Microsoft Azure, M365
& cybersecurity
for your business
Microsoft Azure, Microsoft 365, Defender, Sentinel management and IT process automation. AVD, Teams Direct Routing, Linux servers, Intune, Zabbix monitoring. IT expert for companies in Slovakia and Czech Republic – Liptovský Mikuláš.
What I solve for business clients
From cloud infrastructure management through process automation to security and monitoring – comprehensive custom IT solutions.
Setting up and managing Azure tenants, optimizing and administering Azure environments. Virtual Machines, AKS, VNets, NSG, Entra ID, RBAC, policies and compliance. Multi-tenant solution architecture.
Exchange Online (mail flow, transport rules, connectors, anti-spam, DKIM/DMARC), SharePoint Online (classic→modern migration, permissions), OneDrive, Teams (policies, Teams Room), Purview compliance and license management.
PowerShell, Bash, Python, JavaScript, C# and other languages for IT process automation. Ansible playbooks, scheduled tasks, CI/CD pipelines. Reduction of manual tasks and error rates.
Design and implementation of AVD environments – host pools, scaling plans, FSLogix profiles, golden image management. Session monitoring via Function App with Managed Identity and Zabbix integration.
Teams Direct Routing implementation, SBC configuration, SIP trunk integration, call recording, dial plans and voice policies. TLS/SRTP, FQDN and certificates for production deployment.
Ubuntu, Debian, CentOS, Rocky Linux, AlmaLinux, SUSE, openSUSE, RHEL, Oracle Linux – installation, hardening, service management (nginx, Apache, Postfix, Gunicorn). Docker, certificates, VPN, systemd, firewalld/iptables.
Microsoft Defender stack (MDE, M365 Defender, Defender for Identity), Sentinel SIEM, Intune device compliance and config profiles for Windows and Android, Autopilot onboarding, 802.1X EAP-TLS with Cisco ISE. KQL threat hunting and incident response.
Windows Server administration – Active Directory, DNS, DHCP, Remote Desktop Services (RDS), GPO design and troubleshooting. Hybrid infra: Azure AD Hybrid Join, Entra Connect Sync, on-prem AD ↔ cloud. Migrations and conflict resolution.
Zabbix with custom templates and LLD discovery, LibreNMS for network devices, Smokeping for latency measurement, Grafana dashboards, Azure Monitor and Log Analytics. Proactive alerting, capacity planning and SLA reporting.
Development of Django/Flask/Node.js applications – admin dashboards, CRUD systems, REST API, OAuth2/SSO authentication, multi-tenant architecture. Inventory and device management portals, self-service tools, system integrations. Azure OpenAI, scraping, OCR.
SQL Server administration and migrations – RDS backend, backup and restore, query optimization, connection string management, auth configuration. Database integration into web applications and automation tools.
Technical implementation of NIS2, CIS Controls v8, ISO 27001 and GDPR. Gap analysis, system hardening per CIS Benchmarks, SIEM setup, access control configuration and documentation for auditors. Zero Trust architecture per NIST SP 800-207.
Deployment and configuration of open-source tools – Wazuh SIEM/XDR, Keycloak IAM, Proxmox virtualization, OPNsense firewall, Nextcloud, WireGuard VPN. Custom tailoring including custom rules, integrations and data migrations.
Long-term technical IT environment management based on SLA – monthly retainer, employee helpdesk, patch management, proactive monitoring. Incident response for security incidents and outages. Available remote and on-site.
Complete Azure & M365 management
From setting up a new tenant and licensing through infrastructure, AVD virtualization and serverless applications to cost optimization and governance.
