Getting the Group Claims when authenticating with Microsoft Graph In a customer project we had the requirement to fetch the Security Groups an employee is a member of, making it possible to enable or…

💪In this blog, I will show you how to retrieve group claims when authenticating with Microsoft Graph, for example in Azure App Services, making it possible to enable or disable specific fields in the UI. cloudtips.nl/getting-the-...

Automating Azure diagrams from Bicep using GitHub Copilot CLI Custom agents ❤️ In my day to day work, I design Azure architectures for customers. In most cases, we already have a clear vision of what the solution…

🔥Did you know that you can automate Azure diagrams from Bicep using GitHub Copilot CLI Custom Agents? cloudtips.nl/automating-a...

During MVP Summit, I met @luke.geek.nz, the legend who nominated me and helped me become a Microsoft MVP. Honored 🔥

Enjoying Seattle with @rios.engineer @johnlokerse.dev @jdops.bsky.social

Underway to Redmond for the MVP Summit! 💪🏻Together with @johnlokerse.dev

Take Control of Azure Cloud Spend with FinOps and Azure Verified Modules The FinOps Toolkit helps accelerate your FinOps journey by offering starter kits, scripts, and advanced solutions to automate and extend…

cloudtips.nl/take-control... The FinOps Toolkit helps accelerate your FinOps journey by offering starter kits, scripts, and advanced solutions to automate and extend the Microsoft Cloud. In this blog we will use the Azure Verified Module pattern to deploy the Azure FinOps Toolkit — FinOps Hub

The Azure Sandbox 😍 Azure Sandbox is a Terraform-based project designed to simplify the deployment of sandbox environments in Azure. It provides a modular and…

Azure Sandbox is a Terraform-based project designed to simplify the deployment of sandbox environments in Azure. In this blog, I will walk you through deploying Azure Sandbox and getting started. 🔥 cloudtips.nl/the-azure-sa...

Entra ID support for Azure Bastion 😍 Azure Bastion has introduced support for signing in with Microsoft Entra ID when using RDP to access Windows virtual machines directly from…

🔥 Azure Bastion has introduced support for signing in with Microsoft Entra ID when using RDP to access Windows virtual machines directly from the Azure portal. cloudtips.nl/entra-id-sup...

Azure Service Groups for Flexible Resource Organization Azure Service Groups make it possible to bring resources together and manage them, even when they are spread across multiple subscriptions…

🔥Azure Service Groups make it possible to bring resources together and manage them, even when they are spread across multiple subscriptions and resource groups, without being tied to the default Azure hierarchy. cloudtips.nl/azure-servic...

The Azure Bicep Console = ❤️ When working with Bicep templates, one of the biggest challenges is validating your logic before deployment. Naming rules, conditions…

In this blog, I will show you how to get started with the Bicep console and how it supports my daily development workflow, so it can save you time as well. cloudtips.nl/the-azure-bi...

Conditional Access Documenter YouTube video by Brian Veldman

What if I told you that you can export your Conditional Access policies to PowerPoint, providing a high-level overview of your security posture? youtu.be/ANZLw1jkX8s?...

Unified Tenant Configuration Management (UTCM) APIs in Microsoft Graph = ❤️ The unified tenant configuration management (UTCM) APIs allow administrators to control and manage configuration settings across a single…

🔥 It is here. The unified tenant configuration management (UTCM) APIs allow administrators to control and manage configuration settings across a single workload or multiple workloads within the organization. cloudtips.nl/unified-tena...

Deploy Azure Monitor Baseline Alerts using Enterprise Policy as Code As many of you know, I am passionate about Infrastructure as Code and governance within Azure environments. Consistency, repeatability, and…

How do we combine strong governance with automation in a structured way? This is where Enterprise Policy as Code, or EPAC, comes into play. cloudtips.nl/deploy-azure...

Microsoft Entra Connect Sync — Migrate from Pass-through Authentication to Password Hash Sync Recently, in a customer project, I had to switch from Passthrough Authentication to Password Hash Synchronization. That experience…

Recently, in a customer project, I had to switch from Passthrough Authentication to Password Hash Synchronization. That experience inspired me to write this blog for anyone who receives the same assignment but is unsure how to approach it. 💪🏻 cloudtips.nl/microsoft-en...

This is why your AI platform on Azure needs a Landing Zone Many organizations deploy AI solutions on Microsoft Azure with a strong focus on innovation and speed. What is often underestimated is the…

Many organizations deploy AI solutions on Microsoft Azure with a strong focus on innovation and speed. What is often underestimated is the importance of a well designed foundation. cloudtips.nl/this-is-why-...

