United States | Achieve Operational Excellence: Microsoft Azure Well-Architected Framework

Jonathan Hazelden - 14.08.202320230814

Achieve Operational Excellence: Microsoft Azure Well-Architected Framework

United States | Achieve Operational Excellence: Microsoft Azure Well-Architected Framework


Welcome back to the Azure Well-Architected Framework blog series for part 3. The goal of this series is to provide an overview of useful insights and practical steps you can take to implement the five pillars of the Well-Architected Framework and improve your cloud environment.  

In our first blog we introduced the first of five pillars of the best practices for Azure cloud workloads.

Here’s a recap of the five pillars:  

  • Cost Optimization – Managing costs to increase the value produced   
  • Operational Excellence – Processes which keep a system operating in production   
  • Performance Efficiency – The system’s ability to adapt to changes in load   
  • Reliability – The system’s ability to recover from failures and continue to operate   
  • Security – Protecting applications and data from any threats

In part 3 we take a deep dive into the second pillar: Operational Excellence.


Operational Excellence assures an application is functioning as anticipated. To ensure deployments are reliable and predictable, it’s better to rely on Infrastructure as Code (IaC) versus a more variable and manual process. Any deployments, feature updates and bug fixes should be quick and systematic. To maintain operational excellence an application must allow functionality to automatically roll back to its previous state in the event of an error caused by an update.  

You’ll have limited control over cloud applications run on infrastructure, particularly as applications mature in the cloud space. Platform as a Service (PaaS) offerings do not utilise virtual machines (VM) where you can log in to troubleshoot issues. Rather, monitoring and diagnostics metrics provide these critical insights, alert you to failures when and where they occur and help you keep applications running as expected.


These key concepts can help you achieve and maintain operational excellence (you can use the links below to dive deeper into these areas or read on to learn more about what operational excellence looks like in action):  

  • Design, build and orchestrate workloads with DevOps in mind as this model is faster to deploy, less prone to human errors and easier to maintain.  
  • Leverage monitoring and alerting capabilities native to the cloud.  
  • Code Deployment is essential to your application’s stability and it enables a repeatable and predictable process which will help you avoid errors, have downtime and produce consistent results.  
  • Deploy the platform with automation templates such as Azure Resource Management (ARM) templates and combine those into Azure Blueprints. These can include Azure Policy, RBAC, Resource Groups and most azure resources, for example, Virtual Networks, Virtual Machines and Storage Accounts.  
  • Leverage tools such as automation to allow for testing before and during your deployments. It’s recommended to automate processes for deployment which you can run on demand and rerun if something fails.


The principles of DevOps allow organizations to provision their environments using Infrastructure as Code (IaC), build and release their applications using Continuous Integration/Continuous Deployment (CI/CD) pipelines and automate their testing processes. This allows them to adopt a more disciplined approach to software development across their entire environment. 

The DevOps approach ensures the consistent and repeatable creation and management of the environment while using CI/CD pipelines enables early detection of issues.


In addition to extending the organization’s systems into Azure you need to update the monitoring processes to include monitoring during the build-and-release process. Once this is deployed you need to monitor the infrastructure and application health. Monitoring is the best way to verify if the application is meeting the goals and Service Level Agreements set by the business.  

When your applications are in the cloud, operational improvements are just an API call away. This can even include implementation and testing of Disaster Recovery (DR) for your workloads. Rather than having hypothetical conversations about achieving a DR failover (if needed), you can leverage your DevOps model together with native replication capabilities to deploy workloads in remote regions and run live DR drills on a regular basis. Having a robust and testable DR plan supports your operational excellence to include a steadfast business continuity strategy.  

An organization should continuously evaluate and refine operational procedures and processes while reducing complexity. This approach enables an organization to evolve processes over time, optimising inefficiencies and learning from failures and challenges.


Azure Blueprints are essentially what they sound like; a blueprint of the architecture you want to consistently deploy. They allow you to define a repeatable set of Azure resources which align exactly with your requirements, standards and policies.  

Blueprints allow you to use ARM templates and combine them with Role Assignments (RBAC), Policy Assignments (Azure Policy) and Resource Groups, which are all referred to as artifacts. Azure resources such as Virtual Networks, Virtual Machines and Storage accounts can be added as artifacts and are included in the ARM template. They are all combined into a package which is composed and versioned (including through CI/CD) which can be audited and tracked.   

You’ll define where the blueprint is saved when creating a blueprint definition (blueprints can be saved to a Management Group or Subscription). Management Groups provide a governance scope above Subscriptions and allow you to organize your Subscriptions and resources into a hierarchy. The governance conditions you apply are cascaded by inheritance to all associated Subscriptions. If the location is a Management Group for Blueprints, it is available to assign to any child Subscription of that Management Group.  

As the blueprints are assigned, published and versioned the assignments can be updated. For example, you can add a “Do Not Delete” Resource Lock to the blueprint. Once you publish and update it, the locks will be applied to the relevant resources in real-time since they are linked to the blueprint.  

Azure Blueprints can be created through the Azure portal, PowerShell and Azure CLI. You can build a brand new blank blueprint, build on top of an ARM template from an existing Virtual Machine or use one of the built-in sample blueprints, for example; Azure Security Benchmark Foundation blueprint sample.


Stay tuned for part 4 in the Microsoft Azure Well-Architected Framework blog series which discusses the third pillar; Performance Efficiency.  

In the meantime, check out our other Azure blog posts for more on Microsoft’s public cloud computing platform.  


United States | Achieve Operational Excellence: Microsoft Azure Well-Architected Framework

The form was submitted successfully.

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

If you’re waiting for a sign, this is it.

We’re a certified amazing place to work, with an incredible team and fascinating projects – and we’re ready for you to join us! Go through our simple application process. Once you’re done, we will be in touch shortly!

Who is Insentra?

Imagine a business which exists to help IT Partners & Vendors grow and thrive.

Insentra is a 100% channel business. This means we provide a range of Advisory, Professional and Managed IT services exclusively for and through our Partners.

Our #PartnerObsessed business model achieves powerful results for our Partners and their Clients with our crew’s deep expertise and specialised knowledge.

We love what we do and are driven by a relentless determination to deliver exceptional service excellence.

United States | Achieve Operational Excellence: Microsoft Azure Well-Architected Framework

Insentra ISO 27001:2013 Certification

SYDNEY, WEDNESDAY 20TH APRIL 2022 – We are proud to announce that Insentra has achieved the  ISO 27001 Certification.