🏢 New Tenant Setup & Configuration
- Microsoft 365 / Azure tenant registration from scratch
- Adding and verifying custom domain (DNS TXT/MX/CNAME)
- Global admin setup and break-glass emergency accounts
- Hybrid identity – Entra Connect Sync, Password Hash Sync
- Conditional Access policies from day one (MFA, compliant device)
- Privileged Identity Management (PIM) for admin roles
- Security defaults and security baseline initialization
- Emergency access accounts and monitoring of their usage
- DNS zones – MX, SPF, DKIM, DMARC, Autodiscover
- Azure Subscriptions and Management Groups initialization
- Tagging strategy and resource group hierarchy
- Azure DevOps / GitHub connection and first pipeline setup
🪪 M365 & Azure Licensing
- Selecting the right plan – Business Basic/Standard/Premium, E1/E3/E5
- CSP (Cloud Solution Provider) purchase and subscription management
- Bulk license assignment via groups (group-based licensing)
- Audit of inactive users and unused licenses
- License optimization – savings via downgrade / consolidation
- Add-ons: Defender, Purview, EMS, Teams Phone, Audio Conferencing
- Consumption monitoring, alerting when limits are reached
🖥️ AVD & Intune Endpoint Management
- AVD host pool architecture – Pooled vs Personal, FSLogix profiles
- Session Host VM sizing, scaling plans, golden image management
- Intune – enrollment Windows, Android Enterprise, iOS/iPadOS
- Autopilot – zero-touch deployment, retroactive onboarding
- Compliance policies – conditions for Conditional Access
- Config profiles – WiFi, VPN, restrictions, certificates
- App deployment – required, available, Win32 apps
- Dynamic device groups, hybrid vs cloud-only join
- Troubleshooting – policy apply issues, device sync, enrollment errors
🏗️ Infrastructure & Compute
- Virtual Machines – deploy, sizing, availability sets, scale sets
- Azure Kubernetes Service (AKS) – deployment and management
- Virtual Networks, Subnets, NSG, VNet peering, UDR
- Azure Bastion, VPN Gateway, ExpressRoute
- Load Balancer, Application Gateway, Azure Front Door
- Azure Storage – Blob, Files, Table, Queue, lifecycle policies
- Azure Backup & Site Recovery for DR scenarios
🔐 Entra ID & Identity
- Entra ID – users, groups, roles, SSO, Conditional Access policies
- Identity Protection – risky users, sign-in risk, automatic remediation
- App registrations & Enterprise Apps – OAuth2, OIDC, SAML
- Hybrid join / Azure AD Join, seamless SSO, PRT
- RBAC – built-in roles, custom definitions, scope management
- PIM – just-in-time privileged access, access reviews
- External access – B2B guests, cross-tenant collaboration
- Token lifetime, session policies, Continuous Access Evaluation
- Azure Key Vault – secrets, keys, certificates, Managed Identity
- Sign-in & audit logs – export, analysis, compliance
⚡ Function App & Logic App
- Azure Functions – HTTP trigger, timer, Event Grid, Service Bus
- Durable Functions for multi-step workflow orchestration
- Logic Apps – low-code automation, 400+ connectors
- M365, SharePoint, Teams notifications, Outlook integration
- Managed Identity – passwordless access to Storage, Key Vault, Graph
- Custom API connectors and webhook integrations
- Monitoring via Application Insights and Log Analytics
📬 M365 & Communication Services
- Exchange Online – mail flow, routing, connectors, transport rules
- SharePoint Online – sites, permissions, classic→modern migration
- OneDrive – sharing policies, sync, incidents
- Teams Phone – Direct Routing, dial plans, voice policies, Teams Room
- Compliance – DLP policies, eDiscovery, retention policies, Purview
- Anti-spam, Safe Links, Safe Attachments (Defender for O365)
- Service health monitoring, Message Center, Admin Center
- Azure Email Communication Services – transactional API sending
🏛️ Management & Governance
- Azure Policy – enforce tags, allowed regions, SKU restrictions
- Management Groups and Subscription hierarchy
- Azure Landing Zones – best-practice baseline architecture
- Compliance standards – ISO 27001, GDPR, SOC 2 in Defender for Cloud
- Resource locks for production environments
- Regular Advisor review and implementation of recommendations
- Azure DevOps Repos, Pipelines and access management
🤖 AI & Advanced Services
- Azure OpenAI Service – GPT-4o, embeddings, fine-tuning
- Cognitive Services – Computer Vision, Form Recognizer, OCR
- Azure SQL / Cosmos DB – management and optimization
- Azure Container Apps for microservices architectures
- Event Hub and Service Bus for event-driven systems
- API Management (APIM) – gateway, throttling, OAuth
💰 Cost Optimization & Resource Savings
- Reserved Instances and Savings Plans for predictable workloads
- Azure Hybrid Benefit – Windows Server and SQL Server licenses
- Spot VMs for batch and dev/test workloads
- Right-sizing VMs and storage tiers via Advisor
- Auto-shutdown policies for dev/test environments
- Storage lifecycle policies – Hot→Cool→Cold→Archive
- Audit orphaned resources – unused disks, public IPs, NSGs
- Autoscaling for compute and AVD host pools
- Tagging strategy for cost allocation by project
- Azure Cost Analysis dashboards and budget alerting
- Spending limits and departmental subscription separation
- Regular cost review and management reporting
IT process automation
I replace repetitive manual tasks with scripts and pipelines. Fewer errors, more time for real work.
