive test strategies that include load tests with Azure Load Testing, and integrate Azure Monitor and Application Insights for observability.
    • Deploy cloud-native solutions: Learn how to deploy cloud-native solutions to Azure with comprehensive strategies for stakeholder preparation, CI/CD pipeline implementation, progressive rollout techniques, and post-deployment validation to ensure successful production deployments.
    • Optimize cloud-native solutions after deployment: Learn how to optimize Azure cloud-native solutions after deployment through service configuration tuning, operational validation, and continuous improvement practices. This article covers how to apply Azure Advisor recommendations, establish monitoring and cost controls, test backup procedures, and collect user feedback to ensure that solutions remain secure, cost-effective, and performant.

New articles

  • Platform automation and DevOps for Oracle Exadata Database@Azure: Learn how to deploy Oracle Exadata Database@Azure infrastructure by using infrastructure as code and Azure Verified Modules for reliable and consistent automation across your Azure environments. Discover comprehensive guidance for how to use Terraform providers, handle idempotency challenges, configure Oracle components with OCI Terraform, and implement standardized deployment patterns that follow Azure best practices for reliability and security.

Updated articles

  • Optimize workloads after cloud modernization: We updated links in the Next steps section that describe how to govern, secure, and manage Azure.
  • What is Microsoft Cloud Adoption Framework for Azure?: We updated the Cloud Adoption Framework overview to improve clarity and organization. The Why use the Cloud Adoption Framework? section was streamlined into a single paragraph. The Who should use the Cloud Adoption Framework? section was restructured from a bullet list format into a table format. In the How to use the Cloud Adoption Framework? section, we clarified the methodology terminology by changing Sequential methodologies to Foundational methodologies and Continuous methodologies to Operational methodologies, and updated the explanatory text to better describe how these methodologies work together throughout the Azure adoption journey.
  • Assess your workloads for cloud migration: We restructured this guidance with numbered procedures for workload assessment, dependency mapping, and risk management. We also consolidated architectural documentation and separated unsupported technology identification into its own section with automated tool recommendations.
  • Document your cloud adoption plan: We updated the plan alignment guidance into clear subsections that have numbered steps. It expands the template selection guidance to include customization recommendations, breaks organizational standards alignment into separate mapping and compliance incorporation steps, and enhances the accountability documentation section with specific requirements for progress tracking, responsibility assignment, and stakeholder approval capture.
  • Select your cloud migration strategies: We added a section about engaging workload teams to validate business drivers and migration strategies. It emphasizes early collaboration to ensure that migration plans align with technical realities and business priorities through communication, documentation requests, strategy validation, team support, and executive sponsorship.
  • Management groups: We updated the management group design guidance to clarify RBAC assignment best practices, reorganize workload structuring recommendations, simplify the architecture section, and remove the permissions guidance for the Azure landing zone accelerator.
  • Tailor the Azure landing zone architecture: We updated this guidance to reflect that the Security management group is now part of the default Azure landing zone architecture, updated color references in the application landing zone section, and improved diagram accessibility.
  • Understand cloud operations functions: We restructured the content organization with clearer headings, added a comprehensive deliverables table, expanded the team preparation section, and included an Azure tools reference table.
  • Align responsibilities across teams: We simplified the RACI matrix tables by removing the capability alignment rows and streamlining the table formatting for better readability.
  • Plan for Azure VMware Solution: We updated this guidance to improve clarity and accessibility, including restructuring adoption stages with clearer formatting and enhancing technical requirements descriptions.
  • Business continuity and disaster recovery for Oracle Database@Azure by using Exadata Database Service: We updated this backup configuration guidance to include the ARS long-term backup feature by using OCI object storage and improved the storage backup recommendations structure.
  • Use the Azure Kubernetes Services (AKS) landing zone accelerator to deploy scalable AKS clusters: We restructured this guidance with numbered procedures for deploying AKS clusters, enhanced the platform foundation requirements, and added an Azure tools and resources reference table.
  • Govern AI: We restructured this article with numbered procedures for AI risk assessment and governance, enhanced the enforcement and monitoring sections, and improved clarity throughout this article.
  • Manage AI: We restructured this guidance with numbered procedures for AI operations management, expanded the business continuity section with specific backup and recovery strategies, and enhanced the data management recommendations.
  • Plan for AI adoption: We restructured this article with actionable numbered procedures for AI skills assessment, capability development, resource access planning, and proof-of-concept validation to help you create comprehensive AI adoption plans.
  • Get AI architecture guidance for Azure platform services (PaaS) for AI: We restructured this guidance with numbered procedures for selecting appropriate AI architectures, implementing operational frameworks, and adopting AI standards for both generative and nongenerative workloads by using Azure PaaS solutions.
  • Govern Azure platform services (PaaS) for AI: We restructured this guidance with numbered procedures for governing AI platforms, models, costs, security, operations, regulatory compliance, and data by using Azure PaaS solutions to ensure responsible AI practices and organizational alignment.
  • Manage Azure platform services (PaaS) for AI: We enhanced this guidance with structured numbered procedures for AI deployment strategies, comprehensive model monitoring approaches, and operational best practices to ensure effective management of Azure AI platform services.
  • Configure secure networking for Azure AI platform services: We organized the content with numbered procedures for virtual network configuration, connectivity management, and security implementation strategies to protect AI resources and ensure data integrity across Azure AI platform services.
  • Select Azure platform services (PaaS) for AI: We restructured this guidance with numbered procedures for choosing appropriate Azure AI platforms, compute resources, and data processing tools to support both generative and nongenerative AI applications effectively.
  • Secure Azure platform services (PaaS) for AI: We restructured content with numbered procedures and added a new Secure AI data section that covers data boundaries and RBAC.
  • AI ready: We reorganized the content from four sections to three focused areas and added numbered procedures for governance boundaries, secure connectivity, and AI reliability across regions.
  • Secure AI: We restructured content with numbered procedures and added a new Secure AI data section that covers data boundaries and RBAC.
  • AI strategy: We added guidance about AI agents and Model Context Protocol (MCP) for interoperability, enhanced the AI decision tree diagram, and included a comprehensive example AI strategy table that demonstrates how to apply AI approaches across different use cases, from e-commerce to regulated industries.
  • Azure landing zone frequently asked questions (FAQ): We added a new FAQ section that clarifies that you can use the existing Azure landing zone architecture to deploy AI workloads without requiring a separate AI landing zone.
  • What is an Azure landing zone?: We added a new section about AI in Azure landing zones, moved the application landing zone accelerators section to appear earlier in this article, and added a reference to the FAQ in the Next steps section.

