Cloud Engineer
I design and migrate Azure/Microsoft 365 workloads with security controls, rollback paths and cost limits built in: hybrid identity, Intune Autopilot, infrastructure as code and cloud operations that internal IT can inherit.
Background
Migrated on-premises workloads to Azure IaaS and PaaS in stages, sequenced to keep operations live, with explicit cost ceilings and rollback paths rather than open-ended cloud spend.
Implemented Intune Autopilot and MECM for standardised device provisioning across Windows, macOS and Linux estates, integrated with Entra ID for identity-driven device trust.
Areas of capability
- Azure IaaS, PaaS and hybrid cloud architecture.
- Intune Autopilot and Microsoft Endpoint Configuration Manager device provisioning.
- Infrastructure as code with PowerShell, ARM templates and Bicep.
- Virtualisation across Hyper-V and VMware.
- Network security groups, VPNs and Azure firewall configuration.
- Hybrid identity with Entra ID and Conditional Access.
How this shapes the consultancy work
This matters in Microsoft 365 security work because tenant controls do not live in isolation. Identity, endpoint, networking, backup and supplier access all shape whether a setting can survive real operations.