© Copyright Microsoft Corporation. All rights reserved.

FOR USE ONLY AS PART OF MICROSOFT VIRTUAL TRAINING DAYS PROGRAM. THESE MATERIALS ARE NOT AUTHORIZED
FOR DISTRIBUTION, REPRODUCTION OR OTHER USE BY NON-MICROSOFT PARTIES.

Classified as Microsoft Confidential

Microsoft Azure
Virtual Training Day
Optimization
Agenda
DAY 1 DAY 2
Introduction Introduction

Overview of Optimization Continuous improvement: Optimize your workloads

and FinOps as a mindset (Part 1)

Break Break - 10 minutes

Design for optimization: Balancing cost and risk Continuous improvement: Optimize your workloads
within your cloud platform (Part 2)

Break Break - 10 minutes

Demo - Prepare your cloud environments for Demo - Review and remediate a workload deployed in
ongoing optimization production

Closing Q&A Closing Q&A

DAY 1

Introduction

Overview of Optimization
and FinOps as a mindset Overview of Optimization
Break

Design for optimization: Balancing cost

and FinOps as a mindset
and risk within your cloud platform

Break

Demo - Prepare your cloud

environments for ongoing optimization

Closing Q&A
Learning Explore the concept and value
Objectives of Azure optimization

Understand the value of FinOps best

practices to manage and optimize the cloud

Discover Microsoft guidance, products and

tools to optimize your cloud investment

Learn to expedite FinOps adoption via demos

of Microsoft Cost Management and Microsoft
FinOps Review Assessment
Learning
Objectives

Understand the business

value of Azure optimization
Definition of Azure optimization

The process of driving continuous improvement

of your architecture and workloads,
while also managing and optimizing cloud costs
Definition of Azure optimization

The process of driving continuous improvement

of your architecture and workloads,
while also managing and optimizing cloud costs
The business value of optimization

• Accelerated deployment of
new workloads

• Reliable, secure and Long term gains in

sustainably built Azure projects cloud efficiency
• Ongoing management
and optimization of cloud costs
 Proven Azure Well-Architected Framework

Microsoft guidance Azure Architecture Center

Microsoft Cloud Adoption Framework for Azure

guidance, FinOps Framework

products, and Products Azure Advisor

Azure Carbon Optimization

tools for Azure Monitor

Azure Policy

optimization Microsoft Cost Management

Power BI

Pricing offers Azure savings plan for compute

Azure Reserved Instances
and discounts Azure Hybrid Benefit

Assessments Azure Landing Zone Review

Azure Well-Architected Review
Microsoft FinOps Review Assessment
Learning
Objectives

Learn FinOps best

practices to manage and
optimize the cloud
FinOps as a mindset
Turn your vision into action

The content of this presentation is based on the framework guidance

published by the FinOps Foundation. www.finops.org
Learning Understand what FinOps is
Objectives and why it is important

Learn FinOps lifecycle,

domains, and capabilities

Discover Microsoft products and tools

to optimize your cloud investment,
including Microsoft Cost Management
and FinOps Review Assessment
Cloud growth forecast
Organizations continue to adopt the cloud

Gartner® predicts that 75%

by 2026
75% of organizations will adopt a
digital transformation model
predicated on cloud as the
fundamental underlying platform.
Gartner Press Release: Gartner Forecasts Worldwide Public
Cloud End-User Spending to Reach Nearly $600 Billion in
2023 April 19, 2023

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates
in the U.S. and internationally and is used herein with permission. All rights reserved.
2024 2025 2026
Managing costs is fundamentally different in the cloud

CapEx Model OpEx Model

Centralized decisions Decentralized decisions

Variable cost
Fixed cost On-premises Cloud
Fast to scale
Slow to scale
Benefits and challenges of managing
costs in the cloud
The OpEx Model delivers many benefits…

Cost efficiency: Pay as you go

Tax benefits: Deduct operating expenses …but also some challenges
Focus on core business: Outsource
infrastructure management Cultural and Skill Shifts: Transitioning from
CapEx to OpEx might require changes in the
Scalability: Scale resources up or down quickly
organization's culture and skill sets.
Lower TCO: Reduce maintenance, hardware,
and operational costs Variable Costs: Some organizations might
experience unexpected expense hikes due to
Reduced Risk: Avoid large upfront investments the lack of governance and accountability.
Roadmap to success
To capitalize on the benefits of the cloud,
organizations need to go through an organizational
and cultural transformation that enables their teams
to leverage the OpEx model. To accomplish this
objective, the FinOps framework provides best
practices that can support this journey.​

FinOps framework
 FinOps Framework by FinOps Foundation

What is FinOps?

Cultural Practice
Framework
Manage Cloud Costs

At its core, FinOps is a cultural practice. It’s the way for

teams to manage their cloud costs, where everyone
takes ownership of their cloud usage supported by a
central best-practices group. Cross-functional teams
in Engineering, Finance, Product, etc. work together to
enable faster product delivery, while at the same time
gaining more financial control and predictability.
 FinOps Framework by FinOps Foundation

FinOps north star principles

A centralized team drives FinOps

Teams need to collaborate

FinOps reports should be accessible and timely

Everyone takes ownership of their cloud usage

Decisions are driven by the business value of cloud

Take advantage of the variable cost model of the cloud

 FinOps Framework by FinOps Foundation

FinOps principles at-a-glance

Teams need to Decisions are driven Everyone takes
collaborate by the business value ownership of their
of cloud cloud usage
Why is this important? Why is this important? Why is this important?
Cross-functional teams must create Decisions based on business value result in Individual teams are empowered to manage
accountability based on shared experience, efficient cloud costs balanced against the their own cloud spending against their
terminology, and goals. By eliminating silos, speed/performance and quality/availability budget and make value-based decisions
collaboration drives faster alignment, of services. within that scope.
adoption, and innovation.

