CLOUDY MUSINGS

As with previous posts, all source code and a corresponding GitHub repository can be found here! This is one of those questions that seems like it should have a straightforward answer, but it doesn't because what good fun would that be if there were a straightforward answer? I'm sure you've been here before: someone spots an enterprise application in Microsoft Entra ID, notices it has permissions or credentials attached, and naturally asks: who created this thing? If you star

There's a very specific moment in almost every Azure File Sync conversation where things go from "this is going great" to "wait, what do you mean we can't do that?" P.S. That happened this week and it took me back, hence the blog post. This usually happens right after the POC looks successful. You've synced a few hundred gigs from the D: drive of an on-premises file server, cloud tiering is working, ACLs look intact, and everyone feels good. Then someone asks how you expose

Let me tell you about a moment that happens to almost everyone working with Azure networking. You're designing a network, you discover service endpoints, and you think "Great! This keeps my traffic on Microsoft's backbone instead of the public internet." You enable them for Storage, SQL, maybe Key Vault. Everything makes sense. Then you stumble across service endpoint policies and think "Oh cool, I can add more control to all these services!" You start setting them up for SQ

a.k.a. Here's Your Full Guide to Understanding Azure Cloud Governance Without Losing Your Mind or Sanity Cloud governance is one of those topics that sounds straightforward until you start hearing people use the same five words to describe completely different things. You walk into a meeting and someone says, “We should solve this with Azure Policy,” and someone else responds, “We need a Blueprint,” and a third person chimes in with, “This belongs in our Service Group model.”