Capabilities — Netcloud MCF

Capability Matrix

What You Get with MCF

Every capability maps to concrete, versioned Terraform modules — maintained by Netcloud. See what's included, what's available as an add-on, and what's on the roadmap.

Phase I

Phase II

Phase III

Included

Add-on

Roadmap

Purpose-built Terraform modules

68+

Releases shipped

~15

Phase I capabilities

Phase II capabilities

Phase III capabilities

100%

Infrastructure as Code

Infrastructure

18 modules · 37 releases

Automation & Infrastructure as Code (IaC)

Phase I Included

Every infrastructure change is versioned, tested, and deployed through CI/CD pipelines.

core-tenant v1.0.5 github-builder v1.1.1 devops-builder pre-release module-template v1.1.0

12 releases shipped

Network & Connectivity Services

Phase I Included

Hub-spoke topology, DNS, and SD-WAN integration deployed and maintained as code.

vnet-hub v1.1.0 vnet-spoke v1.1.1 avnm v1.1.0 dns-hub v1.0.4 dns-spoke v1.1.0 meraki v1.0.0

17 releases shipped

Workload Isolation

Phase I Included

Each workload gets its own subscription and network segment with enforced boundaries.

vnet-spoke v1.1.1 subscription-baseline v1.0.0

4 releases shipped

Workload Orchestration

Phase II Add-on

Production-ready Kubernetes clusters with integrated networking and security policies.

aks-cluster v1.0.1

2 releases shipped

Security Incident Response

Phase II Included

Centralized firewall with policy-driven traffic control and logging.

azure-firewall v1.0.0 azure-firewall-policy pre-release azure-firewall-rule-collection-group pre-release paloalto-bootstrap v1.0.0 paloalto-hub pre-release

2 releases shipped

Vulnerability & Threat Management

Phase II Roadmap

Planned: advanced threat detection and vulnerability scanning.

Coming soon

Governance & Compliance

7 modules · 27 releases

Compliance Monitoring (CIS / Cloud Best Practices)

Phase I Included

200+ policies covering CIS, ISO 27001, and DSGVO — continuously updated.

policy v2.0.6

8 releases shipped

Least Privilege Monitoring

Phase I Included

Just-in-time, just-enough access with Privileged Identity Management.

pim v1.0.0

1 release shipped

Service Onboarding

Phase I Included

New subscriptions provisioned with full governance baseline in minutes.

subscription-baseline v1.0.0

1 release shipped

Account Activity Logging

Phase I Included

All activity logged to Log Analytics — full audit trail from day one.

diagnostic-settings v1.0.0 log-analytics-config pre-release

1 release shipped

Workload-specific Region & Service Availability

Phase I Included

Policies restrict deployments to approved regions and services only.

policy v2.0.6

8 releases shipped

Tagging Policy & Enforcement

Phase II Included

Required tags enforced — cost allocation and ownership always tracked.

policy v2.0.6

8 releases shipped

Security Assessments & Audits

Phase II Roadmap

Planned: automated security assessment reports and audit support.

Coming soon

Security

4 modules · 16 releases

Identity Management, Access Control & Monitoring

Phase I Included

Entra ID, custom RBAC roles, PIM, and conditional access — fully automated.

pim v1.0.0 core-tenant v1.0.5

7 releases shipped

Security Reporting & Optimization Recommendations

Phase I Included

Defender Secure Score tracked continuously with actionable recommendations.

policy v2.0.6 diagnostic-settings v1.0.0

9 releases shipped

Encryption & Data Leak Monitoring

Phase I Roadmap

Planned: automated encryption enforcement and DLP monitoring.

Coming soon

Finance

2 modules · 2 releases

Cost & Usage Reports

Phase I Included

Budget alerts on every subscription — no surprise bills.

budget-alert v1.0.0

1 release shipped

Workload-specific Budget Alerts

Phase II Included

Per-workload budget thresholds with automated notifications.

budget-alert v1.0.0

1 release shipped

Business Continuity

0 modules · 0 releases

Backup Management

Phase I Roadmap

Planned: automated backup policies and recovery testing.

Coming soon

Patch Management

Phase I Roadmap

Planned: automated OS and application patching.

Coming soon

Container Registry

Phase I Roadmap

Planned: managed container registry with vulnerability scanning.

Coming soon

Self-Service Products

Phase III Roadmap

Planned: self-service tools for your teams — built on your secure foundation.

Coming soon

Simplified Developer Experience & Tools

Phase III Roadmap

Planned: developer-friendly tools that abstract infrastructure complexity.

Coming soon

Organizational Readiness

4 modules · 11 releases

Cloud Readiness & Migration Assessments

Phase II Included

Expert-led assessment of your cloud readiness and migration strategy.

Consulting — not a module

Naming Conventions

Phase III Included

Consistent, automated resource naming across your entire Azure estate.

naming v1.0.5

5 releases shipped

IaC & Automation Enablement

Phase III Included

Your teams get pre-built module templates and CI/CD pipelines to build on the foundation.

github-builder v1.1.1 devops-builder pre-release module-template v1.1.0

6 releases shipped

Monitoring

1 modules · 1 releases

Service Health Monitoring

Phase I Included

Azure service health alerts configured and routed to your operations team.

service-health v1.0.0

1 release shipped

Roadmap

What's Coming Next

Current release: MCF 26.02 — these capabilities are planned for upcoming releases.

MCF 26.03

Backup Management

Phase I

Business Continuity

Planned: automated backup policies and recovery testing.

Patch Management

Phase I

Business Continuity

Planned: automated OS and application patching.

MCF 26.04

Vulnerability & Threat Management

Phase II

Infrastructure

Planned: advanced threat detection and vulnerability scanning.

Encryption & Data Leak Monitoring

Phase I

Security

Planned: automated encryption enforcement and DLP monitoring.

Container Registry

Phase I

Business Continuity

Planned: managed container registry with vulnerability scanning.

MCF 27.01

Security Assessments & Audits

Phase II

Governance & Compliance

Planned: automated security assessment reports and audit support.

Self-Service Products

Phase III

Business Continuity

Planned: self-service tools for your teams — built on your secure foundation.

MCF 27.02

Simplified Developer Experience & Tools

Phase III

Business Continuity

Planned: developer-friendly tools that abstract infrastructure complexity.