Bulk operations on mailboxes, licenses, groups. Azure resource management via Az module. Reporting and data export to CSV/Excel. Purview compliance scripts.
Where-Object {$_.AccountDisabled -eq $true} |
Set-Mailbox -HiddenFromAddressListsEnabled $true
Azure Function Apps with HTTP and timer triggers. BeautifulSoup scraping, OCR document processing. REST API clients, Django/Flask web applications, Azure OpenAI integrations.
from azure.identity import ManagedIdentityCredential
app = func.FunctionApp()
@app.function_name("MonitorAVD")
@app.timer_trigger(schedule="0 */5 * * * *")
Node.js scripts for REST API call automation, Azure Functions in JS/TS runtime. Teams Incoming Webhook notifications, external system integrations, web scraping with Puppeteer.
app.http('notifyTeams', {
methods: ['POST'],
handler: async (req) => {
await sendTeamsCard(await req.json());
}
});
.NET 8 enterprise tools – Microsoft Graph SDK, Azure SDK for .NET. Windows Service for local monitoring agents, Managed Identity authentication, report export to Excel/SharePoint.
var graph = new GraphServiceClient(cred,
new[]{"https://graph.microsoft.com/.default"});
var users = await graph.Users.GetAsync(
r => r.Filter = "accountEnabled eq false");
Deploy script for 802.1X EAP-TLS on Ubuntu kiosk stations. Automatic certificate renewal with a 42-day threshold, wpa_supplicant config, systemd integration.
if [ "$DAYS_LEFT" -lt 42 ]; then
echo "Renewing certificate..."
/usr/local/bin/request-cert.sh
fi
Low-level system tools – custom SIP/UDP utilities, monitoring agents for embedded hardware, binary protocol parsing, performance-critical infrastructure components.
struct sockaddr_in dst = {AF_INET};
dst.sin_port = htons(5060);
inet_pton(AF_INET, sbc_ip, &dst.sin_addr);
sendto(sock, opts, len, 0,
(struct sockaddr*)&dst, sizeof(dst));
Lua scripting for OpenResty/nginx middleware – JWT validation, rate limiting, dynamic routing. Embedded scripting engine in C/C++ projects, configuration logic for network devices.
local jwt = require("resty.jwt")
local tok = ngx.var.http_authorization
local obj = jwt:verify(secret, tok)
if not obj.verified then
return ngx.exit(401)
end
Playbooks for automated Ubuntu server deployment. Swapfile, firewall, nginx, certificates, systemd services – idempotently and repeatably. Ansible Vault for secrets management.
command: fallocate -l 2G /swapfile
when: ansible_swaptotal_mb < 1
- name: Enable swap
command: swapon /swapfile
PowerShell scripts for Microsoft Purview Compliance – content search, HardDelete purge actions, FolderId Base64/Hex conversion for targeted mailbox cleanup.
-Purge -PurgeType HardDelete
# FolderId: Base64 → Hex conversion
[BitConverter]::ToString([Convert]::
FromBase64String($folderId))
Kusto Query Language for Microsoft Sentinel and M365 Defender – custom detection rules, threat hunting, sign-in log analysis, device inventory queries, cross-table correlations and incident timeline reconstruction.
| where ActionType == "PowerShellCommand"
| where InitiatingProcessCommandLine
contains "-EncodedCommand"
| project Timestamp, DeviceName,
InitiatingProcessCommandLine
Microsoft Graph API for user/group/device sync and connection to external systems. Snipe-IT integration with Intune for asset management. REST API, OAuth2 auth flows, webhook connections, jq for JSON parsing.
$uri = "https://graph.microsoft.com/v1.0/
deviceManagement/managedDevices?
$filter=complianceState eq 'noncompliant'"
Invoke-MgGraphRequest -Uri $uri
GitHub Actions / Azure DevOps pipelines for automatic web application deployment. Nginx + Gunicorn configuration, SSL certificates, zero-downtime deployment.
