Blog

Application Gateway and Front Door both handle web traffic, but at different layers and price points. Here's how to choose the right one.

Defender for Cloud is quietly eating 5-8% of your Azure bill. Most organisations enable every plan by default and never look back - that's exactly what Microsoft wants.

A routine SQL Server 2022 upgrade on Azure IaaS turned into a week-long performance crisis. The culprit was tempdb sharing a Standard SSD with data files.

Engineers delete VMs but forget to remove ASR replicas, leaving expensive replica managed disks billing silently in the target region for months.

Azure Firewall is one of the biggest hidden costs in hub-spoke architectures. The hub subscription alone can quietly run to eight thousand pounds a month before a single workload is deployed.

Egress and bandwidth charges are a hidden tax on nearly every Azure service. Data in is free, data out is not — and that asymmetry catches organisations off guard.

Azure Firewall Premium costs double Standard but most organisations never enable its key features. Find out if the upgrade is justified or if you're overspending.

Backup costs quietly grow to consume a significant chunk of Azure spend. Retention policies are the biggest lever most organisations never touch.

Defender for Servers charges per VM, and Plan 1 vs Plan 2 confusion means many organisations are paying double. Here's how to audit and fix it.

Log Analytics data ingestion costs grow silently as you onboard more resources and enable more diagnostic settings. Here's how to find and control the spend.

Savings Plans offer flexibility, Reserved Instances offer deeper discounts. Here's when to use each and why most organisations need both.

VMs running around the clock cost far more than most organisations realise. The compute price is just the start.

Block open-sourced Goose, Stripe forked it into Minions, and the workforce implications are now impossible to ignore. This isn't vibe coding — it's agentic engineering.

Cost concentration in a single Azure subscription signals architectural drift and financial risk. It's a pattern we see in almost every assessment.

A single afternoon FinOps audit uncovered over £4,000/month in Azure waste across storage, DR, backups, and security tooling.

What does a FinOps assessment actually involve? Here's what we look at, what we need from you, and what you get back.

FinOps brings financial accountability to cloud spending. If your CFO isn't involved in cloud cost decisions yet, here's why that needs to change - and fast.

Everyone expects VMs to dominate Azure spend, but storage quietly overtakes everything. Here's why it's probably your single biggest cost category.

Think you can just upload 100TB to Azure over your internet connection? Here's the maths on why physical data transfer still matters.

Getting Azure Spot VM prices seems simple until you need eviction rates. Here's what we learned building an AI-powered spot pricing tool.

Start 2026 right with a thorough Azure cost review. Here's the checklist we use with clients to identify quick wins.

The azurerm provider doesn't always support the latest .NET versions. Here's how to use the azapi provider to deploy .NET 8/9/10 Azure Functions.

Compliance requires logging everything for 7 years. Here's how to implement tenant-wide diagnostic settings without breaking the bank.

When Synapse blocks all egress traffic, how do you connect to your own resources? Managed private endpoints are the answer, but they're confusing.

Stop retrofitting security. Build Terraform modules with sensible security defaults so every resource starts secure without extra effort.

Your WAF is blocking attacks, but are you watching? Here's how to build an Azure Monitor workbook that shows what's being blocked and why.

Windows Hello is enabled, devices are enrolled, but users still have passwords. Here's the missing piece most organisations overlook.

AI coding assistants aren't just for developers. Here's how we use Claude and GitHub Copilot for infrastructure and DevOps work.

Flexera's annual cloud report reveals that 27% of cloud spend is wasted and 84% of organisations struggle with cost management. Here's what it means.

Azure Advisor gives you free cost optimisation recommendations. Here's what it catches, what it misses, and how to use it effectively.

Data centres offer their own remote hands services, but they're not always the best choice. Here's when third-party smart hands makes more sense.

AI tools are changing how we manage infrastructure. Here's how to use LLMs and ML for log analysis, cost prediction, and automated optimisation.

Enterprise FinOps strategies don't always apply to smaller organisations. Here are practical cost optimisation approaches that work for SMEs.

Need Synapse Spark pools to reach on-premises resources while DEP is enabled? It's complicated, but here are your options.

Getting Spark pool logs to Log Analytics when your workspace has data exfiltration protection enabled requires careful DNS configuration.

Without proper tagging, you can't allocate costs, identify owners, or enforce governance. Here's how to build a tagging strategy that actually works.

Moving beyond VM-based monitoring to container-native solutions. Here's how to implement scalable monitoring in AKS and Container Apps.

Azure Connection Monitor has a hard limit of 100 endpoints. When you need to monitor more, here are your options.

Users don't need to set a password if you set up onboarding correctly. Here's how to use Temporary Access Pass for truly passwordless day-one access.

Going passwordless with AVD isn't as straightforward as regular M365. Here's what works and what limitations you'll encounter.

