# Next steps Now that your landing zone is set up, it's ready for use. To learn more about how you can use AWS Control Tower, see the following topics: + For recommended administrative practices, see [Best Practices](https://docs.aws.amazon.com//controltower/latest/userguide/best-practices.html). + You can set up IAM Identity Center users and groups with specific roles and permissions. For recommendations, see [Recommendations for setting up groups, roles, and policies](roles-recommendations.md). + To begin enrolling organizations and accounts from your AWS Organizations deployments, see [Govern existing organizations and accounts](https://docs.aws.amazon.com//controltower/latest/userguide/importing-existing.html). + Your end users can provision their own AWS accounts in your landing zone using Account Factory. For more information, see [Permissions for configuring and provisioning accounts](account-factory.md#configure-provision-new-account). + To assure [Compliance Validation for AWS Control Tower](compliance-validation.md), your central cloud administrators can review log archives in the Log Archive account, and designated third-party auditors can review audit information in the Audit (shared) account, which is a member of the Security OU. + To learn more about the capabilities of AWS Control Tower, see [Related information](https://docs.aws.amazon.com//controltower/latest/userguide/related-information.html). + From time to time, you may need to update your landing zone to get the latest backend updates, the latest controls, and to keep your landing zone up-to-date. For more information, see [Configuration update management in AWS Control Tower](configuration-updates.md). + If you encounter issues while using AWS Control Tower, see [Troubleshooting](troubleshooting.md). **Important** If you have not yet enabled MFA for your account's root user, do so now. For more information about best practices for the root user, see [Best practices to protect your account's root user](https://docs.aws.amazon.com//accounts/latest/reference/best-practices-root-user.html#bp-root-limit-tasks).