New to Azure? Start Here
A comprehensive guide to Azure fundamentals, covering the Cloud Adoption Framework, Well-Architected Framework, landing zones, resource hierarchy, service models, shared responsibility, and regional design.
Azure · Architecture · Learning
Cloud Solution Architect sharing practical guides on Azure infrastructure, AI, networking, security, and FinOps.
A comprehensive guide to Azure fundamentals, covering the Cloud Adoption Framework, Well-Architected Framework, landing zones, resource hierarchy, service models, shared responsibility, and regional design.
A deep dive into Azure ExpressRoute: what it is, why enterprises use it, connectivity models, circuit SKUs, peering types, and key design considerations for hybrid connectivity.
Managing DNS in the cloud is critical for ensuring reliable name resolution and secure connectivity. Azure DNS is Microsoft's managed DNS service that lets you host your DNS domains in Azure, providing high availability, scalability, and integration with Azure resources. Learn about DNS zones, records, private DNS, DNS resolver, and the new DNS Security Policy for threat protection.
Learn how to configure a Network Policy Server (NPS) with Microsoft Entra ID Multi-Factor Authentication to secure RADIUS-based authentication for VPNs, network switches, and wireless access points.
Learn how to implement the FinOps framework in Azure, including billing hierarchy, cost allocation, optimization strategies, and best practices for cloud financial management.
The Azure FinOps Multitool now comes in four flavors: a Windows GUI, a cross-platform terminal UI, an MCP server for AI agents, and an automated function for scheduled scans. It reads from your FinOps Hub or Cost Management exports first and falls back to live APIs when it needs to, giving you a fast, accurate picture of your Azure costs, tagging health, and optimization opportunities.
Microsoft now has three distinct AI platforms and knowing which one to reach for can save you weeks of wasted effort. This guide breaks down Microsoft 365 Copilot, Copilot Studio, and Microsoft Foundry: what they are, how they work, and when to use each.
Already in Azure but not aligned with best practices? This guide walks through how to transition an existing brownfield environment to the Azure Landing Zone reference architecture, step by step, without disrupting production uptime.
AI spending doesn't follow the same rules as traditional cloud infrastructure. Here's what changes, what stays the same, and how to apply FinOps to Azure AI workloads before your token bill surprises you.
A PowerShell WPF tool that scans your Azure subscription for tagging gaps and lets you bulk-apply or remove tags at scale, built for the moment before you flip a tag policy from audit to deny.
Application Gateway is Azure's Layer 7 load balancer with built-in WAF, URL routing, and TLS termination. Learn when to choose it over Front Door, Load Balancer, or Traffic Manager, and follow a step-by-step setup guide sourced from Microsoft docs.
A practitioner's guide to Microsoft Entra B2B collaboration covering what it is, how guest accounts work, external collaboration settings, cross-tenant access settings, Conditional Access for guests, M365 sharing controls, and monitoring.
Azure Verified Modules (AVM) is Microsoft's answer to the fragmented IaC module landscape. Learn what AVM is, why it matters, how the module types work, and how to start using it in your Bicep or Terraform deployments today.
Connectivity problems in Azure are rarely straightforward. Traffic passes through NSGs, UDRs, firewalls, App Gateways, and Front Door before it ever reaches your app. This post walks through the tools and logs you need to actually find where things are breaking.
An open-source AI agent that runs live Azure infrastructure assessments using MCP servers, Azure Resource Graph, and GitHub Copilot. Learn how it works, how to deploy it, and how to build your own MCP-powered agent for any domain.
A deep dive into Azure Web Application Firewall on Application Gateway — what it replaces from the on-prem world, how to configure WAF policies with managed and custom rules, and how it protects external traffic entering your Azure environment.
Log Analytics is where Azure's diagnostic data lands. KQL is how you actually get answers out of it. This post covers the workspace model, the tables that matter most, and a set of practical queries you can use right now.
Azure offers three commitment-based tools to cut your cloud bill — Azure Hybrid Benefit, Reservations, and Savings Plans. Here's how each one works, where they overlap, and how to stack them for maximum savings.
Git is the foundation everything else in modern development sits on, including GitHub Copilot. This post breaks down the commands that matter, why each one exists, and how they fit a real team workflow, then shows where Copilot speeds you up once the fundamentals are solid.
A FinOps hub turns raw Cost Management exports into a real analytics platform. This post breaks down every resource the template deploys and why, the benefits over a plain cost export, and how to interface with the data using Microsoft Fabric, Azure Data Explorer, and the FinOps Multitool.
VPN Gateway is how you connect on-premises networks and remote users to Azure over encrypted IPsec tunnels. This post covers the connection types, SKUs, and components, walks through a site-to-site setup, and lays out the best practices that keep the tunnel up.
Now that the Git fundamentals are in place, this post adds GitHub Copilot on top: what it actually is, how the plans differ, how the new AI Credits billing works as of June 2026, and how to fold it into the daily commit-branch-PR loop without burning through your allowance.