June 2025

Updated articles

May 2025

Updated articles

Defense scenario retirement

We retired the articles that formerly made up the defense scenario. The content was outdated and no longer relevant to the Cloud Adoption Framework.

April 2025

Updated articles

March 2025

Manage methodology refresh

This month, we made significant updates to the Manage methodology. The Manage methodology provides guidance on how to manage your cloud environment and optimize your cloud operations. Some highlights of our updates to the methodology include:

  • Ready your Azure cloud operations: Learn how to prepare your Azure cloud operations for success. Learn how to establish defined responsibilities and processes for every cloud management area.
  • Administer your Azure cloud estate: Explore new guidance on managing resource sprawl and detailed steps to implement governance policies, organize resources, restrict deployment permissions, and conduct regular audits.
  • Monitor your Azure cloud estate: Find new guidance on how to monitor various aspects of your cloud estate, like service health, security, compliance, costs, data, code, and cloud resources. We also made updates to reflect new terms and resources.
  • Protect your Azure cloud estate: Learn best practices for ensuring the reliability and security of Azure cloud operations, including how to maintain minimal downtime and establish robust security measures. Key sections include managing reliability through redundancy, replication, and recovery strategies, defining reliability requirements, and prioritizing workloads based on business impact.

Updated articles

  • AI Plan - Process to plan for AI adoption: We made adjustments to the AI maturity level table, and modifications to various sections such as "Acquire AI skills," "Access AI resources," "Prioritize AI use cases," and "Create an AI proof of concept."
  • AI Strategy - Process to develop an AI strategy: We reorganized and streamlined the AI technology strategy, extensibility tools for Microsoft 365 Copilot, and responsible AI strategy sections. New content was added to highlight the use of Microsoft Fabric and Azure services in various AI applications.
  • Secure AI – Process to secure AI: We made minor updates to align this article with the NIST Cybersecurity Framework and the Microsoft Security Reference Architecture.

February 2025

New articles

Updated articles

We made updates to these articles to reflect the latest guidance on migrating to virtual network flow logs due to the upcoming retirement of NSG flow logs:

Oracle updates

  • Manage and monitor Oracle workloads on Azure Virtual Machines landing zone accelerator: We made updates to refresh the content and improve clarity. This article provides guidance on managing and monitoring Oracle workloads on Azure Virtual Machines, including best practices for performance optimization, security, and compliance.
  • Security guidelines for Oracle Database@Azure: We added detailed descriptions of the integration between Azure and Oracle Cloud Infrastructure (OCI) for managing Oracle Exadata Database@Azure resources. We also added design considerations such as: The need for network security groups (NSGs) and network address translation (NAT) configurations; Guidelines for storing and managing encryption keys and database backups; Recommendations for the deployment and management of non-Microsoft and Oracle agents.

