Notes from production – Azure, IaC tips, AI in cloud and cloud security news.
Windows Server 2019, Azure Linux 2.0, and kubelet certificate rotation – three AKS retirements with March 2026 deadlines. Practical migration guide with CLI commands and Bicep templates.
Practical Azure FinOps guide – from Cost Management through VM right-sizing to Reserved Instances and auto-scaling. Real savings from enterprise projects.
Kubernetes AKS production readiness checklist covering Azure CNI networking, Workload Identity RBAC, cluster autoscaling, monitoring, and DR strategy.
Design Zero Trust identity architecture with Entra ID Conditional Access policies. MFA enforcement, device compliance, session controls, and named locations for Azure environments.
NIS2 Azure compliance checklist with concrete steps: Azure Policy governance, Defender for Cloud CSPM, centralized logging, and Zero Trust identity.
Build reusable Terraform modules for Azure with private registry publishing, automated testing with Terratest, and versioned module consumption in production.
Implement Azure Policy governance for Landing Zones at scale. Custom policy definitions, initiative assignments, compliance dashboards, and cost management guardrails.
Terraform Azure best practices for production projects. Covers remote state locking, module structure, drift detection, naming conventions, and testing.
Configure Microsoft Defender for Cloud CSPM for Azure Landing Zones. Secure Score optimization, attack path analysis, regulatory compliance dashboards, and real cost breakdown.
Deploy hub-spoke network topology for Azure Landing Zone with Azure Firewall, Private DNS Zones, and VNet peering automation using Bicep modules.
Deploy an enterprise-ready Azure Landing Zone using Bicep modules. Covers hub-spoke networking, policy governance, and CI/CD pipeline integration.
Build a production Bicep deployment pipeline with GitHub Actions. Covers what-if previews, environment approvals, OIDC authentication, and rollback strategies.