<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>GenioCT Engineering Blog</title><description>Insights on Azure architecture, cloud security, Infrastructure as Code, and AI.</description><link>https://genioct.lu/</link><item><title>DORA&apos;s Register of Information: What Your Azure Platform Has to Prove</title><link>https://genioct.lu/en/blog/dora-register-of-information-azure/</link><guid isPermaLink="true">https://genioct.lu/en/blog/dora-register-of-information-azure/</guid><description>The DORA register of information looks like a compliance spreadsheet. Filling it in honestly is an Azure architecture exercise: inventory, data locations, subcontracting chains, exit strategy. Here is what the CSSF actually expects.</description><pubDate>Sun, 05 Jul 2026 00:00:00 GMT</pubDate></item><item><title>The Missing Layer Between Cloud Architecture and Audit Evidence</title><link>https://genioct.lu/en/blog/platform-architecture-audit-evidence/</link><guid isPermaLink="true">https://genioct.lu/en/blog/platform-architecture-audit-evidence/</guid><description>A technically correct landing zone can still fall apart the first time someone asks &apos;show me.&apos; Why the trail from business risk to control to proof belongs inside the architecture, not bolted on the week before an audit.</description><pubDate>Thu, 25 Jun 2026 00:00:00 GMT</pubDate></item><item><title>APIM v2 Migration Playbook: Moving from Classic to Standard v2 or Premium v2</title><link>https://genioct.lu/en/blog/azure-apim-v2-migration-playbook/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-apim-v2-migration-playbook/</guid><description>A field playbook for migrating Azure API Management from classic Developer, Standard, or Premium to the v2 tiers: what carries over, what breaks, how to preserve subscription keys, the order to run the cutover in, and when staying on classic is the right call.</description><pubDate>Fri, 12 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Azure Container Apps Express in 2026 and Where Its Preview Gap Still Sends You Back</title><link>https://genioct.lu/en/blog/azure-container-apps-express-2026-preview-gap/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-container-apps-express-2026-preview-gap/</guid><description>Azure Container Apps Express hit public preview at Build 2026 with subsecond cold starts and no environment to provision. The preview feature gap is large, and so is the region constraint. Here is what Express actually changes inside the ACA family, and where it still sends you back to a standard environment.</description><pubDate>Tue, 09 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Cloud Sovereignty in 2026 and Why It Is a Workload Classification Problem</title><link>https://genioct.lu/en/blog/cloud-sovereignty-2026-workload-classification/</link><guid isPermaLink="true">https://genioct.lu/en/blog/cloud-sovereignty-2026-workload-classification/</guid><description>Cloud sovereignty in 2026 means SEAL levels and 48 EU procurement criteria beyond region selection. The architect&apos;s job is workload classification across five distinct concerns.</description><pubDate>Thu, 04 Jun 2026 00:00:00 GMT</pubDate></item><item><title>AKS in 2026 and When It Still Wins</title><link>https://genioct.lu/en/blog/aks-2026-what-changed-when-it-still-wins/</link><guid isPermaLink="true">https://genioct.lu/en/blog/aks-2026-what-changed-when-it-still-wins/</guid><description>AKS has matured beyond recognition since its 2018 GA. Automatic upgrades, Workload Identity, Cilium, managed observability, and the new AKS Automatic tier have changed the operational picture. Here is when AKS is still the right call and when simpler platforms do the job better.</description><pubDate>Sun, 24 May 2026 00:00:00 GMT</pubDate></item><item><title>The DNS Problems That Break Your Private Link Connectivity</title><link>https://genioct.lu/en/blog/azure-private-link-dns-failure-modes/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-private-link-dns-failure-modes/</guid><description>Private Link is easy to deploy. Getting DNS right across hub-spoke, hybrid, and multi-subscription environments is where it breaks. Seven failure modes.