Building an Expanded Identity Security Copilot with Azure AI FoundryIf you hang around identity security teams for a day, you quickly notice that their questions never fit into a single neat box. In the morning, someone needs a deep, grounded answer about which ConditJun 8, 2026·18 min read
Microsoft Entra Group Source of Authority Conversion with Cloud Sync WritebackMar 13, 2026·15 min read
Enhance Entra Identity Governance with Azure Event GridMicrosoft Graph change notifications are a great building block, but the “classic” model (hosting a public HTTPS webhook) tends to get uncomfortable fast and won't make you any friends in the Cybersecurity or Networking/Gateway teams to manage the in...Feb 1, 2026·13 min read
Building a Secure Password Reset API with Azure Functions, Easy Auth, and LDAPSIntroduction In my previous infrastructure blog, we built a disposable Active Directory lab: a domain controller in its own subnet, a function app in another, Key Vault for secrets, and just enough networking glue to make it feel like a real hybrid e...Jan 14, 2026·10 min read
Workload Identity Risk and Remediation with Microsoft Graph & PowerShellIntroduction Here's a problem you might not be tracking as closely as you should: every workload identity in your Entra ID tenant—the service principals and app registrations powering your automation, CI/CD pipelines, and third-party integrations—is ...Dec 31, 2025·22 min read
Zero-to-DC: Building a Disposable Active Directory Lab in Azure with Bicep and PowerShellIntroduction This all started from a very practical problem: I wanted a disposable, repeatable Active Directory lab I could spin up for demos, tutorials, and future blog posts (stay tuned). I needed something I could tear down and rebuild without fea...Dec 14, 2025·15 min read
A Guide to Deploying Self‑Hosted GitHub Runners on Azure Container AppsIntroduction This post is a practical deep dive into running self‑hosted GitHub Actions runners on Azure Container Apps (ACA). The goal: ephemeral, on‑demand compute that scales up only when there are GitHub workflow jobs in the queue and scales to z...Nov 30, 2025·21 min read
Ephemeral Pull Request (PR) Environment with Microsoft Graph BicepIntroduction This project demonstrates an end-to-end ephemeral pull request (PR) environment pattern using: Microsoft Graph Bicep to provision an application, service principal, security group, test accounts, custom OAuth2 permission scopes, and an ...Nov 9, 2025·12 min read
