What we do?
The simple, safe and fast track to adopting and operating Microsoft Azure
Fellowmind Managed Platform for Azure (FMP) is a tenant-wide solution,
based on a platform and modules delivered as Software-as-a-Service,
maintained by our Platform team, and supported by our Managed Service
team. It is based on Fellowmind's best practice and experience from
multiple customer engagements and aligned with Enterprise Scale as
understood in Microsoft Cloud Adoption Framework (CAF).
All services are distributed to the Azure environments in your tenant through
CI/CD pipelines at Fellowmind.
For that reason, Fellowmind Managed Platform (FMP) is not a downloadable
package. It is service comprised of modular software, with quality, support,
maintenance, documentation and backing from Fellowmind. It is composed of
an Managed Platform service with everything included; all the central features
and functions, management, governance, automation and scalability.
What we do?
Everything you need to fast track you Azure deployments in a scalable and secure manner
The implementation process starts with a design workshop facilitated and
executed by our dedicated Fellowmind Managed Platform (FMP) team, which
provides best practice and recommendations, facilitate decisions on you
desired configuration, policies and modules, and then performs an
automated implementation in your preferred Azure Region(s).
To ensure a solid update and customization process, configuration is maintained
as code, but separated from the platform code.
As part of our Fellowmind Managed Platform (FMP) we manage your entire Azure
platform. Because of this we have built in monitoring, security and governance
across our platform modules.
Subset of feature areas within the Managed Platform Service:
- Resource structure & organization
- Governance, Security and Compliance controls
- Management, logging, and patching
- Cost control and optimization
- Network topology & connectivity
- Landing Zone orchestration
Business Value
From a business perspective
Looking from different perspectives, the platform provides several compelling process-, and technical advantages as described below
CIO Perspective
- A standardized delivery which is easy to use, expand and operate
- Service Catalogs enables self-service to individuals, teams or project manager
- Fewer critical or high impact cases and shorter time to recovery
- Avoid the dependency on key-employees
- Better control over budgets
Architect Perspective
- Easy to deploy a set of services and servers
- Integrated into the pipeline developers already use
- Better security utilizing governance and compliance controls
- Enables the transformation to native cloud and services
- Fast track to have compliance and security in place
Operations Perspective
- Automation saves time and provides consistency and flexibility
- Version control, tracking and change management ensure quality
- Automates recovery and deployment
- Free up time - leaving more time for innovation and improvements
- SaaS without the vendor lock-in
Services
These are in place to make sure that all modules of the managed platform are stable, secure, and evergreen.
- Governance
- Fellowmind establishes the tooling needed to support Azure governance, compliance auditing and automated guardrails, as well as provisioning landing zones.
- Continuous platform updates
- Fellowmind updates the platform on a continuous basis with new features, updates, emergency patches all applied ad-hoc. Detailed feature list of infrastructure can be found in the documentation service.
- Resolution of high priority incidents
- Fellowmind does resolution of high-priority incidents during office hours, 08:30-16:30 CET/CEST.
- Compliance reporting
- Fellowmind will send monthly compliance reports on set policies.
- Budget reporting
- Fellowmind will send monthly budget reports on set budgets.
- Platform monitoring and alerting
- Fellowmind monitors all services within the platform and handles alerts. Monitoring baseline is documented in the documentation service.
- Virtual machine services
- Fellowmind will continuously update Windows and Linux Operating systems according to chosen patch management strategy.
- Fellowmind monitors and do proactive maintenance of backups, assign default backup strategy to VMs.
- Fellowmind onboards virtual machines to Microsoft Defender for Servers and does alert dispatching.
- Service management meetings
- Fellowmind facilitates quarterly meetings with the purpose giving insights into future and current topics like, cost optimization, features, services and projects. This to identify potentials for the customer to deliver an improved quality of service and more cost effective service.
Deliveries
Fellowmind provides the following deliveries as part of the Managed Platform Services
- Fellowmind delivers a uniform structure of the Azure platform
- This means that all applications are built on the same principles, including networks, governance, logs, etc. They are subject to the same policies/rules/security principles based on what is currently Microsoft best practice.
- Regulatory Compliance
- It's possible to attach specific frameworks to the platform, such as NIS2 etc.
- Platform monitoring and alerting
- Fellowmind monitors the entire platform unless otherwise agreed, using a large set of standard alarms defined by Fellowmind. These alarms are either tenant wide alarms or platform specific alarms. Additionally, Fellowmind delivers a baseline set of catalog alarms.