</description><pubDate>Sat, 02 May 2026 00:00:00 GMT</pubDate></item><item><title>NIS2 Belgium After 18 April: From Basic Readiness to Continuous Azure Evidence</title><link>https://genioct.lu/en/blog/nis2-belgium-after-basic-azure-evidence/</link><guid isPermaLink="true">https://genioct.lu/en/blog/nis2-belgium-after-basic-azure-evidence/</guid><description>The 18 April 2026 NIS2 checkpoint has passed for Belgian essential entities. The next challenge for Azure-heavy organisations is continuous evidence rather than another readiness questionnaire.</description><pubDate>Sat, 02 May 2026 00:00:00 GMT</pubDate></item><item><title>Your Service Principals Are a Bigger Blast Radius Than Your VMs</title><link>https://genioct.lu/en/blog/service-principals-bigger-blast-radius-than-vms/</link><guid isPermaLink="true">https://genioct.lu/en/blog/service-principals-bigger-blast-radius-than-vms/</guid><description>In most Azure tenants, real exposure is a forgotten service principal with Owner scope, an expired secret, no human owner. Four risk patterns mapped to NIS2.</description><pubDate>Wed, 29 Apr 2026 00:00:00 GMT</pubDate></item><item><title>Azure Front Door in 2026 and the Standard vs Premium Decision</title><link>https://genioct.lu/en/blog/azure-front-door-2026-standard-premium-decision/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-front-door-2026-standard-premium-decision/</guid><description>Front Door Standard vs Premium, Private Link to origin, the App Gateway overlap question, and what changed since Microsoft stopped new classic profiles. The enterprise decision guide.</description><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate></item><item><title>How to Prepare for an NIS2 Audit on Azure in 12 Weeks</title><link>https://genioct.lu/en/blog/nis2-audit-readiness-azure-12-week-checklist/</link><guid isPermaLink="true">https://genioct.lu/en/blog/nis2-audit-readiness-azure-12-week-checklist/</guid><description>The 12-week NIS2 readiness plan we run with Azure clients. Article 21 mapping, gap closure, evidence assembly, and pre-audit dry run, week by week, with the Azure controls and pitfalls at each stage.</description><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate></item><item><title>When Azure Functions Can Replace Entra Application Proxy and When They Cannot</title><link>https://genioct.lu/en/blog/serverless-entra-application-proxy-azure-functions/</link><guid isPermaLink="true">https://genioct.lu/en/blog/serverless-entra-application-proxy-azure-functions/</guid><description>For a narrower class of internal apps and APIs, you can avoid Entra Application Proxy connector VMs with a cloud-native proxy pattern using Azure Functions, Easy Auth, and VNet integration. Here is the decision framework.</description><pubDate>Sat, 18 Apr 2026 00:00:00 GMT</pubDate></item><item><title>Defender for Cloud in 2026 and What to Enable, Tune, and Skip</title><link>https://genioct.lu/en/blog/defender-for-cloud-2026-enable-tune-ignore/</link><guid isPermaLink="true">https://genioct.lu/en/blog/defender-for-cloud-2026-enable-tune-ignore/</guid><description>Defender for Cloud has grown into a sprawling product. Here is a practical guide to which plans are worth the money, which recommendations matter, and how to avoid the noise.</description><pubDate>Sat, 11 Apr 2026 00:00:00 GMT</pubDate></item><item><title>Enterprise AI on Azure in 2026 and What Actually Changed</title><link>https://genioct.lu/en/blog/azure-ai-enterprise-architecture-2026/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-ai-enterprise-architecture-2026/</guid><description>Three years after Azure OpenAI went GA, the enterprise AI platform looks very different. Microsoft Foundry, GPT-5, the Responses API, agentic retrieval, and model-agnostic PTU reservations have changed the design decisions. Here is what matters now.</description><pubDate>Sat, 04 Apr 2026 00:00:00 GMT</pubDate></item><item><title>Why Your Azure Monitor Workbook Shows No Data Even With the Right Permissions</title><link>https://genioct.lu/en/blog/azure-monitor-workbook-no-data-access-control/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-monitor-workbook-no-data-access-control/</guid><description>The hidden access control trap in Azure Monitor Workbooks. Resource-context vs workspace-context queries, why Monitoring Reader is not always enough, and the fix that takes five minutes.