This chapter covers the Microsoft Cloud Adoption Framework for Azure (CAF), a strategic guidance framework for cloud adoption. For the AZ-305 exam, understanding CAF is essential for designing governance, migration, and innovation strategies. Approximately 10-15% of exam questions touch on CAF concepts, often in scenario-based questions requiring you to recommend the correct phase or tool. Mastering CAF will help you architect solutions that align with business goals and operational best practices.
Jump to a section
Imagine you own a house (your on-premises data center) and decide to renovate it into a modern smart home (Azure). The Cloud Adoption Framework (CAF) is not the renovation itself—it's the architect's blueprint and project management methodology. First, you define your strategy: why renovate? To save energy? Increase security? Add value? This is the 'Define Strategy' phase. Next, you plan: which rooms to renovate? What permits are needed? What budget? This is the 'Plan' phase. Then you prepare the house: clear out furniture, set up scaffolding, install temporary power—this is the 'Ready' phase. After that, you migrate or adopt: move furniture from old rooms to new ones, install new smart devices, connect wiring—this is the 'Adopt' phase. Finally, you govern and manage: set rules for who can control the thermostat, monitor energy usage, schedule automatic updates—this is the 'Govern' and 'Manage' phases. Each phase has specific checklists, milestones, and decision points. Without CAF, you might start renovating without a plan, leading to budget overruns, security gaps, or incompatible systems. CAF provides the structured approach that ensures a smooth, secure, and cost-effective transformation.
What is the Microsoft Cloud Adoption Framework for Azure?
The Microsoft Cloud Adoption Framework for Azure (CAF) is a collection of documentation, implementation guides, best practices, and tools that are proven guidance from Microsoft designed to accelerate your cloud adoption journey. It is not a product or service but a methodology that aligns people, processes, and technology to achieve business outcomes. CAF is organized into phases and disciplines that provide a structured approach to cloud adoption.
Why CAF Exists
Cloud adoption is complex. Organizations often fail due to lack of strategy, governance, or skills. CAF addresses these challenges by providing a repeatable, consistent framework that reduces risk and accelerates time-to-value. It is based on real-world experiences from Microsoft and its customers.
The CAF Methodology: Phases and Disciplines
CAF consists of two main components: the Cloud Adoption Lifecycle (phases) and the Cloud Capabilities (disciplines). The lifecycle includes: - Define Strategy: Why are you adopting the cloud? What business outcomes do you expect? This phase involves documenting motivations, expected benefits, and key performance indicators. - Plan: Align your adoption plan with business priorities. This includes creating a cloud adoption plan, assessing readiness, and identifying skill gaps. - Ready: Prepare your environment for cloud adoption. This involves setting up the Azure landing zone—a subscription with pre-configured governance, networking, identity, and security controls. - Adopt: Migrate or innovate. Migration involves moving existing workloads to Azure, while innovation involves building new cloud-native solutions. - Govern: Establish guardrails to manage cloud resources effectively. This includes policies, cost management, security baselines, and compliance. - Manage: Operate cloud workloads with ongoing management, monitoring, and optimization.
Key Components and Defaults
CAF provides specific tools and templates: - Azure Landing Zones: Pre-defined subscription configurations with default settings for governance, networking, identity, and security. Two main types: Enterprise-Scale (for large organizations) and CAF Foundation (for smaller deployments). - Azure DevOps and GitHub: Recommended for implementing DevOps practices. - Azure Policy: Used to enforce governance rules. Default policies include allowed locations, allowed resource types, and tagging requirements. - Azure Blueprints: Packages of Azure resources that can be deployed together. (Note: Blueprints are being deprecated in favor of deployment stacks.) - Cost Management: Default budgets and alerts to monitor spending.
