Azure · Architecture · Learning
Cloud Solution Architect sharing practical guides on Azure infrastructure, AI, networking, security, and FinOps.
A comprehensive guide to Azure fundamentals, covering the Cloud Adoption Framework, Well-Architected Framework, landing zones, resource hierarchy, service models, shared responsibility, and regional design.
Creating a personal website shouldn't require complicated tooling or expensive hosting. This post walks through exactly how I built this site using modern, free tools that work seamlessly together.
A deep dive into Azure ExpressRoute: what it is, why enterprises use it, connectivity models, circuit SKUs, peering types, and key design considerations for hybrid connectivity.
Managing DNS in the cloud is critical for ensuring reliable name resolution and secure connectivity. Azure DNS is Microsoft's managed DNS service that lets you host your DNS domains in Azure, providing high availability, scalability, and integration with Azure resources. Learn about DNS zones, records, private DNS, DNS resolver, and the new DNS Security Policy for threat protection.
Learn how to configure a Network Policy Server (NPS) with Microsoft Entra ID Multi-Factor Authentication to secure RADIUS-based authentication for VPNs, network switches, and wireless access points.
Learn how to implement the FinOps framework in Azure, including billing hierarchy, cost allocation, optimization strategies, and best practices for cloud financial management.
Discover the Azure FinOps Multitool - a PowerShell application that provides a comprehensive view of your Azure costs, tagging health, and optimization opportunities. Deploy tags, policies, and budgets quickly, and export data to HTML, CSV, or Power BI templates.
Microsoft now has three distinct AI platforms and knowing which one to reach for can save you weeks of wasted effort. This guide breaks down Microsoft 365 Copilot, Copilot Studio, and Microsoft Foundry: what they are, how they work, and when to use each.
Already in Azure but not aligned with best practices? This guide walks through how to transition an existing brownfield environment to the Azure Landing Zone reference architecture, step by step, without disrupting production uptime.
AI spending doesn't follow the same rules as traditional cloud infrastructure. Here's what changes, what stays the same, and how to apply FinOps to Azure AI workloads before your token bill surprises you.
A PowerShell WPF tool that scans your Azure subscription for tagging gaps and lets you bulk-apply or remove tags at scale, built for the moment before you flip a tag policy from audit to deny.
Application Gateway is Azure's Layer 7 load balancer with built-in WAF, URL routing, and TLS termination. Learn when to choose it over Front Door, Load Balancer, or Traffic Manager, and follow a step-by-step setup guide sourced from Microsoft docs.
Log Analytics is where Azure's diagnostic data lands. KQL is how you actually get answers out of it. This post covers the workspace model, the tables that matter most, and a set of practical queries you can use right now.
Connectivity problems in Azure are rarely straightforward. Traffic passes through NSGs, UDRs, firewalls, App Gateways, and Front Door before it ever reaches your app. This post walks through the tools and logs you need to actually find where things are breaking.
Azure Verified Modules (AVM) is Microsoft's answer to the fragmented IaC module landscape. Learn what AVM is, why it matters, how the module types work, and how to start using it in your Bicep or Terraform deployments today.
A practitioner's guide to Microsoft Entra B2B collaboration covering what it is, how guest accounts work, external collaboration settings, cross-tenant access settings, Conditional Access for guests, M365 sharing controls, and monitoring.