FinOps reports A centralized team Take advantage of

should be accessible drives FinOps the variable cost
and timely model of the cloud
Why is this important? Why is this important? Why is this important?
Provides the visibility required to determine Cloud allows the organization to quickly adapt
Collaboration improves the way teams work
how your resources are performing, while spend to support business-critical use cases,
together and solve problems. This leads to
trending and variance analysis help explain and scale that usage for workloads when
more efficient processes, increased success,
cost fluctuations. needed.
and improved communication.
Tactical benefits of adopting FinOps
1. Cost Optimization
2. Increased Accountability
3. Better Decision Making
4. Alignment with Business Goals
5. Continuous Improvement
6. Collaboration
7. Forecasting and Budgeting
8. Resource Efficiency
9. Cost Transparency
10. Scalability
11. Risk Management
12. Training and Skill Development
Strategic benefits of adopting FinOps
Objective is to maximize the cloud business value. Optimize cloud
spend

Optimize cloud
processes
Drive efficiency
Optimize carbon
emissions
Maximize
Business
Improve reliability
Value
FinOps
Framework Accelerate Improve security
growth

Improve sustainability

Benefit from AI
Use case
Drive market differentiation through savings

Improve efficiency: Re-allocating funds to

• Optimize cloud spend by select use modernize or innovate:
of commitment-based offers.
• Improve security by signing up for
• Optimize cloud processes to increase Microsoft Defender.
organization's accountability.
• Invest in AI to create a new product.
Use case
Reduce carbon emissions through FinOps best practices

Climate regulations: Efficiency through FinOps:

• European Union’s target to cut greenhouse • Track carbon emission data and performance.
gas emissions by at least 55% below 1990 • Optimize workloads for efficiency.
levels by 2030 (climate neutral by 2050).
• Increase accountability.
• US to reduce greenhouse gas emissions by
50-52% below 2005 levels in 2030. • Leverage the Azure Carbon Optimization
product to track carbon emissions.
• Greenhouse gas reporting requirements.
 FinOps Framework by FinOps Foundation

Key parts of the FinOps Framework

Lifecycle Maturity Model Domains Capabilities

 FinOps Framework by FinOps Foundation

FinOps Lifecycle

Inform
Visibility &
allocations The FinOps lifecycle is an iterative loop that is
Optimize designed to support incremental changes to
Utilization maximize the cloud business value. Its three-phase
cycle allows organizations to optimize their
operations and strategy based on actual results.

Operate
Continuous improvement
& operations
 FinOps Framework by FinOps Foundation

More details about the FinOps Lifecycle

Inform phase Optimize phase Operate phase

Tasks Tasks Tasks

• Reporting • KPIs & Outcomes • Organizational & Cultural Adoption
• Anomaly Detection • Primary Ways to Optimize Usage • FinOps & Other Methodologies
• Benchmarking • Optimize Usage • Build a CCCE
• Cost Allocation • Optime Rates
• Accounts, Taxonomy & Tags • Business Cases Overview
• Forecasting & Budgeting In the Operate phase, it is important to
Overview implement the culture and connect the
stakeholders who will drive value out of your
Overview In the Optimize phase, it is important to cloud spend. You will spend a lot of time
target, define, and document optimization defining process, defining workflows, and
In the Inform phase, it is important to create
opportunities; this is all about triage and defining responsibilities.
and use the tags/labels, account hierarchy,
prioritization.
and other taxonomy to allocate all costs to
get a near-real-time view of your current
cloud usage.
 FinOps Framework by FinOps Foundation

Maturity Model

The Crawl, Walk, Run approach

• Improves operations through repetition.

• Empowers teams to make small adjustments

based on their learnings.

• Helps the organization track improvements

toward the goal of reaching the run status in
each capability.
 FinOps Framework by FinOps Foundation

What are domains and capabilities

FinOps domains FinOps capabilities

• Areas of activity or knowledge linked to • Tasks or processes that allow one to meet the
business outcomes. demands of a FinOps practice.
• Functional areas of activity in support of
their corresponding FinOps Domain.
 FinOps Framework by FinOps Foundation

How each domain supports business decisions

Understand cloud Performance tracking

usage and cost and benchmarking Real-time decision making
What are we spending on cloud Does what we’re using/spending What actions can I take now
and what are we using? allow us to achieve our objectives? to better meet my objectives?

Cloud rate optimization Cloud usage optimization Organizational alignment

How can we achieve better price How can we change our usage to What internal changes can I make
performance with cloud usage? better meet our goals? to use cloud more effectively?
 FinOps Framework by FinOps Foundation

How domains and capabilities are grouped

Understand cloud Performance tracking Real-time decision making
usage and cost and benchmarking
• Measuring unit costs
• Measuring unit costs • Resource utilization and efficiency • Managing anomalies
• Managing shared cost • Measuring unit costs • Establishing a FinOps decision and
• Managing anomalies • Managing commitment-based discounts accountability structure
• Forecasting • Managing anomalies • Data analysis and showback
• Data ingestion and normalization • Forecasting
• Cost allocation (metadata and hierarchy) • Budget management
• Data analysis and showback Organizational alignment
• Intersection of FinOps and TBM
• Intersection of FinOps and ITAM/SAM
Cloud usage optimization • Cloud policy and governance
Cloud rate optimization • Intersection of Cloud FinOps • Managing shared cost
and sustainability • Establishing FinOps culture
• Intersection of Cloud FinOps • Workload management • FinOps education and enablement
and sustainability and automation • Establishing a FinOps decision and
• Managing commitment-based discounts • Resource utilization and efficiency accountability structure
• Data analysis and showback • Onboarding workloads • Chargeback and finance integration
• Data analysis showback • Budget management
• FinOps and intersecting frameworks
 Azure vs. AWS cost comparison
Azure savings plan for compute
Azure Reserved Virtual Machine Instances | Microsoft Azure

Microsoft solutions to optimize costs

Azure Hybrid benefit Azure savings plan Reservations

for compute
Save up to 72% compared to
Azure is up to 5 times more cost Save up to 65% compared to
pay-as-you-go prices with Azure
effective than AWS for Windows pay-as-you-go prices on select 3
2 Reserved VM Instance
Server and SQL Server. compute services

FinOps capability supported:

• Managing commitment-based discounts
Manage and optimize your workloads
Microsoft Cost Management is a suite of tools that help organizations analyze,
monitor, and optimize costs.

