Obed Owusu
Azure Support Engineer · Harlow

Hello, My name is

Obed Owusu

Infrastructure Engineer working across 2nd and 3rd line environments, building hands-on Azure, automation, and cloud engineering expertise through real-world projects.

Building the Future in the Cloud, One Project at a Time

I work across Azure identity, automation, governance, networking, and hybrid environments building strong technical foundations through real, hands-on engineering. I focus on secure, scalable cloud architecture using Infrastructure-as-Code, CI/CD, monitoring, and reusable design patterns. The projects in this portfolio demonstrate practical cloud engineering, infrastructure automation, observability, and secure system design using Azure-native technologies and modern operational practices.

5+ Years in IT Infrastructure, cloud & support engineering
4 live Cloud Projects Azure, Automation, Governance
Core Stack Azure · Entra ID · Intune · Terraform · Docker
Profile image

About Me

Azure Support Engineer!

I'm an Azure-focused Infrastructure Engineer with hands-on experience supporting and securing modern cloud and hybrid environments across Microsoft 365, Azure, and on-premises systems. My experience includes identity and access management, Azure networking, Intune lifecycle management, Cloud PC deployments, and enterprise email security using SPF, DKIM, DMARC, Mimecast, and Barracuda. Coming from a 1st to 3rd Line infrastructure background, I’ve developed strong operational understanding across endpoint management, VPN connectivity, Active Directory/Entra ID administration, automation, and disaster recovery. Across MSP and enterprise environments, I’ve supported escalations, improved operational processes, and built automation solutions using PowerShell, Logic Apps, and Infrastructure-as-Code tools including Bicep and ARM templates. My portfolio focuses on practical cloud engineering, secure infrastructure design, automation, monitoring, and modern Azure operational practices as I continue progressing toward cloud and platform engineering roles.

Skills & Tools

Cloud & Platform

Designing Azure first, hybrid estates with secure landing zones, governance and observability.

Microsoft Azure Advanced Azure Landing Zones Advanced Azure Virtual Network Proficient Azure Storage / Compute Proficient Azure Arc & Hybrid Proficient

Identity, Security & Devices

Zero Trust identity, secure device posture and policy-driven access across tenants.

Entra ID (Azure AD) Advanced Conditional Access Advanced Intune / Endpoint Management Proficient MFA, SSPR, PIM Proficient SPF / DKIM / DMARC, Mimecast Proficient

Automation & Scripting

Automating repeatable tasks, enforcing guardrails and integrating cloud workflows.

PowerShell Advanced Python Proficient Bash / Linux CLI Proficient Azure CLI & Azure PowerShell Proficient Logic Apps / Functions Growing

Infrastructure as Code & DevOps

Declarative infrastructure, policy-driven environments and CI/CD automation for cloud platforms.

Bicep / ARM Templates Advanced Terraform (Azure) Proficient Git & GitHub Proficient GitHub Actions Proficient Azure DevOps Pipelines Growing

Networking & Hybrid Connectivity

Connecting on-premises and cloud estates with secure, observable network topologies.

VNets, Subnets, NSGs Advanced VPNs & Site-to-Site Tunnels Proficient DNS / DHCP / Routing Proficient Load Balancers & HA patterns Growing

Monitoring, Governance & Operations

Enforcing guardrails, surfacing risk and running stable cloud platforms in production.

Azure Policy & Blueprints Proficient Azure Monitor / Log Analytics Proficient KQL & Workbooks Growing Backup & DR (Azure Backup) Proficient Documentation (IT Glue) Proficient

Experience

Proven across MSP & enterprise, from support to Azure-first engineering.

I've grown from hands-on IT support into an Azure-focused engineer trusted with escalations, hybrid connectivity, security, and governance. Each role enhanced my expertise in rapid troubleshooting, targeted automation, and building resilient cloud architectures that remain stable under real operational demands.

