Hello! I'm George,
senior Microsoft cloud security architect based in the Czech Republic. I work at the intersection of identity modernisation, governance, and the IaC supply chain that ships it — PIM, Conditional Access, JIT, AD FS-to-Entra ID modernisation, Workload Identity Federation, no-secret pipelines, Zero Trust posture across Entra and Azure.
Eight years through Microsoft platform work: datacenter administration (VMware, Windows Server), then MSP-class system specialism designing a replicable Entra ID security framework for SMB and mid-market customers, and now a technical lead designing the end-to-end Microsoft security stack for regulated and enterprise customers across multiple industries.
What I work on
Identity Modernisation & Hardening
AD FS to Microsoft Entra ID authentication migration — federated-to-cloud cut-over patterns. End-to-end assessment of on-premises Active Directory and Entra ID (privileged access, posture, configuration drift). Tier-based AD and tenant hardening to meet regulated-industry security baselines.
Application & Cloud Security
Endpoint, cloud and identity security analysis for regulated financial-sector clients. AKS applications built end-to-end on Managed Identity for every component. AD assessment automation via Microsoft Services Hub + Azure Arc + ADO + Microsoft Graph.
Platform Architecture & Cloud Operations
Enterprise-grade sovereign multi-customer Microsoft tenant + Azure Landing Zones deployed via ADO CI/CD. Hybrid M365 tenant migrations from shared multi-org to sovereign per-org tenants. Azure Arc unified control plane PoCs for on-premises workloads. Global cybersecurity policy delivery across international corporate groups.
SC-100
Cybersecurity Architect
Earned 2025
Active
Expert
MS-102
M365 Administrator
Earned 2024
Active
AZ-500
Azure Security Engineer
Earned 2026
Active
SC-200
Security Operations Analyst
Earned 2025
Active
SC-300
Identity & Access Administrator
Earned 2023What I write about#
The common thread across this work is the same question: how do you build a Microsoft cloud environment you can actually prove? Not document — prove. The answer is always the same shape: declare the desired state in code, deliver it by pipeline, and make the delta auditable.
Everything-as-code — Conditional Access as code, PIM as code, Defender baselines as code, M365 tenant settings as code, Azure infrastructure as code — is the technique. The identity architecture that governs who is allowed to run those pipelines is what makes it trustworthy. That is the editorial frame for this blog.
Four categories: Identity & Privileged Access, Secure Delivery, Security Operations, Landing Zone Architecture.