FinOps capabilities
supported:
• Cost allocation
• Cloud policy and governance
• Managing shared cost
• Data analysis and showback
• Chargeback and finance
integration
• Budget management
• Managing anomalies
• Resource utilization
and efficiency
Demo:
Microsoft Cost Management
 Azure Advisor Power BI
More Microsoft Advisor is a free, personalized guide
to Azure best practices with actionable
Power BI can help you realize the
value of your enterprise data and

solutions to recommendations for increasing the

efficiency of your cloud investments by
bring the insights discovered in
Azure data and analytics tools to
optimizing your resources for everyone in your organization.
adopt FinOps reliability, security, operational
excellence, performance, and cost.

best practices
Azure Policy Azure Monitor
on Azure Achieve organization-wide resource Gain end-to-end observability for
governance by creating policies in your applications, infrastructure,
Azure to govern every existing or and network.
future resource deployed.

Azure Carbon Optimization

Analyze and gain understanding of emissions
that result from Azure use, with the goal
of optimizing and reducing those emissions.
Demo:
FinOps Review Assessment
DAY 1

Introduction

Overview of Optimization
and FinOps as a mindset Break
Break
Next:
Design for optimization: Balancing cost
and risk within your cloud platform Design for optimization: Balancing cost and
Break
growth within your cloud platform

Demo - Prepare your cloud

environments for ongoing optimization

Closing Q&A
DAY 1

Introduction

Overview of Optimization
and FinOps as a mindset Design for Optimization:
Break
Balancing cost and risk within
your cloud platform
Design for optimization: Balancing cost
and risk within your cloud platform

Break

Demo - Prepare your cloud

environments for ongoing optimization

Closing Q&A
Learning
Objective

Discover Microsoft guidance,

products, and tools to optimize
your cloud investment
Building reliable and secure systems, as a shared
responsibility
CUSTOMER WORKLOADS:
Architecture design principles
Your app or workload architecture, built on the below.
Enable Reliability &
CUSTOMER CLOUD ENVIRONMENT: Security ‘in’ the cloud
Resiliency & Security features
Optional Azure capabilities you enable as needed in your environment —
security, high availability, disaster recovery, and backup.

AZURE PLATFORM:
Resilient & Secure foundation Leverage Reliability &
Core Azure capabilities built into the platform — how the foundation is
designed, operated, and monitored to ensure availability and security. Security ‘of’ the cloud
Building reliable and secure systems, as a shared
responsibility …and this is how Microsoft can help
CUSTOMER WORKLOADS: Azure Well-
Architecture design principles Architected
Your app or workload architecture, built on the below. Framework
Enable Reliability &
CUSTOMER CLOUD ENVIRONMENT: Cloud Security ‘in’ the cloud
Resiliency & Security features Adoption
Optional Azure capabilities you enable as needed in your environment — Framework
security, high availability, disaster recovery, and backup. for Azure

AZURE PLATFORM:
Resilient & Secure foundation Leverage Reliability &
Core Azure capabilities built into the platform — how the foundation is
designed, operated, and monitored to ensure availability and security. Security ‘of’ the cloud
 Balance comes in several forms

on
Achieve balance
tati
e

Pr
en
pl

oc
Peo

Control Speed
m

ess
u

oo
Doc

& Stability & Results

ls
tes
Be

pla

pr
st

ac Te
m

tice
s

Align business, people and technology strategy.

Technology Achieve business goals with actionable, efficient, and comprehensive guidance.
Deliver fast results with control and stability.
Microsoft Azure Well-Architected Framework
Architecture guidance and best practices, created for architects, developers, and solution
owners, to improve the quality of their workloads, based on 5 aligned and connected pillars

Cost Operational Performance

Reliability Security Optimization Excellence Efficiency

https://aka.ms/WAF
Cloud Adoption Framework instills confidence
within organizations to accelerate and execute adoption
Proven business and technical guidance to help customers create and implement
the business and technology strategies necessary to succeed in the cloud.

Define strategy Plan Ready Adopt

Define motivations, and Create actionable cloud Prepare cloud environments Migrate or Innovate
create a business case adoption plan aligned to with Azure landing zones Design, build and deploy
leveraging cloud economics the strategy workloads to Azure

Secure Manage Govern

Automate governance Build operations Automate governance
baseline and empower baseline and support baseline and empower
delegated responsibility enterprise operations delegated responsibility
We will focus on three Cloud Adoption Framework
methodologies related to optimization
Proven business and technical guidance to help customers create and implement
the business and technology strategies necessary to succeed in the cloud.

Define strategy Plan Ready Adopt

Define motivations, and Create actionable cloud Prepare cloud environments Migrate or Innovate
create a business case adoption plan aligned to with Azure landing zones Design, build and deploy
leveraging cloud economics the strategy workloads to Azure

Secure Manage Govern

Automate governance Build operations Automate governance
baseline and empower baseline and support baseline and empower
delegated responsibility enterprise operations delegated responsibility
Govern : Cloud Governance
Why is governance important?
Who is responsible for monitoring? Support?
And operations?
Control Speed
Which services should be migrated to Azure?
& Stability & Results
What roles & responsibilities must be defined?

What security measures should I consider?

What are the core processes needed

for service management?

How do I ensure a balance between innovation,

• Maintaining full compliance cost, and agility?
• Creating better cost visibility and control What organizational changes are needed?
• Improving security posture What key capabilities must I develop?
• Being agile—to support scale Azure governance building blocks?
Cloud governance team
A cloud governance team evaluates and manages risk
tolerance, identifies high-risk areas for business, and
converts risks into governing corporate policies.
Determine the necessity of a cloud governance team.
Cloud governance
Align with other teams to: team functions
• Review your company's strategy and plan template with members of the
cloud strategy team to understand motivations, metrics, and strategy.
• Review your company's cloud adoption plan template with members of
the cloud adoption team to understand timelines and prioritization.
Ensures cloud-adoption risks
and risk tolerance are properly
• Review the operation team's operations management workbook to understand the
operational requirements and commitments that have been established with the business.
evaluated and managed.

