Case Studies

Execution stories
that scale.

Structured engineering decisions that improve endpoint reliability and reduce operational drag. Problem, constraints, solution, and measurable result.

Daily Intune Configuration History as Code

Problem
Manual Intune exports made it difficult to track what changed, when it changed, and who made the change.
Constraints
Backups needed to run unattended, stay versioned in Git, avoid exposing secrets in logs, and remain independent from app release timing.
Solution
Implemented scheduled Azure DevOps + IntuneCD pipeline to export config JSON daily, detect diffs, commit/tag updates, and generate markdown documentation, with GitHub Actions checks enforcing repo-level quality gates.
Result
Consistent daily tenant snapshots and a clear, auditable change trail for endpoint configuration evolution.

Markdown-Driven App Onboarding and Offboarding

Problem
Application lifecycle operations were inconsistent, with manual assignment overhead and high risk of drift between app metadata and deployment state.
Constraints
Needed predictable onboarding/offboarding without breaking existing user/device targeting.
Solution
Built markdown-defined app catalog workflows that package/publish apps, auto-manage Entra assignment groups, and support controlled removal patterns.
Result
Faster release cadence with standardized operational flow and fewer manual assignment errors.

Guardrailed Endpoint Scripting at Scale

Problem
Large Windows/macOS script estates naturally drift in structure and quality without strong contracts.
Constraints
Quality controls could not slow delivery or require heavy manual review.
Solution
Introduced shared templates and validation tooling for run-requirements drift, bootstrap consistency, ScriptConfig contracts, and script inventory checks across GitHub Actions and Azure DevOps execution paths.
Result
Sustainable release quality across two core repos with 9,700+ files, 490+ PowerShell scripts, and 65+ automation YAML definitions.

Local AI Workflows with Private Infrastructure

Problem
Needed AI-assisted analysis and automation while keeping operational and personal data under direct control.
Constraints
Required private-by-default architecture, reliable uptime, and easy integration with existing automation scripts.
Solution
Implemented local model usage patterns on a self-hosted platform, connected to ingestion/transcription workflows and protected behind zero-trust access controls.
Result
Reduced dependency on third-party AI services for day-to-day operations and enabled faster iteration on internal tooling.

Endpoint Security Posture Enforcement

Problem
Large distributed device fleets drifted from security baselines between audit cycles, creating compliance gaps and exposure risk.
Constraints
Enforcement needed to be automated, auditable, and non-disruptive to end users while meeting organizational security guidelines.
Solution
Implemented continuous compliance policy enforcement via Intune, Conditional Access gating, and automated remediation scripts that detect and correct configuration drift on managed endpoints.
Result
Reduced time-to-compliance for endpoint security baselines and established an automated, auditable enforcement loop across the device fleet.

Want results like these
in your environment?

Structured delivery, measurable outcomes, and systems built for handoff. Let's talk.

Start a Conversation →