</description><pubDate>Sat, 28 Mar 2026 00:00:00 GMT</pubDate></item><item><title>Palo Alto Cloud NGFW for Azure in 2026 and When It Beats Azure Firewall Premium</title><link>https://genioct.lu/en/blog/palo-alto-cloud-ngfw-azure-2026/</link><guid isPermaLink="true">https://genioct.lu/en/blog/palo-alto-cloud-ngfw-azure-2026/</guid><description>Cloud NGFW has matured from an early ISV experiment into a credible managed firewall for Azure. How it compares to Azure Firewall Premium, what the real costs are, and a decision framework for enterprises choosing between them.</description><pubDate>Fri, 27 Mar 2026 00:00:00 GMT</pubDate></item><item><title>Azure Firewall in 2026 and When Standard, Premium, or an NVA Is the Right Call</title><link>https://genioct.lu/en/blog/azure-firewall-2026-standard-vs-premium-nva/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-firewall-2026-standard-vs-premium-nva/</guid><description>Azure Firewall now has Basic, Standard, and Premium SKUs. Premium adds TLS inspection, IDPS, and URL filtering for regulated workloads. Here is the real enterprise decision guide for 2026.</description><pubDate>Sat, 21 Mar 2026 00:00:00 GMT</pubDate></item><item><title>Shared vs Separate Azure Hubs for Regulated Workloads Under NIS2 and DORA</title><link>https://genioct.lu/en/blog/azure-landing-zones-nis2-dora-separate-hubs/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-landing-zones-nis2-dora-separate-hubs/</guid><description>Should production and non-production share a hub in regulated Azure environments? A decision framework grounded in NIS2 operational resilience requirements and DORA environment separation obligations.</description><pubDate>Sat, 14 Mar 2026 00:00:00 GMT</pubDate></item><item><title>Your Azure Bill Is Higher Because Your Partner Isn&apos;t Managing Anything</title><link>https://genioct.lu/en/blog/azure-managed-partner-cost-savings/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-managed-partner-cost-savings/</guid><description>Microsoft&apos;s Partner Earned Credit can reduce net Azure costs when your partner has the right access and operational role. Most enterprises never see that benefit because the setup is wrong. Here is how to check and fix it.</description><pubDate>Sat, 07 Mar 2026 00:00:00 GMT</pubDate></item><item><title>Azure Functions Flex Consumption with Locked Storage and the Gotchas That Break Deployments</title><link>https://genioct.lu/en/blog/azure-functions-flex-consumption-locked-storage-gotchas/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-functions-flex-consumption-locked-storage-gotchas/</guid><description>How to deploy Azure Functions Flex Consumption to secured storage accounts. One Deploy, managed identity, the AzureWebJobsStorage format that matters, and Terraform workarounds.</description><pubDate>Sat, 28 Feb 2026 00:00:00 GMT</pubDate></item><item><title>Azure WAF False Positives and the Rules That Break Legitimate Traffic</title><link>https://genioct.lu/en/blog/azure-waf-false-positives-rules-that-break-traffic/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-waf-false-positives-rules-that-break-traffic/</guid><description>The CRS rules that trigger most often on real Azure web applications. How to identify, confirm, and safely exclude false positives without weakening your WAF.</description><pubDate>Sat, 21 Feb 2026 00:00:00 GMT</pubDate></item><item><title>RAG on Azure for Internal Knowledge Platforms</title><link>https://genioct.lu/en/blog/rag-azure-internal-knowledge-platforms/</link><guid isPermaLink="true">https://genioct.lu/en/blog/rag-azure-internal-knowledge-platforms/</guid><description>An architecture guide for building Retrieval-Augmented Generation on Azure. Document ingestion, AI Search, permission trimming, grounding, and the production challenges that tutorials skip.</description><pubDate>Sat, 07 Feb 2026 00:00:00 GMT</pubDate></item><item><title>Azure Policy Guardrails That Developers Don&apos;t Hate</title><link>https://genioct.lu/en/blog/azure-policy-guardrails-developers-dont-hate/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-policy-guardrails-developers-dont-hate/</guid><description>Practical Azure Policy examples that enforce governance without blocking delivery. Tag enforcement, SKU restrictions, network controls, and diagnostic settings that work with developer workflows.