I help small and mid-sized businesses set up and run their cloud.

These are focused engagements for teams without a dedicated cloud function. Each one starts with a short discovery, ends with something you own and can run, and leaves the reasoning written down. Everything below is delivered remotely.

• Azure cloud architecture

  Design of right-sized Azure environments: landing zones, network topology, identity, and resource organisation that a small team can actually run.

  What it includes

  • Landing-zone and subscription/resource-group structure
  • Networking design: VNets, subnets, private endpoints, and segmentation
  • Identity and access design with Entra ID and managed identities
  • Reference architecture diagrams and decision records

  Who it's for

  Small and mid-sized businesses standing up their first serious Azure footprint, or cleaning up one that grew without a plan.

  How it works

  A short discovery on current state and goals, a proposed architecture with the trade-offs written down, then a build-ready design you own.

• Infrastructure-as-Code (Terraform)

  Your infrastructure defined in Terraform so it is version-controlled, reviewable, and reproducible instead of clicked together in a portal.

  What it includes

  • Terraform modules for your core Azure resources
  • Remote state with locking, plus environment separation
  • A plan/apply workflow wired into your Git provider
  • Documentation so your team can extend the code without me

  Who it's for

  SMBs whose Azure setup lives in the portal today and who want repeatable, auditable changes before the estate gets larger.

  How it works

  I codify what already exists or what we just designed, hand over the modules and pipeline, and walk your team through making a change end to end.

• Automation (PowerShell and Azure)

  Repetitive operational work turned into scripted, scheduled, least-privilege automation instead of manual steps that get skipped or done wrong.

  What it includes

  • PowerShell tooling using the Az module with error handling
  • Scheduled or event-driven jobs (Automation, Functions, or scheduled runners)
  • Managed-identity authentication so no secrets sit in scripts
  • Runbooks documenting what each job does and how to recover it

  Who it's for

  SMBs spending staff time on recurring Azure or Windows tasks that should run on their own.

  How it works

  We pick the highest-friction tasks first, automate them with logging and safe failure modes, and leave you with code and runbooks you control.

• Azure governance and cost management

  Guardrails and visibility so spend stays predictable and resources stay compliant with your own rules as more people get access.

  What it includes

  • Azure Policy and management-group structure for guardrails
  • Tagging strategy and budgets with cost alerts
  • Cost analysis to find and trim waste
  • RBAC review toward least-privilege access

  Who it's for

  SMBs whose Azure bill or access model has outgrown manual oversight and needs structure without a dedicated cloud team.

  How it works

  A review of current spend and access, a set of policies and budgets put in place, and a simple ongoing way to keep them honest.

• Cloud security and compliance posture

  A practical hardening pass on your Azure environment: identity, network exposure, secrets, and monitoring, mapped to a posture you can stand behind.

  What it includes

  • Identity and access hardening with conditional access and MFA
  • Network exposure review: private endpoints over public access
  • Secrets moved into Key Vault with managed-identity references
  • Defender for Cloud and logging baseline with actionable alerts

  Who it's for

  SMBs that need a defensible security baseline in Azure but do not have an in-house security function.

  How it works

  A posture assessment against least-privilege and least-exposure principles, a prioritised remediation list, and help implementing the fixes that matter most.