- Reporting
- On a monthly basis, Fellowmind delivers reporting on usage, cost, security and compliance.
- Diagnostics and resource logs
- All set-up of diagnostics and resource logs on all resources, and their handling, are uniform.
- Platform resources
- The Managed Platform and its components are continuously updated as Microsoft features and services are updated or when Microsoft introduces new services.
- Identity and access management
- Identity and access management are governed uniformly. By automating assignment and mapping of Azure Roles with Entra Id Groups.
- Documentation
- All documentation is hosted as a web app to provide single site for all platform related documentation, uniform way of ordering new service requests, lookinto Roadmap and releases and be used in connection with risk management, controls and compliance.
Features
Overview of the managed platform feature and a comparison with the Microsoft provided 'ALZ'
Microsoft Azure Landing Zone reference implementation.
Standard (for all customers)
Optional (based on customer needs)
ALZ = Microsoft ALZ
FM = Fellowmind
GSC (Governance, Security & Compliance)
| Feature | ALZ Microsoft ALZ | FM Fellowmind | |
|---|---|---|---|
| Hierarchy | (Hierarchy) Idempotent configuration of Management Groups and Subscriptions Idempotent configuration of Management Groups and Subscriptions | ||
| Subscription lifecycle | (Subscription lifecycle) Management of pre-ordered subscriptions available for immediate use for new Landing Zones Management of pre-ordered subscriptions available for immediate use for new Landing Zones | ||
| Policy | (Policy) Idempotent configuration of Azure Policy Initiatives, Definitions, Assignments, and Exemptions Idempotent configuration of Azure Policy Initiatives, Definitions, Assignments, and Exemptions | ||
| Policy | (Policy) Automated policy remediation Automated policy remediation | ||
| Subscription lifecycle | (Subscription lifecycle) Deletion of unused Landing Zones after end of lifecycle using Azure tags Deletion of unused Landing Zones after end of lifecycle using Azure tags | ||
| Subscription lifecycle | (Subscription lifecycle) Repurpose of decommissioned landing zones for future landing zones Repurpose of decommissioned landing zones for future landing zones | ||
| Resource lifecycle | (Resource lifecycle) Automated deletion of resources based on tags to control lifecycle and avoid runaway consumption. (Commonly for Dev/Test) Automated deletion of resources based on tags to control lifecycle and avoid runaway consumption. (Commonly for Dev/Test) | ||
| RBAC | (RBAC) Idempotent configuration of Entra Id Groups which are assigned to Azure RBAC roles Idempotent configuration of Entra Id Groups which are assigned to Azure RBAC roles | ||
| RBAC | (RBAC) Removal of Classic Administrator access on subscriptions Removal of Classic Administrator access on subscriptions | ||
| RBAC | (RBAC) Automatic cleanup of direct access created on management groups and subscriptions Automatic cleanup of direct access created on management groups and subscriptions | ||
| RBAC | (RBAC) Add users and service principals to Entra Id Groups as Group members & owners Add users and service principals to Entra Id Groups as Group members & owners | ||
| Landing Zone | (Landing Zone) Landing zone orchestration using Azure Blueprint Assignments Landing zone orchestration using Azure Blueprint Assignments | ||
| PIM | (PIM) Enrollment of Azure Access using Entra Id Group Enrollment of Azure Access using Entra Id Group Requires Entra ID P2 | ||
| PIM | (PIM) Privileged Identity Management enrollment of Entra Id Role access using Entra Id Group Privileged Identity Management enrollment of Entra Id Role access using Entra Id Group Requires Entra ID P2 | ||
| Reporting | (Reporting) Monthly report of Azure Consumption for each subscription in excel format Monthly report of Azure Consumption for each subscription in excel format | ||
| Reporting | (Reporting) Monthly report of centralized log analytics usage broken down on subscription usage in excel format Monthly report of centralized log analytics usage broken down on subscription usage in excel format | ||
| Reporting | (Reporting) Monthly report of centralized log analytics usage broken down on resource type in excel format Monthly report of centralized log analytics usage broken down on resource type in excel format | ||
| Reporting | (Reporting) Monthly report of Azure Policy compliance for each subscription in excel format Monthly report of Azure Policy compliance for each subscription in excel format | ||