Establish cadence with teams that aligns with:

• Release and planning cycles. Identifies risks that can't be tolerated
• The cloud strategy team to review risks of the next wave of adoption by the business, and converts risks
and gauge the team's level of tolerance for risks. into governing corporate policies.
• Review and iterate.
 https://aka.ms/adopt/Gov

Governance methodology
Envision an end state – and incrementally build trust and confidence.
Govern Define corporate policy
Business risks Policy & compliance Process
Document evolving business risks and the Convert risk decisions into policy Establish processes to monitor
business’ tolerance for risk, based on data statements to establish cloud violations and adherence to
classification and application criticality. adoption boundaries. corporate policies.

Five disciplines of cloud governance

Cost management Security baseline Resource consistency Identity baseline Deployment acceleration
Evaluate and monitor costs, Ensure compliance with IT Ensure consistency in resource Ensure the baseline for identity Accelerate deployment through
limit IT spend, scale to meet security requirements by configuration. Enforce practices and access are enforced by centralization, consistency, and
need, and create cost applying a security baseline to for on-boarding, recovery, and consistently applying role standardization across
accountability. all adoption efforts. discoverability. definitions and assignments. deployment templates.

Governance funnels corporate policy changes into five actionable disciplines –

enabling your organization to modernize and reach business goals.
Cost management
Based on FinOps Foundation’s best practices.
Establish controls and processes to ensure proper
allocation of cost across business units, implement cost Azure tools & services
guardrails, and analyze the cost of applications.
Define FinOps for Azure
• Enterprise Enrollment Hierarchy Process and Azure Cost
RACI Azure Cost Management Budgets and Alerts + RACI Management Calculator
• Cost Management RBAC Model Azure Policy
Define Cost Management Policies Azure Advisor
• Tagging Azure Portal
• Allowed VM SKUs
• Allowed Storage SKUs
• Allowed Networking SKUs
• Allowed Database SKUs
Security baseline
Establish policies to protect your network, assets, and data –
residing on cloud provider platform(s).
Document risks, business tolerance, and mitigation strategies related Azure tools & services
to the security of:
• Data and assets: Develop clear, simple, and well-communicated guidelines to identify,
protect, and monitor the most important data assets.
Azure Policy
• Network: Control and monitor any allowed communication between
on-premises environment and cloud workloads. Azure Defender for Cloud
Implement these best practices for corporate policy: Azure Sentinel
• Network requirements: On-premises networks must be secured against potential
unauthorized access from cloud-based resources.
Subscription Design
• Hybrid identity strategies: A key factor in structuring cloud-based identity services is the Encryption
level of integration required with existing on-premises identity infrastructure.
Hybrid Identity
• Encryption: Encryption mechanisms vary in cost and complexity, and both technical and
policy requirements, and can influence decisions on how encryption is applied and how to Azure Networking
store and manage critical secrets and keys.
• Security baseline policies: Processes that manage updates to security policy based on
Azure Automation
inputs from stakeholders (e.g., initial risk assessment and planning, deployment planning
and testing, and quarterly review and planning).
Resource consistency
Implement the foundation for governance best practices –
with correct resource organization.
Define Azure Management Groups, Subscriptions models, and RACI Azure tools & services
• To reflect security, operations and business/accounting hierarchies
• To group similar resources into logical collections
Azure Policy
Define resource consistency roles and responsibilities
Azure Monitor
• To further group applications or workloads into deployment and
operations units Azure Advisor
Define Resource Consistency Policies Resource Manager Templates
Naming Conventions Resource Graph
• Tagging Management Groups
• Allowed Locations
• Allowed Resource Types
• Allowed Extensions
• Auditing
Identity baseline
Protect your data and assets in the cloud –
implementing identity management and access control.
Define Azure RBAC Model Azure tools & services
• Using RBAC can segregate duties within a team and grant only the amount
of access to users that they need to perform their jobs.
• Microsoft requires multi-factor authentication for key admin roles to RBAC
access Azure administrative portals Microsoft Entra ID
Define Azure Access Management Process and RACI Microsoft Entra ID B2B
• Several options are available for managing identity in a cloud environment Microsoft Entra ID B2C
which vary in cost and complexity.
Directory Federation
• A key factor in structuring your cloud-based identity services is the level of
integration required with existing on-premises identity infrastructure. Directory Replication
Operationalize Azure Privileged Identity Management
• Cloud-based identity management is an iterative process.
Deployment acceleration
Establish policies to govern asset configurations or deployments
– manual, or automated through DevOps best practices.
The DevOps practices in this discipline include: Azure tools & services
Infrastructure as code
• Stand up environments in the fastest means possible.
• Remove the human element and reliably and repeatable deploy every time. Resource Manager Templates
• Improve environment visibility and improve developer efficiency.
• Store infrastructure definitions alongside application code. Azure PowerShell
Continuous integration and continuous deployment Azure CLI
• Accelerate delivery through automation. Azure Policy
• Simple and easy to use.
• Global community for actions. Resource Grouping & Tagging
Azure architectural best practices that enable deployment Azure DevOps
acceleration include Azure Landing Zones, including platform landing
Github – Azure Github Actions
zoned and application landing zones
Azure Automation
Deploy and update cloud environments in a repeatable manner using
composable artifacts Azure Verified Modules
Evaluate your cloud readiness using Microsoft Assessments

Strategic Migration
Governance Benchmark Landing Zone Review
Assessment & Readiness Tool
Understand your organization’s Identify gaps in your organization’s Assess your plan to create a landing
preparedness to implement a current state of governance and get zone to host workloads that you plan
cloud migration at scale. curated guidance on how to get started. to build in or migrate to the cloud.
Manage: Cloud Management
Evolution of the IT Business Model
The cloud is causing a paradigm shift in the function of Operations Management

Enforce / Control Enable / Support

Controlled & central responsibility Freedom & delegated responsibility

Cloud management for
cloud adoption efficiency
Establish management baseline
1 Define the criticality classifications, cloud management tools, and processes.