Description=Django Gunicorn service
After=network.target
[Service]
User=citymenu
ExecStart=/home/citymenu/venv/bin/
gunicorn --workers 3 app.wsgi
AI implementation & LLM integrations
Practical AI implementation into business processes — from RAG chatbots and agentic systems through OCR and document intelligence to Azure OpenAI, Claude and open-source models. No buzzwords, only real results.
Company chatbot with access to internal documents, SharePoint, Confluence, PDF manuals. Vector databases (Azure AI Search, Qdrant, pgvector), chunking strategies, reranking, hybrid search. The model doesn't answer from training — it answers from your data.
Agentic systems that plan, decide and execute steps without constant human input. Tool calling, function calling, ReAct patterns. Integration with Azure Functions, REST API, databases, email and Teams. Multi-agent orchestration with LangGraph and AutoGen.
Automated processing of invoices, contracts, forms and scans. Azure Document Intelligence (Form Recognizer), Tesseract OCR, multimodal models for image and table analysis in PDFs. Structured data extraction, validation, storage in ERP/database.
For organizations that cannot send data to the cloud — local LLM deployment via Ollama or LM Studio on company servers. GPU and CPU inference, models Mistral, Llama, Phi, Gemma. Full data control, no cloud dependency.
Replacing manual decision-making processes with AI logic — ticket classification, message and email summarization, report generation, anomaly detection in logs, predictive alerting. Integration into Power Automate, Logic Apps or custom Python pipelines.
AI-assisted threat hunting in KQL over Sentinel logs, automatic alert triage, NLP analysis of phishing emails, anomaly detection in login behavior. Microsoft Security Copilot integration and custom AI tools over Defender datasets.
🔧 What I work with – Models & Platforms
Chatbot that answers employee questions based on internal guidelines, IT documentation and HR manuals. RAG over SharePoint Online, authentication via Entra ID, audit logs of answers.
AI classifies incoming helpdesk requests, assigns priority and category, generates a solution proposal and routes the ticket to the right technician. Integration via REST API into Jira, ServiceNow or custom system.
Invoices from email or SharePoint are processed by an AI pipeline — OCR, structured extraction (vendor, amount, dates, items), validation and storage in ERP system. No manual re-entry.
Sentinel alerts are automatically analyzed by AI — determining severity, context, false positive probability and proposing next steps. Reduced alert fatigue and faster incident response for the SOC team.
Weekly/monthly IT reports generated automatically from Azure Monitor, Zabbix and Sentinel data. AI summarizes infrastructure status, incidents and capacity trends into a readable PDF for management.
Web chatbot with RAG over product documentation, automatic translation (SK/CZ/EN/DE), escalation to a live operator and conversation logging. Deployment on web and Teams/Slack.
Users ask about data in natural language — AI translates the question into SQL or KQL query, runs it and returns the result. Access to company data without needing to know the database language.
Automatic code review in CI/CD pipeline — AI checks security, quality and conventions. Generating API documentation, release notes and comments directly from code. Integration into Azure DevOps / GitHub Actions.
🗺️ How AI implementation works – from idea to production
Identifying processes suitable for AI, defining success metrics, estimating ROI. Where AI saves time and where it would complicate things.
Quick prototype on real data. Verifying technical feasibility, model selection, testing answer quality before a larger investment.
Production development — API integrations, vector database, authentication, error handling, token and cost monitoring, CI/CD pipeline.
Automated answer quality tests (RAG evaluation), prompt injection tests, red-teaming, GDPR and data sovereignty check.
Production deployment on Azure, latency monitoring, token consumption and cost tracking. Application Insights, alerting on anomalies, prompt versioning.
Feedback loop from real usage, prompt engineering, fine-tuning, RAG knowledge base updates and model upgrades when new versions are released.
⚖️ Cloud AI vs. On-Premise – how to choose?
- Azure OpenAI: most powerful models, Microsoft compliance (GDPR, EU data boundary), audit logs, RBAC
- Anthropic Claude API: excellent for long contexts, document analysis and safe tasks
- Ollama / local LLM: sensitive data stays on company server, no tokens, full control
- Hybrid approach: sensitive data local, generic tasks in cloud – best price/performance ratio
- Azure AI Foundry: unified place for model management, prompt flow, evaluations and deployment
- Fine-tuning: for specialized domain tasks where generic models are insufficient
🔒 Security & Compliance in AI
- Azure OpenAI EU Data Boundary – data doesn't leave the EU, GDPR compliance
- Private Endpoints – OpenAI API accessible only via private network, no internet
- Managed Identity for authentication – no API keys stored in code
- Azure Key Vault for secure storage of API keys and secrets
- Prompt injection protection – input validation, system prompt hardening
- Content filtering – Azure OpenAI built-in content moderation and custom blocklists
- Audit logging – every AI call logged to Log Analytics for compliance
- Role-based access – who has access to which AI endpoint and with what limits
Do you have a specific AI use case for your business?
