11 years in the Microsoft ecosystem. Still in the thick of it.
I started in Microsoft cloud support in 2014, working escalations across Exchange Online, Entra ID, and Intune for enterprise customers across North America, Europe, and Asia Pacific. From there I moved into Microsoft partner organisations, delivering M365 security, Intune rollouts, and hybrid identity projects for enterprise clients globally.
I take on a small number of fixed-fee engagements each month. If your team is dealing with an M365 security gap, a broken Intune rollout, or a hybrid identity problem that has gone unresolved too long, that is exactly where I work best.
Windows LAPS Escrow Failure - Hybrid Entra Environment
340 devices silently failing to escrow LAPS passwords. Helpdesk locked out of local admin credentials during incidents.
Root cause: stale alternativeSecurityIds breaking Hybrid Entra trust at the authentication layer. Diagnosed via dsregcmd and Graph beta API. Resolved via controlled leave/join remediation cycle across all affected devices.
Outcome: full escrow restored, zero helpdesk calls after remediation.
Autopilot Deployment with Custom LOB App Packaging
180 devices needing to move from manual imaging to fully automated Autopilot. LOB applications undocumented, never packaged for Intune.
Packaged all apps as Win32 with dependency chaining, designed Autopilot profiles with ESP, compliance policies, and Conditional Access enforcement.
Outcome: completed in 3 weeks, zero reimaging, technician touchtime down from 3 hours to under 20 minutes per device.
Legacy Authentication Eliminated Before ISO Audit
500-seat tenant with 23% of sign-ins still on basic auth. ISO audit deadline approaching with no enforcement policy in place.
Analysed 30 days of sign-in logs, identified every legacy auth source, executed phased Conditional Access rollout using report-only mode first to avoid disruption.
Outcome: legacy auth reduced from 23% to 0% before the audit deadline.