January 2025

New articles

  • Capacity Planning for Oracle Database@Azure Using Exadata Database Service: Learn how to plan for capacity when migrating Oracle Database to Azure using Exadata Database Service. Explore key considerations for capacity planning, including workload analysis, performance tuning, and resource allocation. Recommendations include planning for sufficient IP address ranges, scaling infrastructure based on workload requirements, and understanding storage configuration impacts.

Strategy methodology refresh

This month, we made significant updates to the Strategy methodology. The Strategy methodology provides guidance on how to develop a cloud adoption strategy that aligns with your organization's goals and objectives. The methodology includes the following articles:

  • Develop a cloud adoption strategy: Learn how to develop a cloud adoption strategy to migrate or innovate in the cloud, in alignment with your business goals.
  • Assess your cloud adoption strategy: Learn about the importance of assessing your cloud adoption strategy and how to evaluate your current state, define your future state, and identify gaps and opportunities.
  • Determine your motivations: Learn how to identify your motivations for adopting cloud technologies and how to classify them based on your organization's goals and objectives.
  • Define your strategy team: Learn about the key roles and responsibilities of a cloud strategy team and how to build a cross-functional team to drive your cloud adoption strategy.
  • Prepare your organization: Learn how to align your cloud adoption strategy with your organization's goals and objectives.
    • Inform your cloud adoption strategy: Learn about the importance of informing your cloud adoption strategy and how to gather information, assess your current state, and define your future state.
    • Cost efficiency considerations: Learn about the importance of financial efficiency and how to optimize costs in your cloud adoption strategy.
    • AI considerations: Learn about considerations for integrating AI into your cloud adoption strategy. Use analytics, machine learning, and automation to optimize operations.
    • Resiliency considerations: Explore guidance on improving your infrastructure's ability to maintain functionality and availability despite disruptions or failures.
    • Security considerations: Learn how to design your cloud infrastructure with security in mind to protect your data and applications from unauthorized access and data breaches.
    • Sustainability considerations: Explore how to incorporate sustainability into your cloud strategy. Use Azure to drive your sustainability efforts.

Updated articles

  • Define your naming convention: We reviewed this article for freshness and accuracy, introducing more consistent terminology for workload, application, and project names. We also added guidance on the Azure Naming Tool and the importance of understanding naming rules and restrictions.
  • DNS for on-premises and Azure resources: Explore new design considerations and recommendations emphasizing the use of Azure DNS Private Resolver with Azure Private DNS zones and detailed guidance on deploying DNS infrastructure.
  • Governance disciplines for SAP on Azure: Explore new guidance for using Microsoft Defender for Endpoint on Linux and Windows for SAP hosts and new sections on the Microsoft Sentinel solution for SAP. We also added enhanced recommendations for secure authentication with Microsoft Entra ID and links to more detailed design considerations and identity management sections.
  • Identity and access management for SAP on Azure: Learn about securing Network File System (NFS) communication and Remote Function Call (RFC) connections, as well as SAP user governance and provisioning. Explore new recommendations for implementing single sign-on (SSO) with various SAP applications using Microsoft Entra ID.
  • Network topology and connectivity for Azure Arc-enabled servers: Explore new guidance on Azure Arc Gateway including instructions for defining agent connectivity methods.
  • Organize your Azure resources effectively: Find updated links for management group design, subscription considerations, and tagging strategy. Updates emphasize the importance of applying critical settings at higher levels and project-specific requirements at lower levels, and include additional details on naming conventions and resource tagging to enhance resource identification and management.
  • Review product migration scenarios: Explore the new Google Cloud Platform scenario for migrating VMs to Azure.

AI Adoption updates

  • AI Governance for PaaS workloads: Learn how to control the models you allow across Azure and deployed in Foundry.
  • Secure AI: Learn how to conduct red team testing on generative AI and nongenerative AI models.

Oracle updates

Azure Landing Zone updates

  • Deploy Azure landing zones by using Terraform: Explore new guidance on various network architectures, including multiple-region virtual WAN with Azure Firewall, multiple-region hub and spoke virtual network, and single-region virtual WAN with Azure Firewall. Explore how to use Azure Verified Modules for Platform Landing Zones Terraform for infrastructure as code deployments.
  • Migrate Azure landing zone custom policies to Azure built-in policies: Find refreshed migration guidance detailing the use of Azure Verified Modules for Platform Landing Zones, and updated references to Terraform and Bicep module resources.
  • What is an Azure landing zone: We updated guidance on the use of Bicep and Terraform for deploying platform landing zones and added a more detailed description of the Azure Platform Landing Zones Portal Accelerator.
  • Last updated on