| Reporting | (Reporting) Monthly report of Azure Secure Score for each subscription in excel format Monthly report of Azure Secure Score for each subscription in excel format | ||
| Reporting | (Reporting) Monthly report of Azure advisor score for each subscription in excel format Monthly report of Azure advisor score for each subscription in excel format | ||
| Operations | (Operations) Patch management enrollment using Azure Tags Patch management enrollment using Azure Tags |
Management
| Feature | ALZ Microsoft ALZ | FM Fellowmind | |
|---|---|---|---|
| Patching | (Patching) Centralized Patch Management for Linux and Windows VMs Centralized Patch Management for Linux and Windows VMs | ||
| Logging | (Logging) Central logging for all landing zones Central logging for all landing zones | ||
| Logging | (Logging) Automated Diagnostic Logs Collection for known and supported resources in Azure Automated Diagnostic Logs Collection for known and supported resources in Azure | ||
| VM Management | (VM Management) Azure AutoManage custom profiles ready to onboard landing zone VMs Azure AutoManage custom profiles ready to onboard landing zone VMs | ||
| Security | (Security) Azure sentinel ready (Online Landing zone) Azure sentinel ready (Online Landing zone) | ||
| Event Management | (Event Management) Centralized alerting for Tenant-wide alerts Centralized alerting for Tenant-wide alerts | ||
| Event Management | (Event Management) Alert Catalogue for common alerts to be used as a reference when building Landing Zones Alert Catalogue for common alerts to be used as a reference when building Landing Zones | ||
| Event Management | (Event Management) ITSM Integration ITSM Integration | ||
| Operations | (Operations) Azure Monitor Workbooks for Tenant-wide monitoring Azure Monitor Workbooks for Tenant-wide monitoring | ||
| Operations | (Operations) Graph queries for Tenant-wide monitoring Graph queries for Tenant-wide monitoring |
Landing Zone
| Feature | ALZ Microsoft ALZ | FM Fellowmind | |
|---|---|---|---|
| Governance | (Governance) Provisioning of infrastructure baseline in Landing Zones to get started quickly Provisioning of infrastructure baseline in Landing Zones to get started quickly | ||
| Governance | (Governance) Standardized tagging for Landing Zones Standardized tagging for Landing Zones | ||
| Connectivity | (Connectivity) Network spoke provisioning (Corp Landing Zone only) Network spoke provisioning (Corp Landing Zone only) | ||
| Connectivity | (Connectivity) Network hub peering (Corp Landing Zone only) Network hub peering (Corp Landing Zone only) | ||
| Connectivity | (Connectivity) Inter-Landing Zone Direct network peering (Corp Landing Zone only) Inter-Landing Zone Direct network peering (Corp Landing Zone only) | ||
| Connectivity | (Connectivity) Enroll Landing Zone provisioned resources to specific a subnet in the Landing Zone (Using Private Endpoint - Corp Landing Zone only) Enroll Landing Zone provisioned resources to specific a subnet in the Landing Zone (Using Private Endpoint - Corp Landing Zone only) | ||
| Management | (Management) Centralized management of select resources created in Landing Zones Centralized management of select resources created in Landing Zones | ||
| Management | (Management) Landing Zone updates at scale Landing Zone updates at scale | ||
| Management | (Management) Backup policy baseline for Landing Zones Backup policy baseline for Landing Zones | ||
| Management | (Management) Azure Advisor baseline configuration for Landing Zones Azure Advisor baseline configuration for Landing Zones | ||
| Operations | (Operations) Alert processing architecture for Landing Zones Alert processing architecture for Landing Zones | ||
| Operations | (Operations) Resource Health Monitoring dispatch for Landing Zones Resource Health Monitoring dispatch for Landing Zones | ||
| Operations | (Operations) Budgets and threshold notifications for Landing Zones Budgets and threshold notifications for Landing Zones | ||
| Operations | (Operations) Security event notification for Landing Zones Security event notification for Landing Zones |
Connectivity
| Feature | ALZ Microsoft ALZ | FM Fellowmind | |
|---|---|---|---|
| SD-WAN | (SD-WAN) Connectivity architecture with Azure Virtual WAN or Standalone Resource Implementation (VPN Gateway, Azure Firewall, etc.) Connectivity architecture with Azure Virtual WAN or Standalone Resource Implementation (VPN Gateway, Azure Firewall, etc.) | ||
| SD-WAN | (SD-WAN) Full mesh global hybrid connectivity using SD-WAN Full mesh global hybrid connectivity using SD-WAN | ||
| Network Hub | (Network Hub) Standalone Network Resource implementation (Hubs without vWAN) Standalone Network Resource implementation (Hubs without vWAN) | ||
