The Archive

All writing

AllARMAutomationAzureBicepComplianceEntra IDKnowledgePowerShellProjectsSecurityTerraform

May 10, 2026
Automate Azure Golden Image Builds
One Bicep deploy. Monthly builds. No manual sysprep. How this started Back when I was still heavily working in the Azure Virtual Desktop space,…
Automation, Azure, Bicep
→: Automate Azure Golden Image Builds
May 3, 2026
The Privileged Role Exposures Defender Misses
A look at Tier Zero exposure paths that don’t show up in the obvious places — and a tool to find them. How this started…
Automation, Azure, Entra ID, PowerShell, Security
→: The Privileged Role Exposures Defender Misses
Apr 25, 2026
Least Privilege Studio: An Azure RBAC Tool
If you’ve ever set up a service principal in Azure and thought “I’ll just use Contributor for now” — this is for you. It’s…
Azure, Security
→: Least Privilege Studio: An Azure RBAC Tool
Apr 4, 2026
Hardening Entra ID with Terraform
A practical implementation guide covering identity baseline, privileged access, conditional access, and monitoring – fully managed as infrastructure as code. Entra ID is the…
Entra ID, Security, Terraform
→: Hardening Entra ID with Terraform
Apr 3, 2026
Azure Cloud Adoption: Landing Zones, WAF, and the Big Picture
This post is different from my usual project or solution based posts — no code, no architecture diagrams. Just the mental model I wish…
Azure, Knowledge
→: Azure Cloud Adoption: Landing Zones, WAF, and the Big Picture
Feb 23, 2026
Private Azure Monitoring at Scale — Terraform, Zero Public Traffic
Modern enterprise cloud architectures demand more than just functional monitoring — they demand secure monitoring. By default, the Azure Monitor Agent ships logs and…
Security, Terraform
→: Private Azure Monitoring at Scale — Terraform, Zero Public Traffic
Dec 19, 2025
Automated Azure VM Power Management with a Tag-Driven Runbook
In a previous post, I introduced a lightweight, tag-driven VM power management solution in Azure that combined an Automation Runbook with a custom PowerShell…
Automation, PowerShell, Projects
→: Automated Azure VM Power Management with a Tag-Driven Runbook
Dec 8, 2025
Entra ID Login with Azure Bastion (Public Preview)
Managing credentials for virtual machines has always been a balancing act between security, usability, and operational overhead. With the new native Microsoft Entra ID…
Entra ID, Knowledge
→: Entra ID Login with Azure Bastion (Public Preview)
Dec 4, 2025
Deploying Agents to Azure VMs Using Azure Policy and VM Applications
The Problem: Organizations need to deploy agents, monitoring tools or security agents across all Azure VMs consistently. Traditional approaches often fall short: The Solution:…
Automation, Compliance, Terraform
→: Deploying Agents to Azure VMs Using Azure Policy and VM Applications
Nov 16, 2025
Using Azure Firewall as a NVA with Terraform
Using Azure Firewall as a Network Virtual Appliance (NVA) provides a powerful alternative to traditional VNet peering in hub-and-spoke designs. Instead of relying on…
Security, Terraform
→: Using Azure Firewall as a NVA with Terraform