[sv_hero_badge]

Cloud engineering
notes from production.

Real-world Azure infrastructure patterns. Documented after deployment, not before. Focus on automation, security, and the things that actually break at scale.

[sv_read_latest_btn]

Browse archive

Microsoft Azure

Terraform

PowerShell

IaC

Security

The Archive

Latest writing

View all articles →

Azure, Security
Apr 25, 2026
Least Privilege Studio: An Azure RBAC Tool
If you’ve ever set up a service principal in Azure and thought “I’ll just use Contributor for now” — this is for you. It’s not carelessness, it’s that…
Read article →: Least Privilege Studio: An Azure RBAC Tool

[sv_category_filter]

Entra ID, Security, Terraform
Apr 4
Hardening Entra ID with Terraform
A practical implementation guide covering identity baseline, privileged access, conditional access, and monitoring – fully managed as infrastructure as code. Entra ID is the…
entraid, security, terraform
→: Hardening Entra ID with Terraform
Azure, Knowledge
Apr 3
Azure Cloud Adoption: Landing Zones, WAF, and the Big Picture
This post is different from my usual project or solution based posts — no code, no architecture diagrams. Just the mental model I wish…
azure, knowledge
→: Azure Cloud Adoption: Landing Zones, WAF, and the Big Picture
Security, Terraform
Feb 23
Private Azure Monitoring at Scale — Terraform, Zero Public Traffic
Modern enterprise cloud architectures demand more than just functional monitoring — they demand secure monitoring. By default, the Azure Monitor Agent ships logs and…
security, terraform
→: Private Azure Monitoring at Scale — Terraform, Zero Public Traffic
Automation, PowerShell
Dec 19
Automated Azure VM Power Management with a Tag-Driven Runbook
In a previous post, I introduced a lightweight, tag-driven VM power management solution in Azure that combined an Automation Runbook with a custom PowerShell…
automation, powershell
→: Automated Azure VM Power Management with a Tag-Driven Runbook
Entra ID, Knowledge
Dec 8
Entra ID Login with Azure Bastion (Public Preview)
Managing credentials for virtual machines has always been a balancing act between security, usability, and operational overhead. With the new native Microsoft Entra ID…
entraid, knowledge
→: Entra ID Login with Azure Bastion (Public Preview)
Automation, Compliance, Terraform
Dec 4
Deploying Agents to Azure VMs Using Azure Policy and VM Applications
The Problem: Organizations need to deploy agents, monitoring tools or security agents across all Azure VMs consistently. Traditional approaches often fall short: The Solution:…
automation, compliance, terraform
→: Deploying Agents to Azure VMs Using Azure Policy and VM Applications

Built with

The stack I write about

Microsoft Azure

// 6+ years

Terraform

// HCL, IaC, modules

PowerShell

// Automation, scripts

Security & IAM

// Entra ID, policies

About

Cloud engineer based in Zürich, Switzerland.

I work on enterprise-scale Azure infrastructure with a focus on automation, security, and Infrastructure as Code. Most of what I write here comes from problems I had to solve at work — where the documentation ran out and I had to figure things out the hard way.

If something here saved you a few hours, that’s the whole point.

Cloud engineeringnotes from production.

Latest writing

Least Privilege Studio: An Azure RBAC Tool

Hardening Entra ID with Terraform

Azure Cloud Adoption: Landing Zones, WAF, and the Big Picture

Private Azure Monitoring at Scale — Terraform, Zero Public Traffic

Automated Azure VM Power Management with a Tag-Driven Runbook

Entra ID Login with Azure Bastion (Public Preview)

Deploying Agents to Azure VMs Using Azure Policy and VM Applications

The stack I write about

Microsoft Azure

Terraform

PowerShell

Security & IAM

Cloud engineer based in Zürich, Switzerland.

Cloud engineering
notes from production.