Azure · Architecture · Learning

Cloud Solution Architect sharing practical guides on Azure infrastructure, AI, networking, security, and FinOps.

Recent Posts

13 min read

New to Azure? Start Here

A comprehensive guide to Azure fundamentals, covering the Cloud Adoption Framework, Well-Architected Framework, landing zones, resource hierarchy, service models, shared responsibility, and regional design.

Azure CAF WAF Landing Zones Fundamentals
7 min read

Azure ExpressRoute Overview

A deep dive into Azure ExpressRoute: what it is, why enterprises use it, connectivity models, circuit SKUs, peering types, and key design considerations for hybrid connectivity.

ExpressRoute Networking
7 min read

Azure DNS 101: A Beginner's Guide

Managing DNS in the cloud is critical for ensuring reliable name resolution and secure connectivity. Azure DNS is Microsoft's managed DNS service that lets you host your DNS domains in Azure, providing high availability, scalability, and integration with Azure resources. Learn about DNS zones, records, private DNS, DNS resolver, and the new DNS Security Policy for threat protection.

azure dns networking cloud
9 min read

Setting Up NPS with Entra ID MFA for RADIUS Authentication

Learn how to configure a Network Policy Server (NPS) with Microsoft Entra ID Multi-Factor Authentication to secure RADIUS-based authentication for VPNs, network switches, and wireless access points.

azure entra mfa nps radius authentication security
19 min read

Azure FinOps Multitool: A Fast Track to Cost Optimization

The Azure FinOps Multitool now comes in four flavors: a Windows GUI, a cross-platform terminal UI, an MCP server for AI agents, and an automated function for scheduled scans. It reads from your FinOps Hub or Cost Management exports first and falls back to live APIs when it needs to, giving you a fast, accurate picture of your Azure costs, tagging health, and optimization opportunities.

azure finops cost-management powershell tools mcp cli
9 min read

Microsoft AI Tools Compared: M365 Copilot vs Copilot Studio vs Microsoft Foundry

Microsoft now has three distinct AI platforms and knowing which one to reach for can save you weeks of wasted effort. This guide breaks down Microsoft 365 Copilot, Copilot Studio, and Microsoft Foundry: what they are, how they work, and when to use each.

azure ai copilot architecture microsoft-365
12 min read

Azure Landing Zone: Brownfield Transition Guide

Already in Azure but not aligned with best practices? This guide walks through how to transition an existing brownfield environment to the Azure Landing Zone reference architecture, step by step, without disrupting production uptime.

Azure Landing Zone Governance CAF Architecture
12 min read

Why AI Cost Optimization Is Different from Traditional FinOps

AI spending doesn't follow the same rules as traditional cloud infrastructure. Here's what changes, what stays the same, and how to apply FinOps to Azure AI workloads before your token bill surprises you.

azure finops ai cost-management optimization azure-openai
6 min read

Azure Resource Tagger: Bulk Tagging Before Policy Enforcement

A PowerShell WPF tool that scans your Azure subscription for tagging gaps and lets you bulk-apply or remove tags at scale, built for the moment before you flip a tag policy from audit to deny.

azure tagging governance powershell tools
13 min read

Azure Application Gateway: When to Use It and How to Set It Up

Application Gateway is Azure's Layer 7 load balancer with built-in WAF, URL routing, and TLS termination. Learn when to choose it over Front Door, Load Balancer, or Traffic Manager, and follow a step-by-step setup guide sourced from Microsoft docs.

azure networking application-gateway waf load-balancing
18 min read

Microsoft Entra B2B Collaboration: What It Is and How to Configure It

A practitioner's guide to Microsoft Entra B2B collaboration covering what it is, how guest accounts work, external collaboration settings, cross-tenant access settings, Conditional Access for guests, M365 sharing controls, and monitoring.

azure security entra identity b2b
9 min read

Azure Verified Modules: Microsoft's Official IaC Module Library

Azure Verified Modules (AVM) is Microsoft's answer to the fragmented IaC module landscape. Learn what AVM is, why it matters, how the module types work, and how to start using it in your Bicep or Terraform deployments today.

azure bicep terraform iac infrastructure-as-code avm
13 min read

Azure Connectivity Troubleshooting: Tools, Logs, and How to Actually Diagnose Problems

Connectivity problems in Azure are rarely straightforward. Traffic passes through NSGs, UDRs, firewalls, App Gateways, and Front Door before it ever reaches your app. This post walks through the tools and logs you need to actually find where things are breaking.

azure networking troubleshooting firewall udr app-gateway front-door kql network-watcher
10 min read

Building an Azure CSA Agent with MCP Servers and GitHub Copilot

An open-source AI agent that runs live Azure infrastructure assessments using MCP servers, Azure Resource Graph, and GitHub Copilot. Learn how it works, how to deploy it, and how to build your own MCP-powered agent for any domain.

azure ai copilot mcp architecture tools
11 min read

Azure Log Analytics and KQL: A Practical Guide with Real Queries

Log Analytics is where Azure's diagnostic data lands. KQL is how you actually get answers out of it. This post covers the workspace model, the tables that matter most, and a set of practical queries you can use right now.

azure log-analytics kql azure-monitor diagnostics monitoring kusto
11 min read

Azure Cost Commitments: Reservations, Hybrid Benefit, and Savings Plans

Azure offers three commitment-based tools to cut your cloud bill — Azure Hybrid Benefit, Reservations, and Savings Plans. Here's how each one works, where they overlap, and how to stack them for maximum savings.

azure finops cost-management reservations savings-plans hybrid-benefit optimization
12 min read

Git for Teams: A Practical Breakdown Before You Add GitHub Copilot

Git is the foundation everything else in modern development sits on, including GitHub Copilot. This post breaks down the commands that matter, why each one exists, and how they fit a real team workflow, then shows where Copilot speeds you up once the fundamentals are solid.

git github github-copilot version-control collaboration devops
9 min read

Setting Up a FinOps Hub: Components, Benefits, and Querying the Data

A FinOps hub turns raw Cost Management exports into a real analytics platform. This post breaks down every resource the template deploys and why, the benefits over a plain cost export, and how to interface with the data using Microsoft Fabric, Azure Data Explorer, and the FinOps Multitool.

azure finops cost-management finops-hub data-explorer fabric focus
11 min read

Azure VPN Gateway: Setup and Best Practices

VPN Gateway is how you connect on-premises networks and remote users to Azure over encrypted IPsec tunnels. This post covers the connection types, SKUs, and components, walks through a site-to-site setup, and lays out the best practices that keep the tunnel up.

azure networking vpn-gateway hybrid-connectivity ipsec
10 min read

GitHub Copilot for Teams: What It Is, How to License It, and How It Bills

Now that the Git fundamentals are in place, this post adds GitHub Copilot on top: what it actually is, how the plans differ, how the new AI Credits billing works as of June 2026, and how to fold it into the daily commit-branch-PR loop without burning through your allowance.

github github-copilot ai developer-tools vs-code productivity