Part 3: Azure Foundation
DOCUMENT CATEGORY: Runbook SCOPE: Azure infrastructure foundation PURPOSE: Establish Azure subscriptions, networking, and identity MASTER REFERENCE: Microsoft CAF
Status: Active
This phase establishes the Azure infrastructure required for Azure Local deployment. It covers subscription configuration, resource group creation, networking, and identity management.
Stages 03-04 and Stage 05 Steps 1-2 require an Elevated Administrator account with Owner or User Access Administrator role at the subscription or tenant level.
The deployment SPN (Azure Local Cloud-cicd) and deployment user cannot be used until RBAC is assigned in Stage 05 Step 2. After that step completes, all subsequent stages can use deployment credentials.
See Appendix C: Authentication & Session Setup for details.
Stages Covered
| Stage | Description | Folder |
|---|---|---|
| 03 | Landing Zones & Resource Groups | phase-01-landing-zones/ |
| 04 | Resource Providers | phase-02-resource-providers/ |
| 05 | RBAC Permissions | phase-03-rbac-permissions/ |
| 06 | Azure Management Infrastructure | phase-04-azure-management-infrastructure/ |
| 07 | Identity & Security | phase-05-identity-security/ |
In This Section
- Subscription Setup - Configure Azure subscription and management groups
- Resource Groups - Create and organize resource groups
- Networking - Virtual networks, subnets, and connectivity
- Identity & Security - Key Vault, certificates, managed identities
Key Deliverables
| Deliverable | Description |
|---|---|
| Resource Groups | Organized by function (connectivity, identity, management, compute) |
| Virtual Network | Hub VNet with required subnets |
| Key Vault | Secrets and certificate storage |
| Managed Identities | Service principals for automation |
Prerequisites
Before starting this phase:
- Azure subscription with appropriate permissions
- Completed CI/CD Infrastructure (service principals, runners)
-
variables.ymlconfigured with tenant and subscription IDs
Next Steps
After establishing the Azure foundation, proceed to On-Premises Readiness to prepare site infrastructure.