Skip to content

Home

A curated collection of deep-dive architecture guidance and best practices for enterprise Azure solutions, spanning landing zones, AI platforms, mission-critical SaaS patterns, and security.

Azure Container Apps

Document Description
Easy Auth Deep Dive Complete architecture and token store deep dive for Azure Container Apps Easy Auth

Azure Landing Zone

End-to-end guidance for setting up a greenfield Azure tenant for a multi-region SaaS startup under an EA enrollment, using Terraform and GitHub Actions.

Document Description
Overview Scenario context, architecture overview, and implementation roadmap
Identity Landing Zone Entra ID, management groups, PIM, and break-glass account configuration
Management Landing Zone Log Analytics, Azure Monitor, and centralized management subscription
Connectivity Landing Zone Hub-and-spoke networking, Azure Firewall, and ExpressRoute/VPN design
EA & Subscription Architecture EA enrollment structure, subscription vending, and management group hierarchy
Terraform Implementation Terraform modules, state management, and the CAF Enterprise Scale module
GitHub Actions CI/CD Federated identity, Terraform pipelines, and secure workflow patterns
Application Landing Zone Per-workload landing zone template with networking, Key Vault, and observability
Compliance Baseline SOC 2 Type II and ISO 27001 controls mapped to Azure Policy assignments
Day 1 / Day 2 Prioritization Phased rollout priorities for new Azure tenant onboarding
DNS Private Zones & Resolver Private DNS Zones and Azure DNS Private Resolver in the Connectivity Landing Zone

Microsoft Foundry

Document Description
Comprehensive Models Guide Complete reference for model catalog, deployment types, and SDK usage in Microsoft Foundry
Deploying Claude Models Step-by-step guide for deploying Anthropic Claude models via the Foundry model catalog
Content Safety & Guardrails Content safety filters, guardrails, and responsible AI controls for Foundry deployments
Private Networking Comparison Comparison of private networking options in the Microsoft Foundry portal
Tracing & Observability Configuring tracing, SDK instrumentation, and Azure Monitor integration for Foundry agents

SharePoint + Microsoft Foundry

Document Description
AI Knowledge Accelerator Deep research and recommendations for building an AI knowledge base on SharePoint with Foundry

GPU & AI Models

Document Description
GPU Hosting Options Decision guide for hosting open-source AI models on Azure GPU infrastructure

Mission-Critical SaaS

Document Description
Azure Container Apps Overview Comprehensive architecture guide for Azure Container Apps in mission-critical workloads
API & AI Gateway Architecture API Management as an AI gateway with rate limiting, routing, and policy enforcement
Load Balancing with APIM Global load balancing patterns using Azure API Management across multiple regions
Service Bus with Microservices Event-driven microservices on Azure Container Apps using Azure Service Bus

Monitoring

Document Description
Application Insights Guide Comprehensive guide to Application Insights SDK integration, sampling, and alerting

Security

Document Description
Defender for Storage Microsoft Defender for Storage malware scanning for Azure Blob Storage

Publishing as a Static Site

This repository is published as a documentation site using MkDocs with the Material theme, deployed automatically to GitHub Pages on every push to main.

To preview locally:

pip install -r requirements.txt
mkdocs serve

See mkdocs.yml and .github/workflows/deploy-docs.yml for configuration.

License

MIT