Head in the Cloud ☁️

When you deploy a Storage account, a Key Vault or any other PaaS service, by default they’re reachable over the public internet. While protected by authentication and firewall rules the traffic still traverses Microsoft’s public endpoints and the internet. For many organisations, especially those with compliance requirements or a zero-trust security posture, that’s not acceptable. Enter Private Endpoints. Private endpoints are one of the most impactful networking features within Azure, once you understand how they work you’ll wonder how you ever lived without them. ...

Welcome! This blog covers all things Microsoft Azure - from architecture patterns and infrastructure-as-code to DevOps pipelines, security hardening, and cost optimisation. What to expect Posts here will be practical and hands-on. Expect deep dives into topics like: Azure infrastructure - Virtual Networks, Private Endpoints, Hub-and-Spoke topologies. Infrastructure as Code - Terraform, Bicep and accelerators. DevOps & CI/CD - Azure DevOps, GitHub Actions, and pipelines. Security & Governance - Azure Policy, Entra ID, and zero-trust principles. Cost optimisation - Reserved Instances, Spot VMs, and FinOps practices. A note on comments Every post has a Giscus comment section at the bottom, backed by GitHub Discussions. You’ll need a GitHub account to leave a comment. ...