The Future of Secure Access with Managed Identities and Workload Identity Federation At many organizations, managing secrets and certificates in Azure application registrations quickly becomes a challenge, often due to risks…

🔥 Curious how the future of secure access with Managed Identities and Workload Identity Federation helps you move beyond risky secrets and certificates? medium.com/microsoftazu...

Super nice!

Protect your Microsoft External ID tenant using Web Application Firewall! Recently I published a blog post about deploying Microsoft Entra External ID and integrating it as an authentication provider for Azure App…

🔥 Want to know how to protect your Microsoft Entra External ID tenant against bad bots and malicious attackers? cloudtips.nl/protect-your...

Did somebody said snow? ⛄️❄️

Reflecting on 2025: Microsoft MVP, How It Started and What’s Next 🚀 First of all, I have to say that 2025 was an incredible year. I am truly grateful for everyone who supported my community contributions and…

First of all, I have to say that 2025 was an incredible year. I am truly grateful for everyone who supported my community contributions and helped me grow along the way. cloudtips.nl/reflecting-o...

Source IP Anchoring with Entra Global Secure Access 🔥 Source IP Anchoring with Entra Global Secure Access 🔥 Global Secure Access (GSA) is a comprehensive solution that integrates Microsoft Entra Internet Access and Microsoft Entra Private Access …

In this blog I will show how to configure Microsoft Entra Private Access to tunnel selected application traffic through a private network in order to meet the access control policy of an application that depends on network based restrictions. cloudtips.nl/source-ip-an...

💪🏻Together with my colleagues Robert and Wouter, we migrated 100 VMs this weekend, phased out the old RDS farm, introduced AVD with six host pools and 125 VMs, and migrated fourteen locations from IPVPN to fiber and DSL via SDWAN to vWAN. Grateful for the gift and happy to help innovate IT platforms.

The North Pole Azure Landing Zone 🎄It is December at the North Pole. The elves are rushing around, workloads are flying everywhere, and even Santa is complaining that he…

🎄 It is December at the North Pole. The elves are rushing around, workloads are flying everywhere, and even Santa is complaining that he has too many permissions. It is clearly time to bring some order with a bit of Bicep magic. cloudtips.nl/the-north-po...

⚡Adding Intune P2 features to Microsoft 365 E3 and E5 is getting a lot of well-deserved attention, but did you see the blip that isn't? Some Defender for Office P1 features are coming to E3 and E1 in 2026! 📧
www.microsoft.com/en...

Microsoft Entra Kerberos authentication for Cloud-only Identities on Azure Files SMB ❤️ Azure Files now allows SMB access through identities that exist entirely in Entra also known as cloud-only accounts. These accounts live in…

🔥 It is here. Microsoft Entra Kerberos authentication for cloud only identities on Azure Files SMB is now available in preview. This makes it possible to access Azure Files without any domain controllers or hybrid identity requirements. cloudtips.nl/microsoft-en...

Secure Your Traffic with Forced Tunneling in Azure Virtual WAN P2S VPN 😍 Secure Your Traffic with Forced Tunneling in Azure Virtual WAN P2S VPN 😍 When remote users connect through a Point to Site (P2S) VPN in Azure Virtual WAN, you can route all their traffic including …

When remote users connect through a Point to Site (P2S) VPN in Azure Virtual WAN, you can route all their traffic including internet bound traffic through Azure Firewall by pushing a default route (0.0.0.0/0). This approach is commonly referred to as forced tunneling. 🔥
cloudtips.nl/secure-your-...

Enjoying vacation 💪🏻

GitHub - microsoft/ignite25-next-steps Contribute to microsoft/ignite25-next-steps development by creating an account on GitHub.

[Share] 🔥 Microsoft Ignite 2025 Next Steps

After attending Microsoft Ignite 2025, your next steps to continue your learning journey!

#msignite #mvpbuzz

Automate Microsoft Graph Tasks with Azure Container App Jobs! ❤️ Azure Container Apps Jobs allow you to run containerized tasks that execute for a finite duration and then exit. You can use jobs for…

In this blog, I will demonstrate how to use Azure Container App Jobs to automate tasks with Microsoft Graph. For example, you might want to back up your Conditional Access rules from Entra ID to a secure location, such as an Azure Storage Account. 🔥 cloudtips.nl/automate-mic...

Microsoft Entra ID Governance — Automating Privileged Identity Management in Azure Landing Zones… Azure Landing Zones provide a solid foundation for deploying workloads in the cloud by integrating best practices across governance…

In this blog, I’ll demonstrate how to automate Privileged Identity Management (PIM) in Azure Landing Zones using Azure Bicep and the Microsoft Graph Provider, powered by Microsoft Entra ID Governance. cloudtips.nl/microsoft-en...