Azure & Microsoft 365 Services | Gerald's Tech

Microsoft 365 & Azure

I design, secure, and operate Microsoft cloud environments—balancing cost, performance, and security. Below is an overview of what I deliver across Azure and Microsoft 365.

Azure Infrastructure

  • VM design & hardening (Windows/Linux), images & baselines
  • Storage (Blob/Files/Disks), tiers, lifecycle & immutability
  • Networking: VNets, peering, NSGs/ASGs, Azure Firewall
  • Load balancers, Application Gateway, WAF & SSL offload
  • Private endpoints, service endpoints & DNS design
  • Availability sets/zones, scale sets & auto-healing

Identity & Access (Entra ID)

  • Tenant architecture, directories, cross-tenant access
  • Conditional Access, MFA, risk policies & Identity Protection
  • Privileged Identity Management (PIM) & least-privilege RBAC
  • App registrations, SSO (SAML/OAuth/OIDC) & provisioning
  • Hybrid join / cloud PC identity strategies

Operations, DR & Automation

  • Backup/replication with Azure Backup & Site Recovery (ASR)
  • DR runbooks, RTO/RPO targets & failover testing
  • Azure Monitor, metrics/logs, Alerts & Action Groups
  • Log Analytics workspaces, KQL dashboards & reports
  • Automation: PowerShell/CLI/Bicep/Terraform pipelines

Security & Cost Management

  • Defender for Cloud: recommendations, hardening, just-in-time
  • Key Vault, disk encryption, secret rotation & CMKs
  • Policy & Blueprints for guardrails and governance
  • Budgets, cost alerts, rightsizing & reservation planning
  • Secure landing zones & Zero Trust design

Azure Virtual Desktop

  • Host pool design (pooled/personal), autoscale & FSLogix
  • Profiles, app delivery & Teams optimizations
  • Identity, Conditional Access & device compliance
  • Monitoring, cost control & image pipelines

App & Data Services

  • App Service, Functions, Containers & AKS basics
  • Databases (SQL MI/SQL DB), backup & performance
  • Private access, networking & secret management
  • Dev/Test subscriptions & governance separation

Exchange Online

  • MX/DKIM/DMARC, SPF alignment & secure mail flow
  • Anti-phish/anti-spam policies, transport rules
  • Shared mailboxes, resource mailboxes & delegation
  • Archiving, retention & litigation hold

SharePoint & OneDrive

  • Information architecture & site design
  • Permissions model, external sharing governance
  • Data lifecycle, retention/labels & DLP
  • Sync health, migration & adoption guides

Microsoft Teams

  • Policies, templates, lifecycle/expiry & naming rules
  • Compliance: eDiscovery, retention & auditing
  • Meetings/voice readiness & device standards
  • App governance & third-party integrations

Intune / Endpoint Manager

  • Enrollment (Autopilot/DEP), baselines & configuration
  • Compliance policies, Conditional Access & remediation
  • Win/Mac/iOS/Android app deployment & patching
  • BitLocker/FileVault, device control & reporting

Defender for Office 365

  • Safe Links/Attachments, anti-phish & impersonation
  • Threat investigation & automated response (AIR)
  • Attack Simulation training & insights
  • Secure Score improvements & reporting

Compliance & Governance

  • Purview: DLP, sensitivity labels & information protection
  • eDiscovery (Standard/Premium), audit & insider risk
  • Records management & retention schedules
  • POPiA/GDPR alignment & access reviews

Migrations & Hybrid

  • On-prem → M365: mailboxes, files & SharePoint
  • AD → Entra ID sync, cutover/staged/hybrid flows
  • File servers → OneDrive/SharePoint planning
  • Tenant-to-tenant migration planning

Licensing, Adoption & Support

  • License selection & cost optimization
  • User enablement, quick-start guides & training
  • Runbooks, SOPs & documentation
  • Managed service & support options

Ready to Modernize with Microsoft Cloud?

Whether you need a secure Azure landing zone, a clean Microsoft 365 rollout, or help tightening identity and compliance—let’s plan it clearly and deliver it right.

Discuss Your Azure & M365 Plan