</description><pubDate>Sat, 31 Jan 2026 00:00:00 GMT</pubDate></item><item><title>Azure Landing Zones in 2026 and What Actually Matters Now</title><link>https://genioct.lu/en/blog/azure-landing-zones-2026-what-matters-now/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-landing-zones-2026-what-matters-now/</guid><description>Landing zones are easy to deploy. Operating and evolving them is the real challenge. Policy hygiene, subscription vending, identity changes, and the day-2 problems that mature Azure environments face.</description><pubDate>Sat, 17 Jan 2026 00:00:00 GMT</pubDate></item><item><title>Microsoft Sentinel in 2026 and How to Control Ingestion Costs</title><link>https://genioct.lu/en/blog/microsoft-sentinel-2026-ingestion-cost-control/</link><guid isPermaLink="true">https://genioct.lu/en/blog/microsoft-sentinel-2026-ingestion-cost-control/</guid><description>Sentinel&apos;s biggest problem in enterprise Azure is not capability but cost. Data Collection Rules, Basic Logs, commitment tiers, and what to onboard first.</description><pubDate>Sat, 03 Jan 2026 00:00:00 GMT</pubDate></item><item><title>YAML-Driven Terraform: Building a Self-Service Infrastructure Catalog</title><link>https://genioct.lu/en/blog/yaml-driven-terraform-cloud-product-catalog/</link><guid isPermaLink="true">https://genioct.lu/en/blog/yaml-driven-terraform-cloud-product-catalog/</guid><description>How to turn your Terraform codebase into a self-service platform. A YAML-driven approach that lets teams provision cloud resources without writing HCL - and keeps your platform team sane.</description><pubDate>Thu, 18 Dec 2025 00:00:00 GMT</pubDate></item><item><title>Azure APIM v2 vs Classic: What Changed and What Breaks</title><link>https://genioct.lu/en/blog/azure-apim-v2-vs-classic/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-apim-v2-vs-classic/</guid><description>Azure API Management is moving to a new platform. The StandardV2 and BasicV2 tiers bring real improvements, but also breaking changes that catch teams off guard. Here is what you need to know before migrating.</description><pubDate>Tue, 02 Dec 2025 00:00:00 GMT</pubDate></item><item><title>Why Every Azure Enterprise Needs a WAF Analysis Methodology</title><link>https://genioct.lu/en/blog/azure-waf-analysis-methodology/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-waf-analysis-methodology/</guid><description>Azure WAF protects your web applications, but without a structured analysis methodology, you are flying blind. Learn how to turn WAF from a checkbox into a security asset.</description><pubDate>Wed, 12 Nov 2025 00:00:00 GMT</pubDate></item><item><title>What an Azure Landing Zone Audit Actually Finds</title><link>https://genioct.lu/en/blog/azure-landing-zone-audit-what-we-find/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-landing-zone-audit-what-we-find/</guid><description>The patterns we see when reviewing enterprise Azure environments. Management group chaos, unenforced policies, DNS problems, identity gaps, and cost tagging failures.</description><pubDate>Fri, 15 Aug 2025 00:00:00 GMT</pubDate></item><item><title>Why Internal Developer Platforms Fail on Azure</title><link>https://genioct.lu/en/blog/why-internal-developer-platforms-fail-azure/</link><guid isPermaLink="true">https://genioct.lu/en/blog/why-internal-developer-platforms-fail-azure/</guid><description>The patterns behind failed platform engineering initiatives. Too many tools, no paved path, no product ownership, inconsistent modules, and missing policy guardrails.</description><pubDate>Tue, 08 Jul 2025 00:00:00 GMT</pubDate></item><item><title>Your Developers Don&apos;t Need More Tools. They Need a Paved Path.</title><link>https://genioct.lu/en/blog/developers-need-guardrails-not-more-tools/</link><guid isPermaLink="true">https://genioct.lu/en/blog/developers-need-guardrails-not-more-tools/</guid><description>The platform engineering problem is not tool count. It&apos;s the lack of opinionated defaults, clear ownership, and a measurable self-service path through the tools you already have.