Define business commitments

2 Document supported workloads to establish operational commitments.

Expand management baseline

3 Make use of the included best practices based on business
commitments and operations decisions.

Advanced operations and design principles

4 Use a deeper architecture review to deliver on resiliency and
reliability commitments.
Methodology to enable cloud management
Cloud operations disciplines Business alignment
1
Establish Criticality
Management Inventory and Operational Protect and
management
baseline baseline visibility compliance recover

Impact

Advanced Enhanced Platform Workload

Commitment
operations baseline specialization specialization

Expand
Advanced operations Define business
3 management
and design principles 4 commitments 2
baseline
Management Why do you need this?
baseline A well-guided management baseline defines a set of cloud
management tools and processes required to deliver your
minimum commitment to operations management.

Goals for management baseline

• Define the basic tools needed for managing operations
around any Azure production environments
• Focus on the minimum options and processes
necessary instead of all the available options
• Use the management baseline to apply resource
consistency across different resources on the
Azure platform
Business Why do you need this?
alignments and Business alignment with cloud management is
required to rethink commitments to operational
commitments management in partnership with the business.

Goals for management baseline

• Document the criticality and relative business value
of each workload
• Establish clear performance expectations and
business interruption time/value metrics
• Document, track, and report on commitments to
cost and performance
Methodology to enable cloud management
Cloud operations disciplines Business alignment
1
Establish Criticality
Management Inventory and Operational Protect and
management
baseline baseline visibility compliance recover

Impact

Advanced Enhanced Platform Workload

Commitment
operations baseline specialization specialization

Expand
Advanced operations Define business
3 management
and design principles 4 commitments 2
baseline
Enhance Why do you need this?
management Outline a minimum viable product (MVP) for cloud
management services, referred to as a management
baseline baseline, and add common improvements to the baseline.

Goals for management baseline

• In addition to management baseline, improve
business commitments with enhanced
management baseline
• Improve uptime and decrease recovery times
for the entire portfolio of workloads with
cloud-native tools
Enhanced baseline
Advanced operations
Evaluate common additions to the baseline that might meet
business needs. Azure tools & services
• Use enhanced management baseline cloud-native operations tools and
processes to extend the business commitment. Azure Resource Graph
• A number of mission-critical workloads might require enhancements to IT Service Management Connector
the management baseline for better commitment. Azure Automation
• Enhanced baseline can be enabled to perform advanced management Azure Automation Hybrid
operations and processes such as: Runbook Worker
• Service change tracking
Desired State Configuration (DSC)
• ITSM integration
• Operations automation
Microsoft Defender for Cloud
• Multi-cloud operations
• Guest automation Advanced Enhanced
operations baseline
• Breach notification
Advanced Why do you need this?
design Management specialization is required to improve the
design of common systems (platforms) or specific
principles workloads to effectively minimize interruptions.

Goals for management baseline

• Improve the resiliency and design of business
critical workloads
• Detect trends and provide automated remediation
• Create repeatable solutions to minimize
maintenance overhead
• Use advanced monitoring tools to discover
incremental improvements
Workload specialization
Advanced operations
Invest in ongoing operations of a shared platform,
distributing the investment across multiple workloads. Azure tools & services
• Trigger a cultural change in traditional IT build processes that focus
on delivering a management baseline, enhanced baselines, and Azure Monitor logs
platform operations. Application Insights
• Apply best practices for improving the resiliency and design of a Azure Automation
specific system with Azure Well-Architected Framework guidance and
reference architecture from Azure Architecture Center. Azure Well-Architected Framework
• Get the flexibility of advanced monitoring of options for monitoring Azure Architecture Center
performance, availability, usage, and dependencies.
• Operational tasks shift to an application-development or
business-unit organization.
• Application insights—to get deep insights on the specific workload— Workload Workload
are required to provide clear workload operations. operations specialization
Ready: Azure Landing Zones
What are you building?
Your cloud foundation supports the construction of a—

House Stadium Bridge

What are • Starting a journey based on best practices with a
landing zones start-to-finish plan is a key factor for success

for? • Creating well-designed foundations for a cloud

environment will enable the safe adoption of new
technologies, at pace

• Using consistent, repeatable environment designs

helps scaling out in a manageable way

• Baking in repeatable best practices into

environment deployments

• Factoring your team's technical skills into

environment planning
Azure landing zones
Design areas

ENVIRONMENT COMPLIANCE

Azure billing and

Security
Azure Active Directory tenant

Identity and access

Governance
management

Resource organization Management

Network topology Platform automation and DevOps

and connectivity
Azure landing zones
Set up Azure environments
for scale, security, governance, networking, and identity

 Enable migrations and net new apps

 Consider all platform resources

 Don't differentiate between IaaS or PaaS

Foundations in the cloud

W W
Workload

Workload Workload W W W
Assets
(Resources in Azure) W W W W W W
Workload Workload
Foundation
utilities Application landing Application landing
Workload Workload zone zone

Workload Platform landing zone Platform foundation

Foundation utilities
Align the foundation W
W W W
W
W W W
W
W W W

to your chosen cloud operating model

W W W
Distributed operations
W

W W
Enterprise operations

W
Central operations
W Workload
Application landing zones
Decentralized operations Platform Landing Zone
Find the operating model that fits your requirements
W W W
WW W WW W WW W

W W
W W W W W W

Decentralized operations Central operations Enterprise operations Distributed operations

Which motivation is your highest strategic priority?

Innovation Control Democratization Integration

What's the scope of your portfolio?

