Author
Simon
Cloud Engineer based in Switzerland, specializing in Microsoft Azure, Terraform, and PowerShell. Working on enterprise-scale cloud infrastructure with a focus on automation, security, and Infrastructure as Code.
Articles
App Lifecycle Analysis for Entra ID
Every large Entra tenant has the same problem: hundreds of app registrations, most of them forgotten. Here’s a tool to find them and act…
Find the Azure Updates That Affect You, With Claude
A Claude Code skill that stops you reading retirement notices for services you don’t use. How this started Azure publishes a lot of updates.…
Automate Azure Golden Image Builds
One Bicep deploy. Monthly builds. No manual sysprep. How this started Back when I was still heavily working in the Azure Virtual Desktop space,…
The Privileged Role Exposures Defender Misses
A look at Tier Zero exposure paths that don’t show up in the obvious places — and a tool to find them. How this started…
Least Privilege Studio: An Azure RBAC Tool
If you’ve ever set up a service principal in Azure and thought “I’ll just use Contributor for now” — this is for you. It’s…
Hardening Entra ID with Terraform
A practical implementation guide covering identity baseline, privileged access, conditional access, and monitoring – fully managed as infrastructure as code. Entra ID is the…
Azure Cloud Adoption: Landing Zones, WAF, and the Big Picture
This post is different from my usual project or solution based posts — no code, no architecture diagrams. Just the mental model I wish…
Private Azure Monitoring at Scale — Terraform, Zero Public Traffic
Modern enterprise cloud architectures demand more than just functional monitoring — they demand secure monitoring. By default, the Azure Monitor Agent ships logs and…
Automated Azure VM Power Management with a Tag-Driven Runbook
In a previous post, I introduced a lightweight, tag-driven VM power management solution in Azure that combined an Automation Runbook with a custom PowerShell…
Entra ID Login with Azure Bastion (Public Preview)
Managing credentials for virtual machines has always been a balancing act between security, usability, and operational overhead. With the new native Microsoft Entra ID…