Using A Domain-Joined Jumpbox VM For Legacy PowerShell From Azure FunctionsIntroduction and Use Cases Some automation problems are not really Azure Functions problems. They are dependency-bound Windows administration problems. As organizations move their identity and access May 4, 2026·6 min read
Microsoft Entra Group Source of Authority Conversion with Cloud Sync WritebackMar 13, 2026·15 min read
Building a Secure Password Reset API with Azure Functions, Easy Auth, and LDAPSIntroduction In my previous infrastructure blog, we built a disposable Active Directory lab: a domain controller in its own subnet, a function app in another, Key Vault for secrets, and just enough networking glue to make it feel like a real hybrid e...Jan 14, 2026·10 min read
Workload Identity Risk and Remediation with Microsoft Graph & PowerShellIntroduction Here's a problem you might not be tracking as closely as you should: every workload identity in your Entra ID tenant—the service principals and app registrations powering your automation, CI/CD pipelines, and third-party integrations—is ...Dec 31, 2025·22 min read
Zero-to-DC: Building a Disposable Active Directory Lab in Azure with Bicep and PowerShellIntroduction This all started from a very practical problem: I wanted a disposable, repeatable Active Directory lab I could spin up for demos, tutorials, and future blog posts (stay tuned). I needed something I could tear down and rebuild without fea...Dec 14, 2025·15 min read
A Guide to Deploying Self‑Hosted GitHub Runners on Azure Container AppsIntroduction This post is a practical deep dive into running self‑hosted GitHub Actions runners on Azure Container Apps (ACA). The goal: ephemeral, on‑demand compute that scales up only when there are GitHub workflow jobs in the queue and scales to z...Nov 30, 2025·21 min read
Ephemeral Pull Request (PR) Environment with Microsoft Graph BicepIntroduction This project demonstrates an end-to-end ephemeral pull request (PR) environment pattern using: Microsoft Graph Bicep to provision an application, service principal, security group, test accounts, custom OAuth2 permission scopes, and an ...Nov 9, 2025·12 min read
Enhance Workload Identity Security with Just-In-Time RBAC in GitHub Actions and PowerShellIntroduction This post was born from the idea of, "gee I wonder if you could create a Just-In-Time (JIT) privileged access workflow using GitHub Actions?" After some experimentation and much debugging, the answer is yes 😆 — and the resulting pattern...Nov 7, 2025·18 min read
