Notes on cloud architecture, security, data & AI — from our practice in Berlin.
Filter by topic
A production-grade, open-source reference architecture for Azure Databricks covering networking, security, MLOps, agentic AI, and CI/CD — built on the Azure Well-Architected Framework.
How to implement the FinOps Foundation framework on Azure with proper team structures, tooling, and organizational change management for sustainable cloud cost governance.
Learn how to design production-grade RAG pipelines with optimal chunking, embedding models, and vector databases on Azure.
A comprehensive guide to implementing Azure Policy as Code with lifecycle management, policy definitions in Bicep and Terraform, initiative bundles, exemption management, compliance dashboards, and remediation tasks.
A practical comparison of Terraform, Bicep, and Pulumi for enterprise IaC — when to use which and how to decide.
How to implement Clean Architecture in .NET enterprise apps — domain layers, use cases, dependency inversion, and CQRS with MediatR.
A 30-point IT due diligence checklist for M&A — covering infrastructure, security, licensing, team capability, and hidden technical liabilities that buyers consistently overlook.
A pragmatic framework for assessing vendor lock-in across five dimensions — helping architects make informed trade-offs between cloud-native efficiency and portability costs.
Decision framework for choosing between RAG, fine-tuning, agentic retrieval, and knowledge graphs based on data freshness, reasoning depth, cost, latency, and accuracy requirements.
A comprehensive six-phase incident response playbook for Azure environments with Sentinel detection rules, containment runbooks, and recovery procedures.
Three production-ready agentic AI patterns — durable orchestrator, multi-agent Planner-Executor-Critic, and monitoring responder — running on Azure Functions with Databricks integration.
How we designed a fully private Azure Databricks platform with hub-spoke networking, forced-tunnel firewall, private endpoints, and managed identities — no public IPs, no stored secrets.
How an Azure Well-Architected Review identifies hidden risks across reliability, security, cost, operations, and performance.
How to architect sovereign cloud solutions on Azure with EU data residency, customer-managed encryption keys, confidential computing, and GDPR/Schrems II compliance patterns.
Three production-ready AI agent patterns on Azure — single-agent, multi-agent orchestration, and human-in-the-loop — with guardrails for cost, security, and governance.
A practical decision tree comparing Azure Container Apps, AKS, and Azure Functions across operational complexity, scaling, cost, networking, and compliance for enterprise workloads.
How to map ISO 27001 Annex A controls to Azure-native services — from Azure Policy to Defender for Cloud to audit-ready compliance dashboards.
A practical guide to deploying Spotify Backstage on Azure, covering AKS and Container Apps hosting, catalog setup, software templates, TechDocs, Azure DevOps integration, Entra ID authentication, and custom plugins.
A step-by-step guide to building production MLOps on Azure — pipelines, model registry, retraining, feature stores, and A/B deployment.
Eight battle-tested API design principles for enterprise systems — REST vs gRPC, versioning, pagination, error handling, and more.
A practical framework for quantifying technical debt in euros — turning vague complaints about code quality into board-ready investment cases for refactoring.
How to build a digital transformation roadmap with maturity assessment, quick wins, stakeholder alignment, and KPIs that matter.
A practical ROI framework for CISOs to justify Zero Trust investments to the board — quantifying risk reduction, compliance savings, and productivity gains in financial terms.
Practical strategies to reduce Azure OpenAI costs — token economics, PTU vs pay-as-you-go decisions, semantic caching, prompt compression, model selection, batch API, and monitoring dashboards.
A practical 12-step checklist for building enterprise-grade Azure landing zones using the Cloud Adoption Framework.
A practical guide to mapping cyber insurance questionnaire requirements to Azure technical controls, with evidence collection strategies and continuous compliance approaches.
A deep dive into Copilot Studio for enterprise deployments — architecture patterns, DLP governance, per-message pricing realities, and when to use custom Azure OpenAI agents instead.
An honest analysis of cloud repatriation — when moving workloads back on-premises is rational, when it is emotional, and how to build a total cost framework for the decision.
A practical 6-month plan to implement Zero Trust architecture in the enterprise, based on NIST 800-207 and real-world deployment patterns.
A comprehensive breakdown of the true total cost of ownership for enterprise AI deployments including compute, storage, data egress, tooling, and talent costs that most projections miss.
A practical guide to enterprise LLM deployment covering Azure OpenAI, prompt injection defense, token costs, and responsible AI governance.
How AI-assisted development, AIOps, and strategic automation can help German enterprises multiply developer productivity and address the IT Fachkräftemangel.
A practical guide to Event Sourcing and CQRS in .NET 9 — when the pattern justifies its complexity, implementation with Marten, and production lessons learned.
Proven microservices patterns in .NET 9 — service boundaries, API gateways, async messaging, and resilience for enterprise teams.
Seven recurring patterns that cause digital transformation initiatives to fail — from technology-first thinking to transformation fatigue — with practical prevention strategies.
How to merge Entra ID tenants without disrupting users — cross-tenant sync, conditional access, MFA, and timeline planning.
Architecture guide for multi-agent AI orchestration on Azure Container Apps — covering KEDA scaling, Dapr state management, Service Bus communication, OpenTelemetry observability, and IaC deployment.
A practical guide to securing the software supply chain in Azure DevOps with SBOM generation, artifact signing, SLSA framework compliance, and dependency scanning.
How to implement an AI Gateway using Azure API Management to centralize LLM access, enforce rate limits, allocate costs per team, and maintain compliance across enterprise AI workloads.
A 15-point security hardening checklist for Microsoft Entra ID covering conditional access, PIM, MFA, break-glass accounts, and token protection.
A detailed cost breakdown of running Kubernetes in production including hidden costs like platform teams, monitoring, security, and node overhead — with guidance on when simpler alternatives win.