| Firewall | (Firewall) Regional Azure Firewalls to add security between Landing zone networks and to and from the public internet Regional Azure Firewalls to add security between Landing zone networks and to and from the public internet | ||
| Local Connectivity | (Local Connectivity) to privately linked Azure PaaS Resources in Corp Landing Zones using Azure Private Link and Private Endpoints to privately linked Azure PaaS Resources in Corp Landing Zones using Azure Private Link and Private Endpoints | ||
| Front Door | (Front Door) A Central Front Door with WAF to provide a globally distributed single-entry point for web applications hosted in landing zones A Central Front Door with WAF to provide a globally distributed single-entry point for web applications hosted in landing zones | ||
| Application Gateway | (Application Gateway) A central Application Gateway with WAF to provide regionally distributed entry points for web applications hosted in landing zones A central Application Gateway with WAF to provide regionally distributed entry points for web applications hosted in landing zones | ||
| DNS | (DNS) Centralized DNS management for Landing Zones Centralized DNS management for Landing Zones | ||
| DNS | (DNS) Private DNS Resolver for Landing Zones Private DNS Resolver for Landing Zones |
Identity
| Feature | ALZ Microsoft ALZ | FM Fellowmind | |
|---|---|---|---|
| Identity | (Identity) Domain controllers hosted in Virtual Machines, and their associated resources Domain controllers hosted in Virtual Machines, and their associated resources | ||
| Governance | (Governance) User Access Managed Identity for various Platform modules User Access Managed Identity for various Platform modules |
Documentation
Requires GSC as a minimum
| Feature | ALZ Microsoft ALZ | FM Fellowmind | |
|---|---|---|---|
| Documentation | (Documentation) Centralized and automated documentation site build on docusaurus Centralized and automated documentation site build on docusaurus | ||
| Documentation | (Documentation) Autogenerated documentation updated hourly Autogenerated documentation updated hourly | ||
| Product lifecycle | (Product lifecycle) Product roadmap documentation Product roadmap documentation | ||
| Product lifecycle | (Product lifecycle) Product release notes documentation Product release notes documentation |
Azure DevOps
Requires GSC & Management as a minimum
| Feature | ALZ Microsoft ALZ | FM Fellowmind | |
|---|---|---|---|
| DevOps Projects | (DevOps Projects) Create an Azure DevOps Project for each Landing Zone Create an Azure DevOps Project for each Landing Zone | ||
| DevOps Projects | (DevOps Projects) Entra Id Groups for license and access management to Azure DevOps projects Entra Id Groups for license and access management to Azure DevOps projects | ||
| DevOps Projects | (DevOps Projects) Configure Azure Resource Manager Service Connections with access to Landing Zone Subscriptions Configure Azure Resource Manager Service Connections with access to Landing Zone Subscriptions | ||
| DevOps Projects | (DevOps Projects) Configure Azure DevOps project with policies and build validation for GitHub Flow branch strategy Configure Azure DevOps project with policies and build validation for GitHub Flow branch strategy | ||
| DevOps Projects | (DevOps Projects) Provision Landing Zones with an IaC repository and multi-stage pipeline baseline Provision Landing Zones with an IaC repository and multi-stage pipeline baseline | ||
| DevOps Projects | (DevOps Projects) Daily backup of Azure DevOps Repositories with full git history Daily backup of Azure DevOps Repositories with full git history | ||
| Service Connection | (Service Connection) Federated identities using Open Id Connect in a Managed DevOps Projects Federated identities using Open Id Connect in a Managed DevOps Projects |
Azure DevOps Self-Hosted Pipeline Agents
Requires GSC, Identity, and Management as a minimum
| Feature | ALZ Microsoft ALZ | FM Fellowmind | |
|---|---|---|---|
| DevOps | (DevOps) Self-managed build agent pools for Azure DevOps running on Azure VMs or Containers Self-managed build agent pools for Azure DevOps running on Azure VMs or Containers |
Book a demo
Book a demo to get a closer look at the Managed Platform Services and how we can help your organization. Our team of experts will guide you through the features and benefits, ensuring you get the most out of our services. Whether you're looking to improve efficiency, enhance security, or scale your operations, our demo will provide you with the insights you need to make an informed decision.
Book a Demo