Azure Landing Zones
Governed foundations for scalable product-team delivery.
Explore topicAzure platform architecture
Kamil Lygas
Senior Enterprise Architect Manager | Azure Landing Zones | Sovereign Cloud | Platform Architecture
I design secure, scalable and governed Azure platforms for enterprise product teams and regulated workloads.
This is my architecture blog: practical thinking on platform foundations, controls and operating models that allow teams to deliver safely at enterprise scale.
What I Write About
I focus on Azure landing zones, sovereign and regulated cloud environments, enterprise networking and private DNS, Azure Virtual Desktop, identity controls, Terraform-based infrastructure as code and platform engineering for secure multi-tenant products.
Featured Topics
Architecture themes for governed, secure Azure delivery.
Sovereign Cloud
Control boundaries and resilience for regulated workloads.
Explore topicAzure Virtual Desktop
Secure enterprise desktop platform architecture.
Explore topicAzure Networking
Private connectivity and enterprise name resolution.
Explore topicIdentity & Security
Identity-led controls for trusted cloud platforms.
Explore topicInfrastructure as Code
Repeatable delivery with Terraform and policy automation.
Explore topicPlatform Engineering
Governed self-service capabilities for product teams.
Explore topicRecommended Architecture Notes
Start with the core patterns behind secure Azure platform foundations.
Designing Azure Landing Zones for Product Teams
Build a governed foundation that supports autonomy, repeatability and enterprise controls.
Read architecture notePrivate DNS at Scale in Azure Landing Zones
Design private resolution patterns that stay manageable across connected landing zones.
Read architecture noteProfessional Credibility
I bring more than 19 years in IT and experience spanning Microsoft Azure, Microsoft 365 and Citrix Cloud. My work includes lead Azure architecture for global multi-tenant platforms, governed landing zones and cloud foundations for regulated environments.
Connect
Find me on LinkedIn and GitHub, or read the latest articles below.
Follow Azure architecture notes
Follow new Azure architecture notes via RSS or connect with me on LinkedIn. Public technical work is also available on GitHub.
Latest articles
Designing Pod-Based Global DNS for Azure Landing Zones
As enterprise Azure estates grow, DNS moves from being an application configuration item to being a platform control plane. A useful namespace should express durable ownership and resolution boundaries across public s...
Continue readingPrivate DNS at Scale in Azure Landing Zones
Private endpoints are straightforward to demonstrate in one virtual network. Across many subscriptions, products, environments and connected networks, private DNS becomes one of the most important shared services in a...
Continue readingPrivate Endpoints Need Private DNS Zones
Private connectivity is not complete when an endpoint resource exists in the portal. It is complete when the intended clients can resolve the service name correctly and use the private path reliably.
Continue readingDesigning Azure Landing Zones for Product Teams
Azure product teams need a platform that removes repeated foundation decisions without removing accountability. An Azure landing zone should make secure delivery the normal path, not become a central queue for every s...
Continue readingConfiguring Infrastructure using Ansible
Recently, I invested a lot of time into writing Terraform code to deploy a fairly complex infrastructure in Azure, which included a Virtual WAN, Firewall, Azure Front Door, and multiple virtual networks in two differe...
Continue reading