</description><pubDate>Thu, 05 Jun 2025 00:00:00 GMT</pubDate></item><item><title>APIM vs Azure Front Door vs Application Gateway and When to Use Each</title><link>https://genioct.lu/en/blog/azure-apim-vs-front-door-vs-app-gateway/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-apim-vs-front-door-vs-app-gateway/</guid><description>The real decision guide for Azure&apos;s overlapping edge services. When to use API Management, Front Door, Application Gateway, or a combination.</description><pubDate>Tue, 20 May 2025 00:00:00 GMT</pubDate></item><item><title>Why Your Azure Bill Is High Even When Your Resources Are Right-Sized</title><link>https://genioct.lu/en/blog/azure-cost-optimization-beyond-rightsizing/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-cost-optimization-beyond-rightsizing/</guid><description>The cost problems that rightsizing and reserved instances don&apos;t fix. Partner configuration errors, log ingestion sprawl, unused private endpoints, egress surprises, and diagnostic settings nobody audits.</description><pubDate>Thu, 10 Apr 2025 00:00:00 GMT</pubDate></item><item><title>When Your Platform Team Can&apos;t Agree on the Stack</title><link>https://genioct.lu/en/blog/managing-technical-disagreements-platform-teams/</link><guid isPermaLink="true">https://genioct.lu/en/blog/managing-technical-disagreements-platform-teams/</guid><description>A real story from an enterprise platform team split over infrastructure tooling. The technical debate was the easy part. The human side, sunk cost, identity, and fear of starting over, is where it gets hard.</description><pubDate>Sat, 01 Feb 2025 00:00:00 GMT</pubDate></item><item><title>Dapr Graduates CNCF and What It Means for Distributed Application Building Blocks</title><link>https://genioct.lu/en/blog/dapr-1-0-distributed-application-building-blocks/</link><guid isPermaLink="true">https://genioct.lu/en/blog/dapr-1-0-distributed-application-building-blocks/</guid><description>Dapr graduated from CNCF in November 2024. The building-block model for distributed applications is now production-mature. Here is when Dapr earns its place on Azure, when native SDKs are still the better answer, and how Container Apps and AKS host it differently.</description><pubDate>Tue, 12 Nov 2024 00:00:00 GMT</pubDate></item><item><title>Your Board Is Asking About NIS2. Here Is What You Actually Need to Do</title><link>https://genioct.lu/en/blog/cloud-security-board-level-nis2-dora/</link><guid isPermaLink="true">https://genioct.lu/en/blog/cloud-security-board-level-nis2-dora/</guid><description>NIS2 and DORA are now enforceable. Belgium&apos;s CyFun self-assessment deadline is April 2026. What CTOs and IT directors at Belgian and EU enterprises need to understand, and where the compliance gaps are showing up.</description><pubDate>Tue, 08 Oct 2024 00:00:00 GMT</pubDate></item><item><title>Terraform AzureRM 4.0: What Breaks and How to Migrate</title><link>https://genioct.lu/en/blog/terraform-azurerm-4-migration-guide/</link><guid isPermaLink="true">https://genioct.lu/en/blog/terraform-azurerm-4-migration-guide/</guid><description>The AzureRM provider 4.0 just dropped with breaking changes to resource naming, attribute defaults, and provider configuration. After migrating several production codebases, this is what you need to know.</description><pubDate>Thu, 05 Sep 2024 00:00:00 GMT</pubDate></item><item><title>The Multi-Cloud Trap and the Vendor Lock-In Myth</title><link>https://genioct.lu/en/blog/multi-cloud-trap-vendor-lock-in-myth/</link><guid isPermaLink="true">https://genioct.lu/en/blog/multi-cloud-trap-vendor-lock-in-myth/</guid><description>Most enterprises go multi-cloud out of fear rather than strategy. The result is double the complexity, double the skills gap, and rarely any actual portability. Here is what to do instead.</description><pubDate>Wed, 10 Jul 2024 00:00:00 GMT</pubDate></item><item><title>Build vs Buy Your Platform Team</title><link>https://genioct.lu/en/blog/build-vs-buy-platform-team-decision/</link><guid isPermaLink="true">https://genioct.lu/en/blog/build-vs-buy-platform-team-decision/</guid><description>An honest breakdown of when to hire cloud engineers in-house versus engaging a consultancy for your platform team. Real costs, real timelines, and the hybrid model that actually works for most enterprises.