Senior Microsoft cloud security architect at the intersection of identity modernisation, governance, and IaC supply-chain integrity.
Based in the Czech Republic.
Everything-as-code is how I build Microsoft cloud environments I can actually prove. Two principled perimeters — one for human access, one for pipeline identity — are what make it safe. The same thesis applies across every engagement; the depth comes from seeing the pattern repeat in different shapes.
Topic pillars:
- Identity modernisation — AD FS retirement to Microsoft Entra ID cloud authentication, hybrid AD/Entra assessment frameworks, tier-based hardening for legacy domains, federated-to-cloud migration patterns.
- Privileged access design — PIM (roles/groups/resources), Conditional Access auth contexts, JIT for ADO/GitHub.
- Secure delivery of governance — WIF, UAMI, no-PAT pipelines, three-domain Terraform with separation of duties.
- Tenant-write supply chain — who writes to Entra, how it's gated, audit posture.
- ALZ with a security lens — management-group hierarchy and policy assignment for security-first tenants.
- Edge cases and gotchas — MG-scoped WIF bootstrap, Conditional Access auth-context binding, PIM activation timing.
trustanchor.pro — production patterns from identity modernisation, financial-sector application security, M365 tenant migrations, MSSP platforms, Azure Arc unified control plane, and global cybersecurity policy delivery. Hugo + GitHub Pages.
Editorial frame: identity governance and the IaC supply chain that delivers it are one design problem at different scopes.
| linkedin.com/in/vaculikgeorge | |
| Microsoft Learn | learn.microsoft.com/users/vaculikgeorge |
| Cert | Title | Tier | Year |
|---|---|---|---|
| SC-100 | Cybersecurity Architect | Expert | 2025 |
| MS-102 | Microsoft 365 Administrator | Expert | 2024 |
| AZ-500 | Azure Security Engineer | Associate | 2026 |
| SC-200 | Security Operations Analyst | Associate | 2025 |
| SC-300 | Identity & Access Administrator | Associate | 2023 |
Whether you're modernising AD FS to Entra ID, hardening privileged access, designing landing zones at scale, or getting PATs and client secrets out of your delivery pipelines — let's talk.
The principles are universal. The implementations are Microsoft.