How CAF Works Internally
CAF is not a tool that runs; it is a set of guidance that you implement using Azure services. The mechanism is as follows: 1. Strategy Definition: Business stakeholders document motivations (e.g., cost savings, agility) and expected outcomes. 2. Plan Creation: Cloud architects create a plan using the Azure DevOps or GitHub project templates provided by CAF. The plan includes a backlog of work items for each workload. 3. Landing Zone Deployment: Using Azure DevOps or Terraform, you deploy a landing zone based on the Enterprise-Scale reference implementation. This creates a subscription with:
- Management group hierarchy (e.g., Root -> Platform -> Landing Zones) - Network topology (hub-spoke with Azure Firewall) - Identity (Azure AD tenant, role assignments) - Policy assignments (e.g., enforce tagging, restrict locations) 4. Adoption: Workloads are migrated or built using the landing zone. CAF provides migration tools like Azure Migrate and innovation tools like Azure App Service. 5. Governance: Ongoing governance is enforced via Azure Policy, Role-Based Access Control (RBAC), and Cost Management. 6. Management: Operations are handled using Azure Monitor, Azure Automation, and Azure Update Management.
Interaction with Related Technologies
CAF integrates with: - Azure AD: For identity and access management. - Azure Policy: For governance. - Azure Blueprints: For environment setup (deprecated). - Azure DevOps: For CI/CD and planning. - Azure Migrate: For discovery and migration. - Azure Cost Management: For financial governance.
Exam-Relevant Details
The CAF phases are: Define Strategy, Plan, Ready, Adopt, Govern, Manage.
The Ready phase is where you set up the Azure landing zone.
The Govern phase includes cost management, security baseline, identity baseline, resource consistency, and deployment acceleration.
The Manage phase includes operations management, security operations, and governance operations.
CAF is aligned with the Microsoft Well-Architected Framework but focuses on adoption rather than architecture.
Configuration Example: Deploying an Enterprise-Scale Landing Zone
To deploy an Enterprise-Scale landing zone, you can use the Azure portal or Azure DevOps: 1. Go to Azure portal -> Azure Policy -> Landing zones (preview). 2. Select 'Enterprise-Scale' and follow the wizard to define management group structure, connectivity, identity, and security. 3. Alternatively, use the Azure Landing Zones - Accelerator PowerShell module:
Install-Module -Name ALZ -Force
New-ALZEnvironment -SubscriptionId 'your-subscription-id' -Location 'eastus'This creates a management group hierarchy, assigns policies, and deploys networking resources.
Define Cloud Adoption Strategy
In this initial phase, business and technical stakeholders document the reasons for cloud adoption. Motivations may include cost savings, scalability, disaster recovery, or innovation. They define business outcomes, key performance indicators (KPIs), and a financial model (e.g., total cost of ownership comparison). The output is a strategy document that guides all subsequent phases. For the exam, remember that this phase is about 'why' not 'how'.
Plan Cloud Adoption
This phase creates a detailed adoption plan. Using the CAF plan template in Azure DevOps, you inventory existing workloads, assess dependencies, and prioritize migration. You also identify skill gaps and plan training. The plan includes a backlog of work items for each workload, with timelines and resource assignments. The exam tests that planning involves both technical and organizational readiness.
Prepare Azure Landing Zone
The Ready phase focuses on setting up the Azure environment—the landing zone. This includes creating a management group hierarchy, assigning Azure Policy initiatives (e.g., for tagging, allowed locations), configuring network topology (hub-spoke with Azure Firewall), and setting up identity and access management (Azure AD, RBAC). The landing zone is a subscription with pre-configured governance that ensures consistency and security.
Adopt Workloads via Migration or Innovation
Adoption involves moving existing workloads to Azure (migration) or building new cloud-native solutions (innovation). For migration, you use Azure Migrate for discovery, assessment, and replication. For innovation, you use Azure DevOps for CI/CD and Azure App Service for hosting. The exam expects you to know that migration uses the 'Rehost, Refactor, Rearchitect, Rebuild' strategy, while innovation focuses on rapid development.