</description><pubDate>Wed, 20 Mar 2024 00:00:00 GMT</pubDate></item><item><title>Azure Verified Modules: Microsoft&apos;s Answer to the Terraform Module Mess</title><link>https://genioct.lu/en/blog/azure-verified-modules-standardized-iac/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-verified-modules-standardized-iac/</guid><description>Azure Verified Modules provide Microsoft-maintained, tested, and standardized Terraform and Bicep modules for Azure resources. After using them in production, this is what works, what doesn&apos;t, and when to use your own modules instead.</description><pubDate>Tue, 12 Mar 2024 00:00:00 GMT</pubDate></item><item><title>Bicep vs Terraform, Why We Default to Terraform (and When Bicep Wins)</title><link>https://genioct.lu/en/blog/azure-bicep-vs-terraform-comparison/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-bicep-vs-terraform-comparison/</guid><description>After running both Bicep and Terraform in production for the same enterprise, here is an honest take. Terraform is our default, Bicep has its place, and badly written Terraform is worse than either.</description><pubDate>Thu, 15 Feb 2024 00:00:00 GMT</pubDate></item><item><title>Palo Alto Cloud NGFW on Azure and What a PoC Revealed About the Managed Firewall</title><link>https://genioct.lu/en/blog/palo-alto-cloud-ngfw-azure-pharma-poc/</link><guid isPermaLink="true">https://genioct.lu/en/blog/palo-alto-cloud-ngfw-azure-pharma-poc/</guid><description>We ran a proof of concept for Palo Alto Cloud NGFW alongside VM-Series in an enterprise Azure hub-spoke environment. The managed firewall works, but the operational details matter more than the feature sheet suggests.</description><pubDate>Thu, 01 Feb 2024 00:00:00 GMT</pubDate></item><item><title>KEDA Graduates CNCF and What It Means for Event-Driven Kubernetes Autoscaling</title><link>https://genioct.lu/en/blog/keda-cncf-graduation-event-driven-autoscaling/</link><guid isPermaLink="true">https://genioct.lu/en/blog/keda-cncf-graduation-event-driven-autoscaling/</guid><description>KEDA graduated from CNCF in August 2023. Event-driven autoscaling is now a stable, multi-vendor foundation that Container Apps, AKS, and any Kubernetes platform can rely on. Here is when KEDA earns its place, which scalers carry real operational weight, and where default HPA already does the job.</description><pubDate>Tue, 22 Aug 2023 00:00:00 GMT</pubDate></item><item><title>Azure AD Is Now Entra ID: What Actually Changed and What You Need to Update</title><link>https://genioct.lu/en/blog/microsoft-entra-id-azure-ad-rebrand/</link><guid isPermaLink="true">https://genioct.lu/en/blog/microsoft-entra-id-azure-ad-rebrand/</guid><description>Microsoft renamed Azure Active Directory to Microsoft Entra ID. Beyond the branding, there are real changes to APIs, PowerShell modules, and Terraform resources that affect every Azure environment.</description><pubDate>Tue, 18 Jul 2023 00:00:00 GMT</pubDate></item><item><title>The Costs Your Cloud Migration Business Case Didn&apos;t Include</title><link>https://genioct.lu/en/blog/cloud-migration-hidden-costs-leadership-guide/</link><guid isPermaLink="true">https://genioct.lu/en/blog/cloud-migration-hidden-costs-leadership-guide/</guid><description>Enterprise cloud migrations routinely blow past their budgets by 20-30%. The reason isn&apos;t compute pricing. It&apos;s the platform teams, dual-run periods, licensing traps, and retraining costs that never made it into the original spreadsheet.</description><pubDate>Wed, 14 Jun 2023 00:00:00 GMT</pubDate></item><item><title>Architecting for Azure OpenAI: Enterprise Patterns That Actually Work</title><link>https://genioct.lu/en/blog/azure-openai-enterprise-architecture-patterns/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-openai-enterprise-architecture-patterns/</guid><description>Azure OpenAI Service is now generally available. Every Azure architecture now needs an AI strategy. Here are the patterns for network isolation, token management, and responsible deployment that we use in practice.