Designing Safe Azure App Registration Secret Rotation (With Guardrails)

Automating Azure App Registration secret rotation is often discussed as a best practice, but implementing it safely is where the real challenge begins.

In many Azure environments, client secrets are stored in Azure Key Vault, expiry alerts are configured, and operational processes are defined. From a governance perspective, everything appears under control.

But monitoring secret expiration is not the same as designing a safe, deterministic rotation model.

Recently, I worked with a customer who had a mature Azure environment.

They had:

  • Azure Key Vault properly configured
  • Monitoring in place for secret expiry
  • Clear ownership of application registrations
  • Good operational discipline

So this wasn’t a “wild west” environment.

The problem was different.

Continue reading “Designing Safe Azure App Registration Secret Rotation (With Guardrails)”

Why most Azure environments fail at governance

As I progressed from “keeping Azure running” to actually owning platform decisions, one thing became painfully clear:
most Azure governance failures are not caused by missing tools — they’re caused by weak technical foundations and late architectural decisions.

I’ll walk through a few very realistic situations I’ve personally encountered over the years. They’re anonymised, but the technical problems are absolutely real.

Continue reading “Why most Azure environments fail at governance”

Building an Azure “Super-Assistant” with Azure MCP (Preview)

Introduction

AI assistants for Azure are everywhere right now. Most of them fall into one of two categories:

  • Chatbots with documentation knowledge, but no access to your environment
  • ChatGPT + Azure CLI wrappers, which still require credentials, tokens, and a lot of trust

I wanted to explore something different:

Can we build a genuinely useful Azure assistant that can see my environment, query real data, and still be safe by design?

Continue reading “Building an Azure “Super-Assistant” with Azure MCP (Preview)”

Azure Health Check – A Free Script to Audit and Visualise Cloud Hygiene

Are you running Azure subscriptions and want a quick, human-friendly overview of your governance, compute, storage, network and Key Vault hygiene?
The Azure Health Check PowerShell script gives you exactly that — scanning multiple subscriptions, flagging weak spots, and producing a clean interactive HTML report (with charts!).

Why this matters

Large and growing Azure estates can easily drift into insecure or unsupported configurations: unprotected VMs, public storage blobs, missing resource locks, orphaned disks, exposed network ports — all of which can lead to security, availability or compliance issues.

Yet manually auditing each subscription is time-consuming. That’s where automation helps. With this script, you get a multi-subscription health summary, scored, visualised and exportable — ideal for periodic reviews, customer readiness checks, or even compliance audits.

Continue reading “Azure Health Check – A Free Script to Audit and Visualise Cloud Hygiene”

I Became a Microsoft MVP — A Personal Milestone in My Azure Journey

Today, I want to share something very special and meaningful for me — I have been recognised as a Microsoft MVP in Azure Compute Infrastructure.

For those who don’t know, the Microsoft MVP programme recognises people who contribute to the technical community through knowledge-sharing, guidance, content creation, support, mentoring, and helping others grow.

This became part of who I am many years ago.

Continue reading “I Became a Microsoft MVP — A Personal Milestone in My Azure Journey”