Overview of the ISO 27001 App Service Environment/SQL Database workload blueprint sample

Important

On July 11, 2026, Blueprints (Preview) will be deprecated. Migrate your existing blueprint definitions and assignments to Template Specs and Deployment Stacks. Blueprint artifacts are to be converted to ARM JSON templates or Bicep files used to define deployment stacks. To learn how to author an artifact as an ARM resource, see:

• Policy
• RBAC
• Deployments

The ISO 27001 App Service Environment/SQL Database workload blueprint sample provides additional infrastructure to the ISO 27001 Shared Services blueprint sample. This blueprint helps customers deploy cloud-based architectures that offer solutions to scenarios that have accreditation or compliance requirements.

There are two ISO 27001 blueprint samples, this sample and the ISO 27001 Shared Services blueprint sample.

Important

This sample is dependent on infrastructure deployed by the ISO 27001 Shared Services blueprint sample. It must be deployed first.

Architecture

The ISO 27001 App Service Environment/SQL Database workload blueprint sample deploys a platform as a service-based web environment. The environment can be used to host multiple web applications, web APIs, and SQL Database instances that follow the ISO 27001 standards. This blueprint sample depends on the ISO 27001 Shared Services blueprint sample.

This environment is composed of several Azure services used to provide a secure, fully monitored, enterprise-ready workload infrastructure based on ISO 27001 standards. This environment is composed of:

• Azure role named DevOps that has rights to deploy and manage resources in an Azure App Service Environments deployed by the blueprint sample
• Azure Policy definitions to lock down what services can be deployed to the environment and denying the creation of any public IP address (PIP) resource
• A virtual network containing a single subnet and peered back to a pre-existing shared services environment and forcing all traffic to pass by the shared services firewall. The virtual network hosts the following resources:
  • An Azure App Service Environments that can be used to host one or more web applications, web APIs, or functions
  • An Azure Key Vault instance using a VNet service endpoint, for storing secrets used by applications running in the workload environment
  • An Azure SQL Database server instance using a VNet service endpoint, for hosting databases used for applications in the workload environment

Next steps

You've reviewed the overview and architecture of the ISO 27001 App Service Environment/SQL Database workload blueprint sample. Next, visit the following articles to learn about the control mapping and how to deploy this sample:

ISO 27001 App Service Environment/SQL Database workload blueprint - Control mapping ISO 27001 App Service Environment/SQL Database workload blueprint - Deploy steps

Additional articles about blueprints and how to use them:

• Learn about the blueprint lifecycle.
• Understand how to use static and dynamic parameters.
• Learn to customize the blueprint sequencing order.
• Find out how to make use of blueprint resource locking.
• Learn how to update existing assignments.