Free consultation — together we'll evaluate whether and how AI solves your problem, which model and architecture makes sense and what it will cost.
Proactive infrastructure monitoring
We detect problems before customers notice them. Zabbix, Azure Monitor and custom solutions for a comprehensive overview of system health.
Servers & VM – Zabbix
CPU, RAM, disk I/O, network throughput. Zabbix agents on Windows and Linux. Custom templates for specific applications, Low-Level Discovery (LLD) for automatic discovery of network interfaces, disks, services and processes. Alerting when thresholds are exceeded.
Network & Latency – LibreNMS, Smokeping
LibreNMS – autodiscovery of network devices, SNMP polling, inventory and performance graphing of switches, routers and servers. Smokeping – long-term latency and packet loss measurement on all key links. Grafana dashboards over LibreNMS and Zabbix data for a unified overview.
Dashboards & Visualization – Grafana
Grafana dashboards for metric visualization from Zabbix, LibreNMS, Azure Monitor and Prometheus. Custom panels for capacity planning, SLA reporting and management overview. Alerting directly from Grafana to email, Teams or Slack.
Azure Virtual Desktop & Cloud
AVD session host monitoring via Azure Function App with Managed Identity. Number of active sessions, host availability, scaling state. Azure Monitor, Log Analytics workspace, Application Insights for Function Apps and web applications.
VoIP & Direct Routing
Teams Direct Routing monitoring – SIP trunk availability, active calls, call quality metrics. Integration with Azure Monitor and alerting on SBC outage or call quality degradation.
Security & Compliance
Defender for Endpoint alerting, Intune compliance reports, 802.1X authentication, failed login monitoring, certificate expiration with automatic renewal. Microsoft Sentinel for SIEM and incident response.
Defender stack, Sentinel & KQL
Complete Microsoft security stack – from endpoint protection through SIEM to proactive threat hunting. Incident response, detection engineering and identity hardening.
🛡️ Microsoft Defender Stack
- Defender for Endpoint (MDE) – onboarding, alerting, investigations
- M365 Defender – unified incident view, cross-workload correlation
- Defender for Identity – user behavior, lateral movement detection
- Defender for Office 365 – Safe Links, Safe Attachments, anti-phishing
- Attack Surface Reduction (ASR) rules – audit, enforce, exceptions
- Device onboarding – scripts, GPO, Intune policy, manual deploy
- Live Response – remote investigation of compromised devices
🔭 Microsoft Sentinel (SIEM)
- Log ingestion – Defender, Entra ID, M365, CEF/Syslog custom sources
- Data connectors – Office 365, Azure AD, Defender suite, 3rd party
- Analytics rules – scheduled queries, Fusion detection, NRT rules
- Threat hunting – proactive KQL queries over historical data
- Workbooks – custom security dashboards and SOC reporting
- Playbooks (Logic Apps) – automated incident response
- UEBA – user and entity behavior analytics, anomaly detection
🔍 KQL & Advanced Hunting
- Advanced Hunting via M365 Defender and Sentinel
- Device queries – why a device is not visible, hardware profile
- User activity – logins, actions, behavioral anomalies
- Alert investigation – root cause, incident timeline reconstruction
- Sign-in log analysis – risky sign-ins, impossible travel, token theft
- Custom detection rules – custom alerting rules over logs
- Cross-table joins – correlation across Defender, Entra ID and M365 logs
🔐 Hardening & Identity Security
- Conditional Access policies – MFA, compliant device, location, sign-in risk
- Blocking legacy authentication (Basic Auth, NTLM, older clients)
- Entra ID Protection – risky users and sign-ins, automatic remediation
- Privileged Identity Management (PIM) – JIT admin access
- Least privilege – RBAC design, custom roles, access reviews
- Passwordless authentication (FIDO2, Windows Hello for Business)
- Unified Audit Log – export, analysis, compliance and forensics reporting
Security standards implementation
NIS2, CIS Controls, ISO 27001, GDPR and cybersecurity legislation – I help companies understand requirements, close gaps and achieve regulatory compliance.
