Cloud engineering
notes from production.
Real-world Azure infrastructure patterns. Documented after deployment, not before. Focus on automation, security, and the things that actually break at scale.
Azure
Terraform
PowerShell
Security
Automation
The Archive
Latest writing
App Lifecycle Analysis for Entra ID
Read article →: App Lifecycle Analysis for Entra IDEvery large Entra tenant has the same problem: hundreds of app registrations, most of them forgotten. Here’s a tool to find them and act on what you find. How this started Every…
Find the Azure Updates That Affect You, With Claude
A Claude Code skill that stops you reading retirement notices for services you don’t use. How this started Azure publishes a lot of updates.…
Automate Azure Golden Image Builds
One Bicep deploy. Monthly builds. No manual sysprep. How this started Back when I was still heavily working in the Azure Virtual Desktop space,…
The Privileged Role Exposures Defender Misses
A look at Tier Zero exposure paths that don’t show up in the obvious places — and a tool to find them. How this started…
Least Privilege Studio: An Azure RBAC Tool
If you’ve ever set up a service principal in Azure and thought “I’ll just use Contributor for now” — this is for you. It’s…
Hardening Entra ID with Terraform
A practical implementation guide covering identity baseline, privileged access, conditional access, and monitoring – fully managed as infrastructure as code. Entra ID is the…
Azure Cloud Adoption: Landing Zones, WAF, and the Big Picture
This post is different from my usual project or solution based posts — no code, no architecture diagrams. Just the mental model I wish…
Built with
The stack I write about
Microsoft Azure
// Cloud platform
Terraform
// HCL & modules
Bicep
// Native Azure IaC
PowerShell
// Scripts & tooling
Identity
// Entra ID & RBAC
Security
// Hardening & policy
Automation
// CI/CD & runbooks
Networking
// VNets & firewalls
Things I build
Tools & projects
Free tools I run for the Azure community, plus smaller automations and scripts I’ve open-sourced along the way.
Least Privilege Studio
Find exactly the Azure RBAC permissions you need — nothing more. Browse, search, and combine roles based on real Azure data.
TenantThrift
Find the money Azure is quietly wasting. Deploys to your own environment — no sign-up, no secrets shared. Includes an admin portal and PDF reports.
About
Cloud engineer based in Zürich, Switzerland.
I work on enterprise-scale Azure infrastructure with a focus on automation, security, and Infrastructure as Code. Most of what I write here comes from problems I had to solve at work — where the documentation ran out and I had to figure things out the hard way.
If something here saved you a few hours, that’s the whole point.
Years on Azure
6+
Articles published
24
Primary stack
Azure · Terraform
Location
Zürich, CH
Status
● Open to chat