AI-powered review of your Azure, AWS or GCP environment against Cloud Adoption Framework, Well-Architected Framework and Control Tower. Get a scored report with architecture recommendations.
Every landing zone assessment covers these critical architecture domains.
Management group hierarchy, account vending, subscription design, resource organisation and naming conventions.
Hub-spoke topology, VNet/VPC peering, ExpressRoute/Direct Connect, firewall placement, DNS and connectivity design.
Entra ID / IAM / Cloud Identity configuration, conditional access, PIM, MFA coverage and RBAC design.
Azure Policy / SCPs / Org Policies, Defender/Security Hub/SCC, CSPM posture and compliance framework alignment.
Log Analytics / CloudWatch / Cloud Logging, alerting, tagging strategy, cost management and BCDR posture.
Microsoft Fabric readiness, AI service governance, data platform architecture and responsible AI controls.
Overall landing zone maturity score (0-100) across all domains with P1/P2/P3 prioritised recommendations.
Assessment mapped to official cloud provider frameworks.
Cloud Adoption Framework (CAF), Well-Architected Framework (WAF), Azure Policy, Microsoft Entra ID, Defender for Cloud, Microsoft Fabric AI Landing Zone.
Landing Zone Accelerator, AWS Well-Architected Framework, AWS Organizations, Service Control Policies (SCPs), AWS Config, Security Hub, Transit Gateway.
Google Cloud CAF, Resource Hierarchy, VPC Service Controls, Cloud Identity, Shared VPC, Security Command Center, Landing Zone Blueprint.
Your assessment produces a score across 7 domains โ here's what a typical result looks like.
A comprehensive report covering your full landing zone architecture.
Overall + per-domain scores (0-100) with maturity label and color coding
Current state vs target state across all 7 domains with specific gaps identified
Prioritised recommendations with effort, impact and CAF/WAF framework reference
Proposed target landing zone architecture diagram (hub-spoke, management groups, security)
Foundation โ Security & Governance โ Optimisation with timeline and deliverables
Microsoft Fabric / SageMaker / Vertex AI landing zone readiness and governance gaps
This tool is currently in early access. Submit a request and our team will review within 24 hours.
Tell us about your environment and we'll get you access within 24 hours.
A cloud landing zone is a pre-configured, secure and scalable cloud environment that serves as the foundation for all workloads. It includes subscription/account structure, identity management, network topology (hub-spoke), security controls, governance policies and monitoring. Azure calls this Azure Landing Zone (ALZ), AWS calls it Landing Zone Accelerator via Control Tower, and GCP calls it Cloud Foundation.
You answer 15 questions about your current environment and optionally upload architecture diagrams, billing exports or network topology documents. The more context you provide, the more detailed the assessment. No sensitive credentials or access required.
AWS Trusted Advisor, Azure Advisor and GCP Recommender focus on their own cloud. TCOIQ's assessment is cloud-agnostic, covers all 3 major clouds, and assesses holistically across identity, network, security, governance, operations and AI readiness โ not just cost or specific service recommendations.
If you have more than 2-3 cloud accounts/subscriptions, multiple teams, compliance requirements, or production workloads โ yes. Without a landing zone, organisations typically face security gaps, inconsistent governance, network complexity and difficulty scaling.
Yes. For Azure, we assess Microsoft Fabric readiness, Copilot/Azure OpenAI governance and AI landing zone design. For AWS, we assess SageMaker domains and AI service governance. For GCP, we assess Vertex AI and data platform architecture.