Govern Cloud Resources
Governance establishes guardrails to manage resources. This includes cost management (budgets, alerts), security baselines (Azure Security Center), identity baselines (Azure AD, RBAC), resource consistency (Azure Policy, Azure Blueprints), and deployment acceleration (Azure DevOps). The exam tests that governance is an ongoing process, not a one-time setup.
Manage Cloud Operations
The Manage phase ensures ongoing operations. This includes monitoring (Azure Monitor), incident response (Azure Sentinel), patch management (Azure Update Management), backup and disaster recovery (Azure Backup, Azure Site Recovery), and optimization (Azure Advisor). The exam emphasizes that management is continuous and should be automated where possible.
Scenario 1: Large Enterprise Migration to Azure
A global retail company with 500+ on-premises servers wants to migrate to Azure to reduce data center costs. They use CAF to define strategy: cost savings and agility. In the Plan phase, they inventory workloads using Azure Migrate and prioritize based on business criticality. They deploy an Enterprise-Scale landing zone with a hub-spoke network, Azure Firewall, and Azure Policy to enforce tagging and restrict regions. They migrate workloads using Azure Migrate and Azure Site Recovery. Post-migration, they use Azure Cost Management to track spending and Azure Policy to ensure compliance. Common issues: initial cost overruns due to oversized VMs, resolved by using Azure Advisor rightsizing recommendations.
Scenario 2: Startup Innovating in the Cloud
A fintech startup builds a new application on Azure. They use CAF's innovation path. Strategy: speed to market. Plan: they use Azure DevOps with CAF templates to create a backlog. Ready: they deploy a smaller landing zone using CAF Foundation, with a single subscription and basic policies. Adopt: they use Azure App Service, Azure SQL Database, and Azure Functions, with CI/CD pipelines in Azure DevOps. Govern: they set budgets and use Azure Policy to enforce encryption. Manage: they use Azure Monitor and Application Insights for telemetry. Misconfiguration: lack of cost alerts leads to unexpected bills; they later implement budgets.
Scenario 3: Government Agency with Strict Compliance
A government agency must comply with FedRAMP. They use CAF's governance discipline. Strategy: compliance and security. Plan: they map compliance requirements to Azure Policy initiatives. Ready: they deploy a landing zone with Azure Blueprints that include policy assignments for encryption, logging, and network isolation. Adopt: they migrate only compliant workloads. Govern: they use Azure Policy to audit compliance and Azure Sentinel for security monitoring. Manage: they use Azure Automation for patching. Challenge: initial policy assignments were too restrictive, blocking necessary resources; they refined policies using exemptions.
What the AZ-305 Tests on CAF
Objective 1.2: Design identity governance solutions. CAF is tested under this objective because governance is a core discipline. Expect scenario-based questions where you must recommend the correct CAF phase or tool.
Common Wrong Answers
Choosing 'Azure Well-Architected Framework' over CAF: Candidates confuse the two. CAF is about adoption methodology; Well-Architected is about architectural design. The exam asks for adoption guidance, so CAF is correct.
Selecting 'Azure Blueprints' as the only governance tool: While Blueprints are part of CAF, they are being deprecated. The exam may test that Azure Policy and management groups are the primary governance tools.
Assuming the 'Plan' phase includes deployment: The Plan phase is about planning, not deploying. Deployment happens in the Ready phase (landing zone) and Adopt phase (workloads).
Mixing up phases: For example, thinking 'Govern' happens before 'Ready'. The correct order is Strategy, Plan, Ready, Adopt, Govern, Manage.
Specific Numbers and Terms
Six phases: Define Strategy, Plan, Ready, Adopt, Govern, Manage.
Five disciplines of governance: Cost Management, Security Baseline, Identity Baseline, Resource Consistency, Deployment Acceleration.
Two types of landing zones: Enterprise-Scale (large orgs) and CAF Foundation (small/medium).
Key tools: Azure DevOps, Azure Policy, Azure Blueprints (deprecated), Azure Migrate.
Edge Cases
CAF is not a product; you cannot 'install' CAF. It is guidance.