Workload Landing zones Cloud platform Complex portfolio

Who’s accountable for governance, security, and operations decisions?

Workload teams Central IT Cloud Center of Excellence Mix of all three or unknown
Azure landing zone conceptual architecture
What does it represent?

✓ Target end-state for most organizations

✓ Scaled-out and mature environment

✓ Customer and partner practices for

environment design across Microsoft

✓ Strong foundation for management,

governance, and security processes
Assess each stage of your cloud journey
Start Align Enhance
Build a new environment For your existing environments— Follow best practices guidance
informed by best practices and align to the architectures and in Secure, Manage, and Govern
proven architectures. guidance of Azure landing zones. methodologies to continue to
mature and evolve your Azure
Explore design areas environments—and realize the value
to understand considerations and of cloud-native technologies.
decisions for your journey.

We have not deployed We have environments and We have environments and

anything in Azure and landing zones already, but our landing zones already, using
want a start-to-finish plan requirements have changed, the CAF guidance, and want to
based on best practices. and we need to move towards a continue improving the
different type of architecture. controls and configuration.
Azure landing zone accelerators
Fastest path to deployment

Deploy tested,
Microsoft Azure Based on Azure Quickly implement best-practice
portal landing zone scaled-out configurations for
implementation conceptual governance and key governance
experience architecture security policies, processes,
and tools
Azure landing zone accelerators
Accelerate your customer value

What if we could reach customer value at pace?

Typical project Much resource investment In an increasingly large

engagements to design can be in developing portion of cases, the
and build an Azure implementation artifacts, outcomes look relatively
environment can run for implementation engineer similar (+/- a few
3-4 months, at time, and project percentages for low level
considerable cost. management. customizations).
Azure landing zones
Deployment options summary
Azure landing zone portal accelerator (default option)
Fastest path to the target Implements environmental Implements opinionated compliance
architecture design practices design best practices

Alternative approaches for customization

Partner landing zones Bicep Terraform

• Created and customized by your • Rapidly deploy environment design areas, • Azure landing zone approaches are
implementation partner or managed but defer compliance design areas. available for third-party configuration
service partner. tools, like Hashicorp Terraform.
• Accelerates low-risk deployments, but
• Customized to your operations increases time to compliance.
and adoption plans. • Ideal for central IT and centralized
• Evaluated against the conceptual operations, with controlled adoption flows.
architecture.
Azure landing zones
Partner and open-source implementation options
Azure Region 1
Partner landing zone
Validate partner offer hub-core-sec hub-operations
Understand partner approaches and solution
Validate cloud operating model
Review partner solution for governance, security, and compliance Diagnostics Logging
Review partner design, based on design areas
Activity Logs
Deployment options for partner landing zone
Log Analytics

Azure landing zones Terraform modules

Build on existing Terraform skills
Network Monitoring
Path for multi-cloud operating models AD Assessment
Security Center AD Replication
Design Azure landing zones, based on design areas Agent Health Assessment
Enable the community with a set of sample reusable landing zones DNS Analytics
Key Vault Analytics
Deploy workloads to Azure
Compliance in an operational environment
What does this look like for you?

Govern Manage Secure

Define business risks based on Define criticality and Integrate security
data classification and relative business value of insights into a risk
application criticality. each service. management framework
Convert risk decisions into Establish clear and digital initiatives.
policy statements to establish performance expectations Integrate security insights and
cloud adoption boundaries. and business interruption practices into business and IT
Create policies to put time/value metrics. processes and integrate
guardrails in place to minimize Document, track, and security disciplines together.
business risks. report on commitments to Ensure organization can
Establish processes to monitor cost and performance. operate during attacks
violations and compliance with and rapidly regain full
defined corporate policies. operational status.
Evaluate your cloud readiness using Microsoft Assessments

Strategic Migration
Governance Benchmark Landing Zone Review
Assessment & Readiness Tool
Understand your organization’s Identify gaps in your organization’s Assess your plan to create a landing
preparedness to implement a current state of governance and get zone to host workloads that you plan
cloud migration at scale. curated guidance on how to get started. to build in or migrate to the cloud.
DAY 1

Introduction

Overview of Optimization
and FinOps as a mindset Break
Break
Next:
Design for optimization: Balancing cost
and risk within your cloud platform Demo – Prepare your cloud environments for
Break
ongoing optimization

Demo - Prepare your cloud

environments for ongoing optimization

Closing Q&A
DAY 1

Introduction

Overview of Optimization
and FinOps as a mindset Demo – Prepare your cloud
Break
environments for ongoing
optimization
Design for optimization: Balancing cost
and risk within your cloud platform

Break

Demo - Prepare your cloud

environments for ongoing optimization

Closing Q&A
Demo:
Prepare your cloud environments
for ongoing optimization
DAY 1

Introduction

Overview of Optimization
and FinOps as a mindset Closing Q&A
Break

Design for optimization: Balancing cost

and risk within your cloud platform

Break

Demo - Prepare your cloud

environments for ongoing optimization

Closing Q&A
Agenda
DAY 1 DAY 2
Introduction Introduction

Overview of Optimization Continuous improvement: Optimize your workloads

and FinOps as a mindset (Part 1)

Break Break - 10 minutes

Design for optimization: Balancing cost and Continuous improvement: Optimize your workloads
growth within your cloud platform (Part 2)

Break Break - 10 minutes

Demo - Prepare your cloud environments for Demo – Deep dive into assessing and
ongoing optimization remediating a workload

Closing Q&A Closing Q&A

DAY 2

Continuous improvement:
Introduction
Optimize your workloads
Continuous improvement: Optimize
your workloads (part 1) (part 1)
Break

Continuous improvement: Optimize

your workloads (part 2)

Break

Demo – Deep dive into assessing

and remediating a workload

Closing Q&A
Learning Understand when to use the Cloud
Objectives Adoption Framework or the
Well-Architected Framework

