A mix of M365 consulting work, homelab builds, and automation scripts. Each project is documented with the real decisions and problems along the way.
A complete nine-policy Conditional Access stack designed for SMBs on M365 Business Premium. MFA enforcement, device compliance, legacy auth blocked, and risk-based policies. Built to be set once with minimal ongoing maintenance.
Took a neglected M365 Business Premium tenant from 34% to 81% Secure Score across four phases. Every action documented with the reasoning behind each decision, including what was skipped and why.
Built a custom PC from scratch, hand-picking every component to balance performance, aesthetics, and future upgradability. Covers hardware compatibility, thermal management, and system performance tuning.
Repurposed a mini Dell OptiPlex into a Proxmox hypervisor hosting a Minecraft server, Pi-hole, and Wazuh SIEM. Deepened knowledge of Linux CLI, virtualisation, and self-hosted service management.
Built a Security Operations Centre on Proxmox using Wazuh for host-based intrusion detection and Elastic for log aggregation. 9 agents, 40,000 events per day, custom detection rules mapped to MITRE ATT&CK.
A complete walkthrough of locking down a Microsoft 365 tenant from scratch. SPF, DKIM, DMARC, Conditional Access, BitLocker, DLP, sensitivity labels, and audit logging. 40+ controls, all documented with licence requirements.
PowerShell script that authenticates to the Microsoft Graph API, pulls all Intune device compliance data, builds a formatted HTML report, and emails it to stakeholders automatically each morning. Zero manual effort, £0 additional cost.
Full documented migration for a 35-user business: Gmail to Exchange, Google Drive to SharePoint, Calendar and Contacts. Weekend cutover with zero email loss. Real decisions, real problems documented.
One PowerShell command handles the full M365 offboarding process. Blocks sign-in, revokes sessions, removes licences, converts the mailbox, sets forwarding and out-of-office, and retires the Intune device. Full audit log generated.
PowerShell script that pulls Secure Score, risky sign-in count, MFA registration coverage, and non-compliant devices from the Graph API and emails a formatted HTML report to management on the 1st of each month.