CloudRunbook | Practical Cloud Engineering
Collected notes from running Azure platforms in anger: landing zones, identity guardrails, networking, and the weekly changes that genuinely warrant a brew and a chat.
A practical Defender for Cloud baseline for Azure landing zones: plan coverage decisions, auto-provisioning, and closing the loop with policy-backed guardrails.
Sorted newest first. Use tags above for a curated feed.
A practical baseline for Azure Private Endpoints and DNS: ownership, zone design, resolver routing, and onboarding patterns that prevent midnight outages.
A practical identity baseline for secure Azure architecture: admin separation, PIM, Conditional Access, workload identities, and secrets. Written as a runbook you can implement.
A runbook-style secure networking baseline for Azure: hub/spoke vs vWAN, DNS ownership, private endpoints, egress control, and inbound protection. Built to scale.
A hands-on walkthrough of Azure Landing Zones (ALZ): what they are, why they matter, and a runbook-style path to deploying a secure platform foundation.
Azure VPN Gateway introduces portal-based migration for Basic Public IP on active-active gateways (planned Jan 2026). What it means, who’s affected, and the runbook to prepare.
Search
Type an Azure service, control, or tag. Results refresh after every deploy.
Examples: landing zone policy, workload identity, weekly changes