</description><pubDate>Sat, 28 Jan 2023 00:00:00 GMT</pubDate></item><item><title>Azure DNS Private Resolver: The End of Custom DNS VMs in Your Hub</title><link>https://genioct.lu/en/blog/azure-dns-private-resolver-hybrid-dns/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-dns-private-resolver-hybrid-dns/</guid><description>Azure DNS Private Resolver is a managed service that replaces the custom DNS forwarder VMs that every enterprise hub-spoke architecture has been running. After migrating several environments, this is how it works and what to watch for.</description><pubDate>Tue, 15 Nov 2022 00:00:00 GMT</pubDate></item><item><title>Container Apps vs AKS vs App Service: A Decision Framework</title><link>https://genioct.lu/en/blog/azure-container-apps-vs-aks-decision-framework/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-container-apps-vs-aks-decision-framework/</guid><description>Azure Container Apps just went GA. With three container hosting options on Azure, here is a practical decision framework for architects who are tired of over-engineering container platforms.</description><pubDate>Wed, 01 Jun 2022 00:00:00 GMT</pubDate></item><item><title>GitHub Actions for Azure: When It Makes Sense to Leave Azure Pipelines</title><link>https://genioct.lu/en/blog/github-actions-azure-cicd-pipelines/</link><guid isPermaLink="true">https://genioct.lu/en/blog/github-actions-azure-cicd-pipelines/</guid><description>GitHub Actions now has first-class Azure integration. If your code lives in GitHub, your CI/CD probably should too. A practical comparison with Azure Pipelines and the migration patterns that work.</description><pubDate>Thu, 10 Mar 2022 00:00:00 GMT</pubDate></item><item><title>Defender for Cloud: Microsoft&apos;s Multi-Cloud Security Posture Play</title><link>https://genioct.lu/en/blog/microsoft-defender-for-cloud-multi-cloud-security/</link><guid isPermaLink="true">https://genioct.lu/en/blog/microsoft-defender-for-cloud-multi-cloud-security/</guid><description>Microsoft just unified Azure Security Center and Azure Defender into Defender for Cloud with multi-cloud support for AWS and GCP. Here is what changed and what it means for your security architecture.</description><pubDate>Mon, 08 Nov 2021 00:00:00 GMT</pubDate></item><item><title>I Hacked My Own Web App on Kubernetes</title><link>https://genioct.lu/en/blog/securing-web-apps-kubernetes-real-world-audit/</link><guid isPermaLink="true">https://genioct.lu/en/blog/securing-web-apps-kubernetes-real-world-audit/</guid><description>A step-by-step walkthrough of auditing a live Kubernetes web app, from XSS exploitation through a WAF in DetectionOnly mode, to exposed Prometheus metrics and missing authentication. Practical fixes included.</description><pubDate>Tue, 14 Sep 2021 00:00:00 GMT</pubDate></item><item><title>Azure Static Web Apps: The Jamstack Platform Azure Was Missing</title><link>https://genioct.lu/en/blog/azure-static-web-apps-jamstack/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-static-web-apps-jamstack/</guid><description>Azure Static Web Apps just went GA with built-in CI/CD, serverless API backends, authentication, and global distribution. For static sites and SPAs on Azure, this changes the deployment story entirely.</description><pubDate>Thu, 20 May 2021 00:00:00 GMT</pubDate></item><item><title>Azure Arc: Extending Azure Management to Your On-Premises Infrastructure</title><link>https://genioct.lu/en/blog/azure-arc-hybrid-cloud-management/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-arc-hybrid-cloud-management/</guid><description>Azure Arc brings Azure Policy, monitoring, and security to servers and Kubernetes clusters anywhere. Here is what it actually does, where it fits, and the practical considerations for hybrid architectures.</description><pubDate>Thu, 12 Nov 2020 00:00:00 GMT</pubDate></item><item><title>Azure Landing Zones: What I Wish I Had Known Before Deploying Enterprise-Scale</title><link>https://genioct.lu/en/blog/azure-landing-zones-real-world-lessons/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-landing-zones-real-world-lessons/</guid><description>Microsoft&apos;s Enterprise-Scale architecture provides a production-ready Azure foundation. After implementing it for multiple organisations, here are the lessons that the documentation does not cover.