A detailed feature comparison of GitHub Actions and Azure DevOps Pipelines in 2026, covering triggers, environments, security models, and a practical migration strategy with checklist.
Battle-tested Terraform practices for Azure at scale — state management, modules, policy-as-code, CI/CD, and drift detection.
A decision guide for API versioning in enterprise systems — comparing URL, header, and query strategies with deprecation policies and consumer-driven contract testing.
A practical guide to event-driven architecture on Azure — Event Grid, Service Bus, Event Hubs, CQRS, and saga patterns explained.
A structured decision framework for enterprise IT leaders choosing between building in-house, buying a product, or partnering with a consultancy — with scoring methodology and real-world scenarios.
Ten proven cloud cost optimization strategies that save enterprises 30% or more — from reserved instances to FinOps practices.
Practical guide to implementing Microsoft's six Responsible AI principles — fairness, reliability, privacy, inclusiveness, transparency, accountability — with Azure tools while maintaining development speed.
Learn the five most expensive cloud migration mistakes enterprises make and how to build a strategy that avoids them.
A comprehensive guide to privileged access management on Azure using Entra PIM, PIM for Groups, access reviews, emergency access accounts, and the tiered administration model.
Practical multi-region disaster recovery patterns for Azure with Bicep templates, RTO/RPO targets, and real cost analysis for active-active, active-passive, and pilot light architectures.
A practical technical guide to NIS2 compliance — mapping directive requirements to concrete IT controls, timelines, and action items.
A detailed walkthrough of how CC Conceptualise reduced an enterprise client's Azure spend by 40% through systematic discovery, quick wins, and architectural optimization.
Compare Microsoft Fabric, Databricks, and Synapse for your data lakehouse — with cost, governance, and architecture trade-offs.
An honest assessment of Gaia-X's current state and practical guidance for architects navigating European sovereign cloud requirements today.
Why a modular monolith offers the bounded-context benefits of microservices without the distributed-system tax — and when to extract services later.
How to build an internal developer platform with golden paths, self-service infra, and developer experience metrics that drive adoption.
How to discover shadow IT during post-merger integration — practical techniques using CASB, sign-in logs, and expense analysis to find undocumented systems and bring them under governance.
Step-by-step guide to Microsoft 365 tenant consolidation covering mail routing, SharePoint, Teams, and license optimization.
Enterprise prompt engineering patterns covering injection attacks, defense strategies, system prompt protection, audit logging, PII detection, and Azure Content Safety integration.
A practical guide to deploying passwordless authentication with Microsoft Entra ID, FIDO2 security keys, Windows Hello for Business, and Microsoft Authenticator passkeys.
An honest, compliance-first comparison of Azure and AWS for European enterprises covering data sovereignty, certifications, hybrid connectivity, identity, and total cost.
Four proven hybrid cloud architecture patterns for enterprises using Azure Arc, ExpressRoute, and hybrid identity.
A detailed comparison of Azure Reserved Instances, Savings Plans, and Spot VMs with pricing examples, decision frameworks, and commitment strategies for enterprise workloads.
A technical breakdown of EU AI Act requirements — risk classification, documentation, and conformity steps for engineering teams.
Step-by-step guide to implementing GitOps with Flux v2 on Azure Kubernetes Service — Helm, Kustomize, SOPS, and multi-cluster.
A decision framework for choosing between monorepo and multi-repo strategies in enterprise environments, covering tooling comparison, CI/CD implications, hybrid patterns, and practical migration guidance.
Practical lessons from consolidating five Azure AD tenants into one during an enterprise merger — including Entra ID sync, subscription moves, DNS challenges, and user communication.
A practical 90-day playbook for post-merger IT integration covering Day-1 readiness, identity, network, apps, and communication.
A practical guide to BSI C5 compliance on Azure — covering the C5 criteria catalogue, Azure's attestation scope, customer responsibilities, and audit preparation for German enterprises.
A practical compliance checklist mapping EU AI Act requirements — risk classification, transparency, human oversight, documentation — to Azure OpenAI features and enterprise controls.
An objective comparison of Microsoft Defender for Cloud against Wiz, Prisma Cloud, and Orca Security across coverage, multi-cloud support, CSPM depth, pricing, and integration.
Cloud, security, data, and AI notes from our Berlin practice — plus how we work with clients.
An honest comparison of Microsoft Fabric and Databricks for enterprise data platforms — covering compute models, pricing, governance, ML capabilities, and a structured decision framework.
A week-by-week enterprise playbook for migrating from AWS to Azure covering discovery, architecture mapping, identity, networking, data migration, application migration, and cutover.
How to architect a modern SOC with Microsoft Sentinel — data connectors, KQL analytics rules, SOAR automation, cost control, and alert fatigue reduction.
How to embed SAST, DAST, SCA, and container scanning into CI/CD without killing developer velocity.
A practical guide to implementing shift-left security in Azure DevOps without destroying developer velocity, covering pre-commit hooks, SAST, SCA, container scanning, DAST, and IaC scanning with developer experience optimization.
A practical migration guide from Angular to React for enterprise applications — incremental strategies, Module Federation for coexistence, and team transition planning.
A proven 4-phase approach to legacy application modernization — assessment, strangler fig, containerization, and data migration.
A structured 90-day plan for new CTOs — covering technical assessment, team evaluation, quick wins, and the first board presentation that establishes credibility.
A technical guide to implementing the Digital Operational Resilience Act (DORA) on Azure, covering ICT risk management, incident reporting, resilience testing, and third-party oversight.
Ten battle-tested Kubernetes best practices for production workloads covering RBAC, networking, observability, and GitOps.
A comprehensive 20-point security architecture review checklist covering identity, network, encryption, logging, incident response, backup, and more — with scoring methodology.