The 'Ready' phase specifically refers to the landing zone setup, not general preparation.
CAF can be used for both migration and innovation, but the focus differs.
Eliminating Wrong Answers
If the scenario asks for 'adoption methodology', eliminate any answer that suggests a product or service.
If the scenario mentions 'governance', look for answers involving Azure Policy, management groups, or cost management.
If the scenario asks for the first step, it's always 'Define Strategy'.
CAF has six phases: Define Strategy, Plan, Ready, Adopt, Govern, Manage.
The Ready phase involves deploying an Azure landing zone.
Governance includes five disciplines: Cost Management, Security Baseline, Identity Baseline, Resource Consistency, Deployment Acceleration.
Two landing zone types: Enterprise-Scale and CAF Foundation.
CAF is guidance, not a product—you implement it using Azure services.
CAF is distinct from the Well-Architected Framework; CAF for adoption, WAF for architecture.
The exam tests scenario-based knowledge of phases and tools.
These come up on the exam all the time. Here's how to tell them apart.
Cloud Adoption Framework
Focuses on adoption lifecycle: strategy, plan, ready, adopt, govern, manage.
Provides guidance for migration and innovation.
Includes governance disciplines like cost management and security baseline.
Uses landing zones for environment setup.
Aligned with business outcomes and organizational change.
Well-Architected Framework
Focuses on architectural design: cost, performance, reliability, security, operational excellence.
Provides principles and trade-offs for building workloads.
Includes design review checklists and assessment tools.
Does not prescribe landing zones or adoption phases.
Aligned with technical excellence and workload optimization.
Mistake
CAF is a product you can deploy.
Correct
CAF is a set of guidance, best practices, and tools. You cannot 'deploy CAF'; you implement its recommendations using Azure services.
Mistake
The Plan phase includes deploying the landing zone.
Correct
The Plan phase is about creating a plan. Deployment of the landing zone occurs in the Ready phase.
Mistake
CAF is only for large enterprises.
Correct
CAF has two landing zone variants: Enterprise-Scale for large organizations and CAF Foundation for smaller ones.
Mistake
Governance is a one-time setup.
Correct
Governance is an ongoing process that includes monitoring, policy enforcement, and optimization.
Mistake
CAF and Well-Architected Framework are the same.
Correct
CAF focuses on cloud adoption lifecycle, while Well-Architected focuses on architectural design principles.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
The first phase is 'Define Strategy'. This is where you document business motivations, outcomes, and KPIs. The exam often asks for the correct order of phases, so remember: Strategy first, then Plan, Ready, Adopt, Govern, Manage.
An Azure landing zone is a subscription or set of subscriptions pre-configured with governance, networking, identity, and security controls. It is deployed during the Ready phase. There are two types: Enterprise-Scale for large organizations and CAF Foundation for smaller ones.
CAF is a methodology for cloud adoption—it covers the entire lifecycle from strategy to management. The Well-Architected Framework is a set of design principles for building workloads. They complement each other: CAF guides adoption, WAF guides architecture.
The five disciplines are: Cost Management, Security Baseline, Identity Baseline, Resource Consistency, and Deployment Acceleration. The exam may ask you to identify which discipline addresses a specific concern, like cost tracking.
Yes, CAF supports both migration and innovation. For innovation, the Adopt phase focuses on building new cloud-native solutions using DevOps and PaaS services. The governance and management phases still apply.
Azure DevOps is the recommended tool for planning. CAF provides a template that creates a backlog of work items for each workload. The exam may test that planning is done in Azure DevOps, not in the Azure portal.
Yes, Azure Blueprints were used in CAF to deploy landing zones, but they are being deprecated in favor of deployment stacks and other tools. The exam may still reference Blueprints, but know that Azure Policy and management groups are the primary governance tools.
You've just covered Microsoft Cloud Adoption Framework for Azure — now see how well it sticks with free AZ-305 practice questions. Full explanations included, no account needed.
Done with this chapter?