New feature: easily assign regulatory compliance policies to your Azure Landing Zone

We are pleased to announce a new feature for the Azure Landing Zone portal accelerator that will make regulatory compliance at scale more consistent and simple to deploy. Azure Policy initiatives can now be assigned to Azure Management Groups at deployment time with just a few clicks.

An Azure landing zone (ALZ) architecture is scalable and modular to meet various deployment needs. A repeatable infrastructure allows you to apply configurations and controls to every subscription consistently. Modules make it easy to deploy and modify specific Azure landing zone architecture components as the Azure Platform and your requirements evolveALZ helps you implement best practices for governance, security, networking, identity, and operations across your cloud environments, enabled primarily by Management Groups & Azure Policy.

One of the key benefits of ALZ is that it enables you to apply Azure Policies supported by Microsoft Defender for Cloud to your landing zones, ensuring that your cloud resources are compliant with your organizational policies and standards, as well as with the regulatory frameworks that apply to your industry and region.

A policy initiative is a collection of policies. Azure Policy has a number of regulatory compliance policy initiatives that are tailored to a specific regulatory compliance framework, such as NL BIO Cloud Theme, HITRUST/HIPAA, ISO 27001, or PCI DSS. By assigning a policy initiative to your Azure environment, you can automatically enforce the compliance rules and monitor the compliance status of your resources beneath this scope and at scale.

The new feature provides flexibility that allows you to customize the policy initiative assignment by selecting the scope and parameters to suit your needs. For example, you can select the desired Management Group, from the ALZ hierarchy, you wish to assign one or more Regulatory Compliance Policy Initiatives to and provide required input parameters of these at time of deployment. You can also view the compliance results, reports, and alerts for your resources, that are within the scope the policy is assigned to, in the Azure Policy and Microsoft Defender for Cloud portals.

This new feature is available for the ALZ portal accelerator, today!

For Bicep and Terraform consumers you can also achieve the same outcome to assign these regulatory compliance policy initiatives to your ALZ Management Group hierarchy programmatically. You can find more information and documentation on this here:

• ALZ Terraform
• ALZ Bicep

We hope you enjoy the new feature and find it useful for your cloud adoption and compliance needs. We always welcome your feedback and suggestions on how we can improve the ALZ portal accelerator and ALZ overall. Please feel free to contact us by raising a GitHub Issue at aka.ms/alz/repo

Thank you for choosing Azure Landing Zones to accelerate and help you govern your cloud adoption journey!

The Azure Landing Zones core team