</description><pubDate>Tue, 20 Oct 2020 00:00:00 GMT</pubDate></item><item><title>Azure Private Link: How It Changed the Enterprise PaaS Playbook</title><link>https://genioct.lu/en/blog/azure-private-link-enterprise-paas/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-private-link-enterprise-paas/</guid><description>Azure Private Link brings PaaS services into your private network. Here is how it works, the DNS complexity it introduces, and the architecture patterns every enterprise needs.</description><pubDate>Tue, 25 Feb 2020 00:00:00 GMT</pubDate></item><item><title>Azure Bastion: Why Your VMs Don&apos;t Need Public IPs Anymore</title><link>https://genioct.lu/en/blog/azure-bastion-secure-vm-access/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-bastion-secure-vm-access/</guid><description>Azure Bastion provides secure RDP and SSH access to your VMs directly from the Azure portal, without public IPs, jump boxes, or VPN. After rolling it out across multiple environments, this is what we learned.</description><pubDate>Wed, 06 Nov 2019 00:00:00 GMT</pubDate></item><item><title>Azure Sentinel: What Cloud-Native SIEM Means for Your Security Architecture</title><link>https://genioct.lu/en/blog/azure-sentinel-cloud-native-siem/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-sentinel-cloud-native-siem/</guid><description>Microsoft&apos;s new cloud-native SIEM changes how enterprises design security operations. Here is what Sentinel does differently, how to architect around it, and when it replaces your existing SIEM.</description><pubDate>Thu, 03 Oct 2019 00:00:00 GMT</pubDate></item><item><title>Azure Front Door: Global Load Balancing That Actually Simplifies Your Architecture</title><link>https://genioct.lu/en/blog/azure-front-door-global-load-balancing/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-front-door-global-load-balancing/</guid><description>Azure Front Door combines global HTTP load balancing, SSL offload, WAF, and CDN caching in one service. After deploying it for multi-region applications, this is what works and what to watch out for.</description><pubDate>Thu, 18 Apr 2019 00:00:00 GMT</pubDate></item><item><title>Azure Firewall: When Cloud-Native Network Security Finally Makes Sense</title><link>https://genioct.lu/en/blog/azure-firewall-cloud-native-network-security/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-firewall-cloud-native-network-security/</guid><description>Azure Firewall is now generally available. Here is what it means for enterprise hub-spoke architectures, when it replaces NVAs, and the design patterns that work in practice.</description><pubDate>Tue, 02 Oct 2018 00:00:00 GMT</pubDate></item><item><title>VSTS Is Dead, Long Live Azure DevOps: What Actually Changed</title><link>https://genioct.lu/en/blog/azure-devops-vsts-rebrand-what-changed/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-devops-vsts-rebrand-what-changed/</guid><description>Microsoft just rebranded Visual Studio Team Services to Azure DevOps. Beyond the new name, the split into five independent services changes how teams adopt CI/CD, boards, and artifact management.</description><pubDate>Wed, 12 Sep 2018 00:00:00 GMT</pubDate></item><item><title>Zero-Credential Architectures: How Managed Identity Changes Everything</title><link>https://genioct.lu/en/blog/azure-managed-identity-zero-credential-architecture/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-managed-identity-zero-credential-architecture/</guid><description>Azure Managed Identity eliminates the need for credentials in your code. Here is how it works, when to use system-assigned vs user-assigned, and the architecture patterns that make secrets a thing of the past.</description><pubDate>Wed, 25 Jul 2018 00:00:00 GMT</pubDate></item><item><title>AKS Just Went GA: What Enterprise Teams Need to Know Before Going All-In</title><link>https://genioct.lu/en/blog/azure-kubernetes-service-aks-production-lessons/</link><guid isPermaLink="true">https://genioct.lu/en/blog/azure-kubernetes-service-aks-production-lessons/</guid><description>Azure Kubernetes Service is now generally available. Before you migrate everything to AKS, here are the architecture decisions, networking gotchas, and operational realities that the quickstart guides skip.</description><pubDate>Wed, 20 Jun 2018 00:00:00 GMT</pubDate></item></channel></rss>