[sv_hero_badge]
Cloud engineering
notes from production.
Real-world Azure infrastructure patterns. Documented after deployment, not before. Focus on automation, security, and the things that actually break at scale.
Microsoft Azure
Terraform
PowerShell
IaC
Security
The Archive
Latest writing
Least Privilege Studio: An Azure RBAC Tool
Read article →: Least Privilege Studio: An Azure RBAC ToolIf you’ve ever set up a service principal in Azure and thought “I’ll just use Contributor for now” — this is for you. It’s not carelessness, it’s that…
[sv_category_filter]
Hardening Entra ID with Terraform
A practical implementation guide covering identity baseline, privileged access, conditional access, and monitoring – fully managed as infrastructure as code. Entra ID is the…
Azure Cloud Adoption: Landing Zones, WAF, and the Big Picture
This post is different from my usual project or solution based posts — no code, no architecture diagrams. Just the mental model I wish…
Private Azure Monitoring at Scale — Terraform, Zero Public Traffic
Modern enterprise cloud architectures demand more than just functional monitoring — they demand secure monitoring. By default, the Azure Monitor Agent ships logs and…
Automated Azure VM Power Management with a Tag-Driven Runbook
In a previous post, I introduced a lightweight, tag-driven VM power management solution in Azure that combined an Automation Runbook with a custom PowerShell…
Entra ID Login with Azure Bastion (Public Preview)
Managing credentials for virtual machines has always been a balancing act between security, usability, and operational overhead. With the new native Microsoft Entra ID…
Deploying Agents to Azure VMs Using Azure Policy and VM Applications
The Problem: Organizations need to deploy agents, monitoring tools or security agents across all Azure VMs consistently. Traditional approaches often fall short: The Solution:…
Built with
The stack I write about
Microsoft Azure
// 6+ years
Terraform
// HCL, IaC, modules
PowerShell
// Automation, scripts
Security & IAM
// Entra ID, policies
About
Cloud engineer based in Zürich, Switzerland.
I work on enterprise-scale Azure infrastructure with a focus on automation, security, and Infrastructure as Code. Most of what I write here comes from problems I had to solve at work — where the documentation ran out and I had to figure things out the hard way.
If something here saved you a few hours, that’s the whole point.
Years on Azure
6+
Articles published
24
Primary stack
Azure · Terraform
Location
Zürich, CH
Status
● Open to chat
