Is Microsoft CAF still useful in 2025?

According to Microsoft documentation, the Microsoft Cloud Adoption Framework (CAF) is a 'comprehensive guide designed to help organisations successfully adopt cloud technologies'. CAF is organised into the following methodologies that cover each phase of the Azure adoption:

1. Strategy: Define business justification and expected outcomes
2. Plan: Assess the current digital estate, prioritise workloads, and create a migration plan
3. Ready: Prepare the cloud environment (landing zone) with governance, security, and operational baselines
4. Adopt: Execute the migration, modernisation, or innovation of workload
5. Govern: Establish and evolve governance to manage risks and ensure compliance
6. Secure: Identity, data protection, threat protection, security posture
7. Manage: Monitor, operate, and optimise the cloud environment

As we all like an analogy (most people I know in IT do), you could say it’s like a SatNav in your car. It doesn’t drive it, but it attempts to navigate you in the right direction. However sometimes it might not factor in that B road, when you’re driving a lorry.

Why bother following it?

CAF is a guide, but by aligning your cloud strategy with it, you can address common challenges like a lack of business clarity, mismanaged resources, and inefficient operations. Some of the key ways CAF helps organisations build a solid foundation for their Azure environment include:

• Unclear business outcomes: CAF’s strategy templates help you define the business justification and success metrics.
• Ad hoc landing zones: CAF provides reference Azure designs and Terraform/Bicep accelerators to stand up an Azure platform quickly.
• Governance sprawl: Includes Azure policy, blueprints, defender for cloud to enforce tagging and compliance.
• Prevent security as an afterthought: The secure discipline embeds zero trust, identity, network, data and platform hardening throughout all phases.
• Operational drift and runaway spend: Manage phase shows how to use FinOps dashboards, Azure Monitor, Cost Management and Advisor.

CAF doesn’t guarantee success, but it helps reduce rework by aligning technical decisions with strategic goals early in the process, preventing common pitfalls and errors later in the journey.

When might CAF not be completely the right fit?

CAF is a framework, it's not something you need to follow to the letter. Sometimes the project you’re working on just doesn’t require every methodology and only certain ones need consideration. Some scenarios where this might be the case I’ve listed below:

• Proof of concepts: CAF does support proof of concepts through sandbox landing zones, dev/test policies etc. However, for small proof of concepts, you might not need to cover all seven methodologies. In these cases, use CAF selectively.
• Multi‑cloud focus on AWS/GCP: Microsoft CAF artifacts are specific to Azure. Vendor neutral frameworks (CNCF Cloud Maturity Model) or AWS Well‑Architected may be a better fit.
• Highly regulated sector with prescriptive controls (e.g. PCI DSS): Sector standards may already dictate how you handle identity, encryption, logging, segmentation and data residency. In these cases, CAF complements, not replaces sector standards. It can be used to structure your Azure implementation around what's already required then map CAF artefacts like policy sets, governance baselines and the Secure methodology as a supporting layer.
• SaaS only adoption (Microsoft 365, Dynamics 365): If you consume only SaaS, Azure landing zone guidance can feel like overkill.
• Enterprise with mature internal framework: Many large organisations have their own cloud policy library, SDLC and operating models. Use CAF to gap assess areas that are missing.

If your team can show who owns security, operations and cost and you can show that in code and policy, CAF may validate what’s already there rather than adding any additional value.

CAF is constantly evolving

CAF is not a static process; it’s constantly evolving with the changes in Azure.  Here are some of the recent updates that have been added:

• Well-architected considerations for AI workloads on Azure infrastructure (IaaS): Explore the importance of well-architected AI solutions and how to apply the Azure Well-Architected Framework to your AI workloads. 
• Authorisation for cloud-scale analytics in Azure: Find guidance on managing data access and role-based access control (RBAC) for cloud-scale analytics.
• Capacity planning for Oracle Database@Azure using Exadata Database Service: Learn how to plan for capacity when migrating Oracle Database to Azure using Exadata Database Service.
• Network topology and connectivity for Oracle Database@Azure - BCDR connectivity design: Explore comprehensive guidance on designing network connectivity for high availability and disaster recovery of Oracle Exadata Database@Azure deployments.

Getting started with CAF

I would suggest you start by referring to the CAF overview page to explore new updates or changes since you last reviewed it. Additionally, running the Azure CAF Assessment is an excellent way to benchmark your current maturity, providing a clear understanding of areas for improvement within your cloud adoption strategy.

Common pitfalls to avoid

Having followed the CAF framework before, these are some of things that we should be avoiding:

• 'Boiling the ocean': Trying to complete every area before the first workload is migrated. Instead, start small and repeat.
• Strictly following CAF: It’s a guide. Fit it to your industry and risk.
• Skipping the Manage phase: I’ve seen projects migrate, secure and govern but forget post migration operations, leading to alerts and cost surprises.

Final Thoughts

CAF is certainly still relevant in 2025, as it continues to evolve with Azure to address new changes and services. CAF links cloud adoption to business value by making sure each step in your cloud adoption corresponds to an outcome, which gives stakeholders confidence and helps delivery teams focus on delivering measurable results. It’s not however one size fits all. CAF should be adapted to the context and business requirements. Use what’s helpful and skim over what’s not, it’s just a framework, not a requirement.

Whether you’re looking for guidance on getting started or want to expand your cloud maturity, we can provide insights and strategies to maximise value. Get in touch with us today to discuss how CAF can support your cloud adoption journey and drive success in 2025 and beyond.