Discover Microsoft guidance, products,

and tools to optimize workloads

Learn from demos how to optimize

workloads with Advisor and the
Well-Architected Review
Learning
Objectives

Understand how to use

Well-Architected Framework
Discover Microsoft guidance, products,
and tools to optimize workloads
What is a Cache

workload?
Database Compute
End user Compute
The term workload in the
context of the Well-
Message File
Architected Framework Bus storage
3rd-party
refers to a collection of API
application resources, data, Vault
and supporting
infrastructure that function
together towards a defined Identity
business goal. Governance
provider
Monitoring

Developer / Code Deployment

Ops hosting pipelines
Building reliable and secure systems, as a shared
responsibility
CUSTOMER WORKLOADS:
Architecture design principles
Your app or workload architecture, built on the below.
Enable Reliability &
CUSTOMER CLOUD ENVIRONMENT: Security ‘in’ the cloud
Resiliency & Security features
Optional Azure capabilities you enable as needed in your environment—
security, high availability, disaster recovery, and backup.

AZURE PLATFORM:
Resilient & Secure foundation Leverage Reliability &
Core Azure capabilities built into the platform—how the foundation is designed,
operated, and monitored to ensure availability and security. Security ‘of’ the cloud
Building reliable and secure systems, as a shared
responsibility… and this is how Microsoft can help
CUSTOMER WORKLOADS: Azure Well-
Architecture design principles Architected
Your app or workload architecture, built on the below. Framework
Enable Reliability
CUSTOMER CLOUD ENVIRONMENT: Cloud & Security ‘in’ the cloud
Resiliency & Security features Adoption
Optional Azure capabilities you enable as needed in your environment— Framework
security, high availability, disaster recovery, and backup. for Azure

AZURE PLATFORM:
Resilient & Secure foundation Leverage Reliability &
Core Azure capabilities built into the platform—how the foundation is designed,
operated, and monitored to ensure availability and security. Security ‘of’ the cloud
Viewing Azure Services from different lenses

PRODUCT
WORKLOAD PORTFOLIO
D O C U M E N TAT I O N
PRODUCT
DOCUMENTATION
 Reliability Performance efficiency

Cost optimization Security

W O R K LOA D Operational excellence

WORKLOAD

APP

INFRA D ATA
 a
Strategy/Plan
Ready/Azure Landing Zone
P O RT F O L I O Adopt: Migrate, Modernize, Innovate
Compliance: Governance, Security, & Operations

WORKLOAD WORKLOAD WORKLOAD WORKLOAD

APP APP APP APP

INFRA DATA INFRA DATA INFRA DATA INFRA DATA

WORKLOAD WORKLOAD WORKLOAD WORKLOAD

APP APP APP APP

INFRA DATA INFRA DATA INFRA DATA INFRA DATA

WORKLOAD WORKLOAD WORKLOAD WORKLOAD

APP APP APP APP

INFRA DATA INFRA DATA INFRA DATA INFRA DATA

Well-Architected
Framework
Architect and optimize workloads for success

Actionable & simple Build workloads Know where

to use deep with confidence to focus to
technical resources using proven optimize
to design workloads best practices. workloads.
that show results.
Azure Well-Architected
Build and optimize high-performing workloads
Azure
Architecture Well-
Build workloads with Architected
Design Principles
confidence in proven Tradeoffs Review
practices. Checklists Skilling
Azure
Advisor
Azure
Design high-performing Reliability
Well-
workloads using deep Cost optimization
Architected
Framework
technical guidance. Product
Operational excellence Architecture
Docs Center
Optimize workloads with Performance efficiency
Partner and
actionable areas of focus. Service Offers
Security
Best practices to drive workload quality

Cost Operational Performance

Reliability Security Optimization Excellence Efficiency

https://aka.ms/WAF
Business requirements influence decisions
about workload architectures
What tradeoff decisions must you make in a business context?

Development/test Mission-critical Securing all

workloads workloads workloads
The Well-Architected Framework – content flow

Reliability
Checklist
Recommendations…
Cost RE01 RE02 Recommendations…

optimization
Recommendations…
RE03 RE04 Recommendations…
Operational
excellence
Design
Principles RE05 RE06
Recommendations…
Recommendations…
Performance
efficiency Recommendations…
RE07 RE08 Recommendations…

Security
Recommendations…
RE09 RE10 Recommendations…
WAF: Design Principles
Reliability design principles
Building a reliable application in the cloud is different
from traditional application development. Historically, Goals of Design Goals of Design
you may have purchased levels of redundant higher-end
hardware to minimize the chance of an entire Principles Principles
application platform failing.

In the cloud, we acknowledge that failures happen. • Help set strategic vision Title / Role Awareness Activation
Instead of trying to prevent failures altogether, the goal
is to minimize the effects of a single failing component. • Universally applicable Business
To assess your workload using the tenets found in the concepts Decision
Azure Well-Architected Framework, reference the Maker
Microsoft Azure Well-Architected Review. • Not “hands-on- Solution
The following design principles provide: keyboard” guidance Architect
• Context for questions Workload
• Why a certain aspect is important Owner
• How an aspect is applicable to Reliability
Engineer
These critical design principles are used as lenses to
assess the Reliability of an application deployed on
Azure. These lenses provide a framework for the
application assessment questions.
WAF: Checklists, Recommendations, and Tradeoffs
Pillars People

Tradeoffs Consulting role

Recommendation guides Workload facing

Checklist
WAF: Checklists, Recommendations, and Tradeoffs
Checklist

One for each pillar

High-level recommendations

Concise and descriptive

Ordered
WAF: Checklists, Recommendations, and Tradeoffs
Recommendations Tradeoffs

Depth

Considerations
Expert guidance

Consistent structure
WAF: Checklists, Recommendations, and Tradeoffs

Tradeoffs

Considerations
WAF: Tradeoffs
Tradeoffs

Reliability vs. cost

Reliability vs. performance

Reliability vs. ease of management

Well-Architected Review assessments
Description:
• A free collection of self-guided assessments that reviews
architectural design patterns for various workload types.
• Based on the five pillars of the Well-Architected Framework.
• Recommendations are links to WAF docs and product docs.
• Integration with Azure Advisor ingests recommendations based on
telemetry to make WAF-based recommendations more actionable.
• Milestones and checklists allow customers to maintain
status of remediations.
• Scripts generate Azure DevOps (ADO) work items
or .csv files for tracking.