Compliance analysis with NIS2 directive and Slovak cybersecurity act requirements. Gap analysis, asset classification, risk assessment, security measure configuration and documentation for auditors. Technical implementation of measures – SIEM, EDR, access control, backup, patch management.
- Determining subject category (essential / important service)
- Gap analysis against §20–§22 security measures
- Inventory and classification of information assets
- Risk assessment and risk treatment plan
- Security policy, recovery plan, incident management
- Technical implementation – SIEM, EDR, IAM, encryption, backups
- Preparation for NBÚ audit and documentation package
Implementation of CIS Controls v8 (18 control groups) including prioritized implementation groups (IG1–IG3). System hardening per CIS Benchmarks for Windows Server, Linux, Microsoft 365 and Azure. Baseline configuration audit and remediation plan.
- CIS Controls IG1–IG3 – prioritized implementation by company size
- CIS Benchmark – Windows Server 2019/2022 hardening and audit
- CIS Benchmark – Ubuntu/RHEL/Debian Linux hardening
- CIS Benchmark – Microsoft 365 & Azure Foundations
- CIS-CAT Pro scanning and gap report
- Automated compliance checking via PowerShell / Ansible
- Continuous monitoring of baseline deviations (Defender for Cloud)
Technical support for ISO 27001 certification preparation. ISMS scope definition, risk analysis (ISO 27005), selection and implementation of controls from Annex A (ISO 27002). Preparation of mandatory documentation and cooperation during internal audit.
- ISMS scope definition and organizational context
- Risk analysis per ISO 27005 – assets, threats, vulnerabilities
- Statement of Applicability
- Technical control implementation – IAM, encryption, logging, monitoring
- Access management, network segmentation, patch management
- Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)
- Documentation preparation and audit cooperation
Technical measures for personal data protection per GDPR – encryption, pseudonymization, access control, logging, backup and data retention policy. DLP policy implementation in Microsoft Purview.
- Encryption of personal data at rest and in transit
- Access control – principle of least privilege, RBAC, audit trail
- Microsoft Purview DLP – detection and protection of personal data in M365
- Retention policies, automatic deletion, eDiscovery
- Logging of personal data access and alerting
- Privacy by Design – integration of protection during application development
- Consent management, data subject rights in systems
Implementation of Zero Trust principles in a Microsoft environment – identity-centric access control, network microsegmentation, verification of every access without implicit trust. Practical implementation via Entra ID, Intune and Microsoft Defender.
- Identity pillar – MFA, Conditional Access, PIM, Passwordless
- Device pillar – Intune compliance, Autopilot, device health state
- Network pillar – microsegmentation, NSG, Azure Firewall, Private Endpoints
- Application pillar – MCAS/Defender for Cloud Apps, session policies
- Data pillar – Purview, DLP, Information Protection, encryption
- Visibility – Sentinel SIEM, Log Analytics, Defender XDR
- Microsoft Zero Trust Rapid Modernization Plan (RaMP) implementation
Technical support for compliance with other regulations and standards by industry – financial sector (DORA), healthcare, public administration. Implementation and configuration of tools in line with specific standard requirements.
- DORA (Digital Operational Resilience Act) – ICT risk, resilience testing
- SOC 2 Type II – security controls and monitoring
- PCI DSS – segmentation, encryption, logging for payment card processing
- HIPAA / HL7 FHIR – healthcare data protection (technical side)
- Defender for Cloud – Regulatory Compliance dashboard and automated audit
- Azure Policy – guardrails for continuous compliance
- Report exports for auditors, CISO and supervisory bodies
Teams Direct Routing – business telephony
Teams Direct Routing implementation for full-featured business telephony via Microsoft Teams. SBC configuration, SIP trunk integration, dial plans and production deployment with TLS/SRTP.
