← daniellepel.com
Capability Profile
Capability Profile
Azure Platform Design
Infrastructure that is built to be governed from the start
Azure platform design covers the structural architecture of an organization's Azure environment, covering how subscriptions, management groups, networking, identity integration, and governance are organized to support workload deployment at scale.
Overview
My Experience
Key Work
Related
What It Is
Azure platform design is the foundational architecture work that happens before workloads are deployed. This includes subscription and management group structure, Azure Policy configuration, networking topology, identity integration with Entra ID, and the governance baseline that controls how resources are deployed and maintained. Organizations that skip this work and deploy workloads directly into an unstructured Azure environment accumulate architectural debt that compounds into inconsistent configurations, ungoverned resource sprawl, and security gaps that are expensive to remediate retroactively.
Why It Matters
The Azure landing zone concept, a pre-configured environment with governance built in before workloads arrive, exists because Microsoft has seen what happens without it at scale. Workload teams make independent infrastructure decisions, each reasonable in isolation, that collectively produce an environment no one can govern consistently. Azure Policy, management group hierarchy, and a defined networking topology are not overhead. They are what makes it possible to operate Azure at scale without a dedicated team managing exceptions and remediating drift continuously.
Architecture Scope
  • Landing zone design - Management group hierarchy, subscription structure, policy assignment inheritance
  • Azure Policy - Configuration baselines, compliance enforcement, automated remediation
  • Networking - Hub-spoke topology, virtual network design, private endpoints, DNS architecture
  • Identity integration - Entra ID RBAC, PIM for Azure roles, managed identity design
  • Cost management - Tagging standards, budget alerts, Advisor recommendations, right-sizing
  • Data platform - Azure Data Lake Storage, Data Factory, Databricks for analytics workloads
In Practice

At Latham Pool Products, I built the Azure infrastructure for a DevOps-driven ERP integration project: Azure Data Lake Storage, Data Factory, and Databricks working together as a data pipeline that moved ERP data between systems as part of a broader modernization effort. At NBT, the work was hub-and-spoke network architecture, Azure Policy governance baselines, and Azure Arc for on-premises server management across client environments.

My Azure platform work spans both the infrastructure governance side and the data platform side. At Latham Pool Products, I built the Azure infrastructure for a DevOps-driven ERP integration project: Azure Data Lake Storage, Data Factory, and Databricks working together as a data pipeline. That project was delivery-focused rather than just architectural: a working data platform that the development team could use to move ERP data between systems as part of a broader modernization effort.
At NBT, Azure work was part of the broader Microsoft platform architecture I owned across the client portfolio. The scope varied by client. Some had existing Azure environments that needed governance retrofitted; others were greenfield deployments where landing zone design was the starting point. The consistent challenge with Azure in an MSP context is that clients often have Azure subscriptions that accumulated organically rather than being architected deliberately, and the remediation work of imposing structure on an unstructured environment is harder than getting the foundation right initially.
At IBM/Collabera on a NYS data center consolidation project, my role was Wintel SME, analyzing Windows infrastructure and contributing to vendor comparison work. That context gave me exposure to large-scale infrastructure rationalization at the state government level, which informs how I think about Azure platform design for complex, regulated environments.
  • Azure data platform for ERP integration - Built Azure Data Lake Storage, Data Factory, and Databricks infrastructure at Latham Pool Products to support a DevOps-driven ERP integration project. Designed the data pipeline architecture that moved ERP data between systems as part of a broader business modernization effort.
  • Azure governance framework design - Designed Azure governance frameworks for MSP clients including management group hierarchy, Azure Policy assignments for configuration baseline enforcement, and tagging standards for cost allocation and resource management.
  • Azure RBAC and PIM extension - Extended Entra ID RBAC and PIM controls to Azure subscription and resource group roles, ensuring that Azure contributor and owner assignments were governed by the same just-in-time access controls as directory roles.
  • Cost optimization analysis - Used Azure Advisor and cost management tooling to identify right-sizing opportunities, unused resources, and reserved instance candidates across client Azure environments, surfacing specific recommendations with quantified impact.
  • NYS data center consolidation (IBM/Collabera) - Windows infrastructure analysis and vendor comparison work for a New York State data center consolidation project, contributing Wintel SME perspective to infrastructure rationalization decisions at state government scale.
← Microsoft 365 Architecture Hybrid Cloud Infrastructure →