Use cases:
• Leverage as a checklist of considerations while
designing a workload and its architecture.
• Perform go-live assessment as an aspect within a
pre-deployment checklist.
• Periodic review of an existing workload in production.
Continuous review and improvement

Monitor system
and understand Assess
operational health

Rehearse, recover,
and practice failure Monitor Integrate

Implement Triage
Embrace continuous
operational improvement
DAY 2

Introduction

Continuous improvement: Optimize

your workloads (part 1) Break
Break
Next:
Continuous improvement: Optimize
your workloads (part 2) Continuous improvement:
Break
Optimize your workloads (part 2)

Demo – Deep dive into assessing

and remediating a workload

Closing Q&A
DAY 2

Introduction

Continuous improvement: Optimize

your workloads (part 1) Break
Break
Next:
Continuous improvement: Optimize
your workloads (part 2) Continuous improvement:
Break
Optimize your workloads (part 2)

Demo – Deep dive into assessing

and remediating a workload

Closing Q&A
DAY 2

Continuous improvement:
Introduction
Optimize your workloads
Continuous improvement: Optimize
your workloads (part 1) (part 2)
Break

Continuous improvement: Optimize

your workloads (part 2)

Break

Demo – Deep dive into assessing

and remediating a workload

Closing Q&A
Learning
Objectives
Understand when to use the Cloud Adoption
Framework or the Well-Architected Framework.

Discover Microsoft guidance, products,

and tools to optimize workloads.

Learn from demos how to optimize workloads

with Advisor and the Well-Architected Review.
Learning
Objectives

Learn from demos how to optimize

workloads with Advisor and the
Well-Architected Review
Azure Advisor
Azure Advisor
Your free, personalized guide to Azure best practices
 Best practices to set up and optimize your Azure workloads
 Simple, step-by-step guidance and quick actions for fast remediation
 One place to review and act on recommendations across Azure
 Alerts and digests to notify you about new recommendations

Cost Security Performance Reliability Operational

excellence
Maximize the Protect your Azure Boost speed and Increase uptime
return on your resources from responsiveness of of your business- Process and
Azure investment security threats your resources critical apps workflow efficiency
and manageability
How Advisor works

Your Workloads ge O Azure Services

a
us tion rec ur
om
a

be en
and con urce
ur

st dations
m
fig
Your reso

pra
Azure

ctice
Advisor

re One t l for n
so u oo t i o
rce optimiza
1000+ best practice recommendations and counting
Examples

Operational
Cost Security Performance Reliability
excellence

Resize or shutdown Enable MFA on Update table statistics Use Managed Create Service
underutilized accounts with on your SQL Data Disks to improve Health alerts to
virtual machines. subscription owner Warehouse table to data reliability. be notified when
permissions. increase query Azure issues
Reduce costs by performance. Enable VM Backup affect you.
eliminating Install monitoring to protect your
unprovisioned agent on virtual Add regions with traffic virtual machine Repair invalid log
ExpressRoute machine scale sets. to your Azure Cosmos data from alert rules.
circuits. DB account. accidental deletion.
 ASOS Customer Use Case
Well-Architected Framework – Cost Optimization

“Our cloud cost optimization has

Cost
already saved us 25 to 40 percent.
Resize or shutdown It’s a different framework – a different mentality. People needed a
underutilized little bit of discipline each day, and it happened very quickly, within
virtual machines. a couple of weeks.
Reduce costs by
eliminating We saw a drastic change, and teams haven’t felt the pinch they
unprovisioned were expecting after implementing better practices. They see the
ExpressRoute
circuits. long-term benefits, so the culture has changed.”

- ASOS
 ASOS Customer Use Case
Well-Architected Framework – Optimization

“Our cloud optimization has

Cost already saved us 25 to 40 percent.
Resize or shutdown It’s a different framework – a different mentality.
underutilized
virtual machines.
People just needed a little bit of discipline each day, and
Reduce costs by then it happened very quickly, within a couple of weeks.
eliminating
unprovisioned We saw a drastic change, and teams haven’t felt the pinch
ExpressRoute they were expecting after implementing better practices.
circuits.
They see the long-term benefits, so the culture has
changed.” - ASOS
Introducing Advisor
Workbooks
A video
Remediating Advisor
recommendations
Advisor recommendations screenshot 4
Rely on guidance and tools throughout the workload lifecycle

Pre-deployment Production

DESIGN BUILD TEST MONITOR M A I N TA I N

User Devs/Architects DevOps, ISVs DevOps Architect/App Owner

Tools Reference Architectures Well-Architected Review Advisor

Process Iteration Remediation

Guidance Azure Architecture Center and Well-Architected Framework

Build workloads with confidence Design high-performing workloads Continuously improve workloads with
with proven best practices using deep technical guidance actionable focus areas
DAY 2

Introduction

Continuous improvement: Optimize

your workloads (part 1) Break
Break
Next:
Continuous improvement: Optimize
your workloads (part 2) Demo – Review and remediate a workload
deployed in production
Break

Demo – Deep dive into assessing

and remediating a workload

Closing Q&A
Demo
DAY 2

Demo – Deep dive into

Introduction
assessing and remediating
Continuous improvement: Optimize
your workloads (part 1) a workload
Break

Continuous improvement: Optimize

your workloads (part 2)

Break

Demo – Deep dive into assessing

and remediating a workload

Closing Q&A
DAY 2

Introduction

Continuous improvement: Optimize

your workloads (part 1) Closing Q&A
Break

Continuous improvement: Optimize

your workloads (part 2)

Break

Demo – Deep dive into assessing

and remediating a workload

Closing Q&A