📡 Direct Routing – setup & configuration
- SBC (Session Border Controller) – certified HW or VM on Azure
- FQDN configuration – sbc.domain.com with valid TLS certificate
- TLS port 5061 for Teams, SIP trunk routing to PSTN carrier
- SRTP – encrypted media transport for production environments
- Online Voice Routing Policies and PSTN Usage records
- Phone System license and number assignment to users
- Testing and diagnostics via Teams Admin Center SBC logs
🎛️ Dial Plans, Voice Policies & Monitoring
- Normalization rules and dial plan for local number formats
- Call Queues and Auto Attendants for business lines
- Emergency calling policies and E911 configuration
- Call recording – compliance recording or custom solution
- SBC availability and call quality metric monitoring (Azure Monitor)
- SIP signaling troubleshooting – SIP traces, pcap analysis
- Migration from legacy PBX systems to Teams Phone
🏗️ SBC & Infrastructure
- Certified SBC (Audiocodes, Ribbon, Oracle, Cisco CUBE)
- Azure VM deployment with public IP, NSG and FQDN
- DigiCert / Sectigo certificate for production domain
- HA (High Availability) – dual SBC failover configuration
- SIP trunk provider integration – IP authentication, trunk groups
- Firewall rules – Microsoft SIP ranges, media ports (3478, 50000-50019)
🔗 Integrations & Extensions
- Teams Phone Mobile – dual SIM, simultaneous ringing
- Teams Rooms – conference rooms with direct calling
- Azure Communication Services for custom calling in applications
- Power Automate / Logic Apps flow after call completion
- CRM integrations – click-to-call, automatic call logging
- Teams Admin Center – reporting and call quality analysis (CQD)
Open-Source implementation & custom tailoring
I deploy, configure and customize proven open-source tools to the specific needs of each customer. A cheaper alternative to commercial solutions without compromising on quality.
Open-source alternatives to expensive commercial SIEM and XDR systems. Wazuh as a full-featured SIEM/XDR with agents for Windows and Linux, integration with existing logs and real-time alerting. Suricata/Zeek as network IDS/IPS.
- Wazuh – installation, agents, detection rules, dashboards
- Suricata IDS/IPS – deployment, rule tuning (Emerging Threats)
- OSSEC – host-based intrusion detection, log analysis
- OpenVAS / Greenbone – vulnerability scanning and reporting
- TheHive + Cortex – incident management and response automation
Open-source IAM systems for identity management, SSO and MFA in environments without M365. Keycloak as a full-featured identity provider with OIDC, SAML 2.0 and LDAP support. Integration with existing Active Directory.
- Keycloak – installation, realm configuration, clients, federation
- OIDC / SAML 2.0 – SSO for internal applications and web portals
- LDAP / AD integration – user sync and federation with existing directories
- 2FA / TOTP – Google Authenticator, FIDO2 hardware tokens
- OpenLDAP – lightweight directory for smaller environments
Open-source network solutions for SMB and enterprise environments. OPNsense / pfSense as a full-featured firewall with IDS/IPS, HAProxy load balancer and WireGuard/OpenVPN for secure remote access.
- OPNsense / pfSense – installation, firewall rules, VLAN, NAT
- Suricata IDS/IPS integration with OPNsense
- WireGuard – fast and modern site-to-site and road-warrior VPN
- OpenVPN – client certificates, PKI, multi-factor auth
- HAProxy – load balancing, SSL termination, health checks
- Unbound DNS Resolver – local DNS caching and DNSSEC
Proxmox VE as an open-source alternative to VMware/Hyper-V for VM and LXC container deployment. Docker and Docker Compose for application deployment, Portainer for visual container management.
- Proxmox VE – installation, VM/LXC provisioning, clustering, migration
- Ceph storage – distributed storage for Proxmox cluster
- Docker / Docker Compose – containerization of applications and backends
- Portainer – visual management of Docker environments
- KVM / QEMU – low-level virtualization on Linux
- Backup – Proxmox Backup Server, remote backups
Open-source alternatives to SharePoint/OneDrive for companies without M365. Nextcloud as a comprehensive platform for file sharing, calendars, contacts and group collaboration with LDAP/AD integration.
- Nextcloud – installation, configuration, LDAP sync, performance tuning
- OnlyOffice / Collabora – online Office document editing in Nextcloud
- Samba – Windows-compatible file sharing, AD integration
- Mattermost – open-source Teams-like communication platform
- Gitea / GitLab CE – git repositories, code review, CI/CD
- Passbolt / Vaultwarden – team password manager
An open-source solution is never "out of the box" – every environment has specific requirements. I customize configuration, write plugins, custom modules and integrate open-source tools with existing customer systems.