Locking down Service Bus with network rules breaks Power Automate. Here's how to maintain security while keeping your flows working.

Connecting Microsoft Fabric to private Azure resources requires careful planning. Here's how to integrate Fabric with your existing network infrastructure.

Most Azure storage is in the Hot tier by default, but up to 80% of it is rarely accessed. Here's how to use storage tiers to cut costs.

Connecting Microsoft Fabric to a Key Vault with public access disabled requires specific configuration. Here's what works.

AMPLS can break all your Log Analytics workspaces if configured incorrectly. Here's how to set it up with selective DNS zone linking.

Enabling data exfiltration protection in Synapse blocks all outbound traffic. Here's how to work with this restriction while maintaining functionality.

Dev and test environments running 24/7 waste up to 70% of their cost. Here's how to automate shutdowns and save thousands.

Microsoft is deprecating legacy per-user MFA. Here's how to migrate to modern Conditional Access and Authentication Methods policies.

Need to find which Entra users have access to your PostgreSQL database? Here's how to query the system catalogs to find Azure AD principals.

Running multiple databases in Azure SQL? Here's how to choose between individual databases, elastic pools, and serverless to minimise costs.

Orphaned disks, NICs, and public IPs silently drain your Azure budget. Here's how to find them and clean them up.

Default pipeline failure notifications lack detail. Here's how to include actual error messages and useful context in your notification emails.

Need to send notifications beyond the built-in DevOps emails? Here's how to send custom emails from your pipelines using SendGrid or Microsoft Graph.

Need to run tasks against a changing list of VMs? Here's how to dynamically discover and iterate over VMs in your pipelines.

Azure Container Apps provides serverless containers without the Kubernetes complexity. Here's how to deploy a Python application with persistent storage.

Azure Policy lets you enforce standards automatically. Here's how to create custom policies for common compliance requirements.

Running a security review on an Azure environment? Here's a practical checklist of common issues and how to fix them.

If you have Windows Server licenses with Software Assurance, you could be saving up to 40% on Azure VMs. Here's how to check and apply.

Storage accounts are a common weak point in Azure deployments. Here's a security checklist and Terraform configuration to get it right.

The managed rule sets catch most attacks, but custom rules let you block specific threats hitting your application.

Route different URL paths to different backends with Application Gateway. Useful for API versioning, microservices, and gradual migrations.

Explaining the value of Application Gateway and Web Application Firewall to executives and finance teams. Here's how to frame the conversation.

Need a folder where users can upload files but can't see what others have uploaded? Here's how to configure a secure drop box in Azure Files.

With 43 data centres and 365MW of capacity, the Slough Trading Estate is Europe's densest data centre cluster. Here's why.

Getting NTFS permissions working on Azure Files requires both RBAC and share-level permissions. Here's the complete setup guide.

CREATE USER FROM EXTERNAL PROVIDER sounds simple, but running it from a pipeline with service principal authentication has some gotchas.

Need to copy an Azure SQL database to a different subscription? The built-in copy feature doesn't work across subscriptions. Here are your options.

Reserved Instances can save you up to 72% on Azure compute, but they're not always the right choice. Here's how to decide.

Getting the best RDP performance for demanding applications requires specific registry settings and network configuration. Here's what actually works.

AVD health checks failing for TURN relay access? Here's how to diagnose and fix the network connectivity issues.

Azure Files with AD authentication requires the storage account to be domain joined. Here's how to automate this in your CI/CD pipeline.

Private endpoints are powerful but DNS resolution can be tricky. Here's how to configure DNS correctly for hybrid environments with on-premises AD.

Assigning Azure AD groups to AVD application groups via Terraform requires specific provider versions and resource types. Here's the working configuration.

How to configure Terraform to store state in Azure Blob Storage with proper locking and security.

Getting FSLogix profiles working with Azure Files requires the right storage account type, tier, and permissions. Here's what actually works.

Need weekly copies of production data for testing? Here's how to automate Azure SQL database copies without the manual work.

One SonarCloud scan per repo is tedious to set up. Here's how to automate scanning across all repositories in your Azure DevOps project.

Most Azure VMs are oversized. Here's how to identify candidates for right-sizing and the potential savings you're missing.

Self-hosted DevOps agents in containers offer faster scaling and better resource utilisation. Here's how to set them up with Docker-in-Docker.

Azure WAF now recommends Microsoft's Default Rule Set over OWASP CRS. Here's how to migrate and what to watch out for.

Need to create a VM from existing disk snapshots? Here's the Terraform configuration for creating managed disks from snapshots and attaching them to new VMs.

App Service VNET integration lets your web apps access private resources. Here's how subnet delegation works and common pitfalls to avoid.

Getting the application stack and startup commands right for Azure Linux Web Apps in Terraform isn't always obvious. Here's the configuration that works.

A step-by-step guide to exporting your Azure cost and usage data for offline analysis and FinOps reporting.