- Custom Wazuh detection rules for specific environmental threats
- Nextcloud custom apps and integrations with internal systems
- Keycloak custom identity providers, attribute mapping, custom themes
- Custom Grafana dashboards – datasources, alerting, annotations
- Zabbix templates for proprietary HW / specific applications
- REST API integrations of open-source tools with cloud services
- Data migration from commercial to open-source platforms
Web tools, admin portals & integrations
Development of custom internal tools and portals – from simple admin dashboards through inventory systems to event-driven automation applications.
🌐 Web Applications & REST API
- Full-stack web apps (Django, Flask, Node.js)
- REST API design – endpoints, authentication, rate limiting
- CRUD systems for users, devices, assets
- OAuth2 / SSO integration (Entra ID, Graph API)
- Multi-tenant architecture for multiple organizations
- Session management, token authentication
- Production deployment nginx + Gunicorn + SSL
🖥️ Admin Portals & Dashboards
- Administration interfaces for user and device management
- RBAC – roles, permissions, audit trail of who did what
- Reporting and exports (CSV, JSON, PDF)
- Real-time service and device status monitoring
- Inventory systems (asset management, device tracking)
- Integration with Intune, Graph API, Snipe-IT
- Alerting and health-check dashboards
⚙️ Automation Apps & Self-service
- Schedulers – cron jobs, job runner, task orchestration
- Event-driven processing – webhook reception, data transformation
- Self-service portals – user request → automatic action
- Onboarding / provisioning tools
- Scripting GUI – wrapper on PowerShell/Bash for non-technical admins
- Kiosk management systems, agent-based telemetry
- Unattended jobs with SAS token and API authentication
🔗 Integrations & Middleware
- Microsoft Graph API – user, group, device sync
- Sync between systems (identity, devices, assets)
- API gateway / proxy – routing, throttling, auth
- Webhook processing and event-driven architectures
- Data transformations – JSON → other format, data pipelines
- SIEM connectors (Sentinel data connectors)
- Retry mechanisms, structured logging, request tracing
Ongoing support, management & helpdesk
Not just a one-time implementation – I offer long-term technical management, proactive support and helpdesk for your IT environment. Availability and fast response when you need it most.
One-time help with a specific problem or project. No long-term commitment – you pay for actual time worked. Ideal for smaller companies or a one-time solution to an occasional problem.
Regular monthly management of your IT environment – fixed number of hours for management, monitoring, patches, user support and proactive maintenance. Reserved capacity with priority SLA. Suitable for companies with 10–100 users.
IT helpdesk for your IT team or directly for employees – resolving technical issues with workstations, access, email, M365 applications. Ticketing system, SLA tracking, escalation.
Fast response to a security incident, production environment outage or disaster. Immediate analysis, isolation and system recovery. Forensic analysis after the incident and prevention recommendations.
Quarterly or semi-annual review of your environment's security posture – checking Conditional Access policies, Defender alerts, device compliance status, licenses, backups and patch level. Output: written report with prioritized recommendations.
Tech stack & tools
Proven technologies I work with daily in production environments.
Microsoft Cloud – Azure
Microsoft 365 & Endpoint
Security & SIEM
Windows Server & Hybrid
Linux & Servers
Programming languages
DevOps & Automation
Monitoring & Observability
Network & Security
AWS (basics)
Specialized systems
Open-Source Security
Open-Source Infrastructure
Standards & Compliance
Cloud admin, security engineer & automation guy
A combination of cloud admin, security admin and automation engineer with a deep focus on Microsoft Azure, M365 and the Defender stack. I work in production environments – not in a test lab.
I don't click, I script. PowerShell, Python, KQL, Bash, C#, JavaScript – the right tool for the job. Hybrid infra troubleshooter: on-prem AD + Azure, Windows Server + Linux fleet, Intune + Cisco ISE.
I have experience with security incidents (Defender alerts, Sentinel SIEM), migrations (SharePoint, DB, device onboarding), bulk operation automation and development of internal admin tools. Based in Liptovský Mikuláš, also working remotely throughout Slovakia and Czech Republic.
📍 Liptovský Mikuláš, Liptov region, Slovakia
In person: Liptov, Poprad, Ružomberok, Banská Bystrica
Remotely: all of Slovakia & Czech Republic
Get in touch
Facing an IT challenge or looking for an Azure environment administrator? I'd be happy to take a look at your case.
Free consultation. Describe your situation and I'll respond within 24 hours.