MSP & Enterprise Hybrid Azure / On-Prem Security & Compliance Automation & Scripting
Oct 2024 – Present Azure · MSP

Azure Support Engineer

Lifeline IT (MSP)

  • Designed and enforced zero-trust identity controls across multiple client tenants using Entra ID Conditional Access, RBAC, and Intune compliance baselines, achieving 95% device compliance across the managed client base
  • Architected and configured Site-to-Site VPNs connecting on-premises networks to Azure VNets, implementing tunnel monitoring, failover planning and hybrid connectivity documentation for production environments.
  • Built and deployed identity lifecycle automation using PowerShell and Azure Logic Apps, reducing manual provisioning effort by approximately 50% and enforcing consistent access controls across client environments.
  • Diagnosed and remediated complex email security failures using MXToolbox, Exchange message trace, and SPF/DKIM/DMARC analysis, improving domain deliverability across multiple clients.
Apr 2023 – Aug 2024 2nd Line · Enterprise

2nd Line Technical Support Engineer

News Corp UK

  • Provided Tier 2 escalation support across AD, Group Policy, networking, DNS/DHCP and VPN connectivity for a distributed enterprise estate.
  • Investigated and resolved replication issues, GPO failures, login delays, and hybrid identity inconsistencies.
  • Created and maintained technical documentation and runbooks using IT Glue.
  • Supported and monitored Darktrace, SonicWall, Mimecast, and Bitwarden across the environment.
Jan 2024 – Mar 2024 Azure · Internship

Junior Azure Cloud Engineer (Intern)

Firebrand Training (Remote)

  • Built Azure lab environments with VNets, NSGs, Load Balancers, and hub-and-spoke networking patterns.
  • Assisted with AD Connect and hybrid identity testing, including Site-to-Site VPNs for multi-environment connectivity.
  • Configured Azure Monitor, Log Analytics, and alert rules for lab environments.
Nov 2019 – Apr 2023 1st–2nd Line

IT Support Engineer

ONTRAQ

  • Delivered Tier 1–2 support across Windows environments, printers, VPN access and on-prem applications.
  • Configured UNC paths, group-based access, and basic file permissions for shared data.
  • Installed and maintained Sage 50/200 for finance users, resolving client and server connectivity issues.
  • Supported Duo MFA rollout and VPN access for administrative and remote staff.

Latest Projects

Onboarding Automator

(AZ-104) Onboarding Automator

Automates the onboarding process using Azure AD, RBAC roles, and policy-driven scripting - eliminating repetitive manual tasks and enforcing consistent, secure access from day one.

~3 hrs saved per new hire 100% consistent RBAC assignment ~0 manual provisioning errors
Azure AD RBAC Azure Policy PowerShell AZ-104
View Project
SecureShare Hub

SecureShare Hub · Azure Zero-Trust File Distribution Platform

A hardened internal file distribution system built on private-only Azure Blob Storage with enforced Microsoft authentication, one-time SAS delegation links, automated malware scanning and full audit visibility. Every file request is authenticated, time-limited and logged end to end.

0 stored secrets in pipeline 100% files scanned pre-download 15-min max SAS exposure window
Azure Blob Storage Zero Trust SAS Tokens Microsoft Entra ID Defender for Cloud Terraform
View Project
Cloud Policy Compliance Dashboard

Cloud Policy Compliance Dashboard — Enterprise Governance Baseline

A management-group-level Azure governance baseline enforcing policies across Dev/Test/Prod using Bicep and GitHub Actions. Includes shared Log Analytics, Workbooks, and KQL alerts that surface non-compliant resources in real time.

3 envs governed from one pipeline <5 min to detect misconfiguration Audit-ready CSV/JSON evidence
Azure Policy Bicep GitHub Actions Log Analytics KQL Workbooks
View Project
Weather Tracker

Weather Tracker

Cloud-native weather application built with FastAPI, Docker, Azure Container Apps, CI/CD, and Key Vault secret management — demonstrating a full secure containerised deployment lifecycle on Azure.

Scale-to-zero cost model on ACA 0 plaintext secrets in code or config ~10 min deploy: push to live via CI/CD
FastAPI Docker Azure Container Apps GitHub Actions Azure Monitor Key Vault
View Project Live Demo
Enterprise Inventory Management System

Enterprise Inventory Management System

Enterprise-grade inventory platform on Azure using Bicep, Cosmos DB, Azure Functions, secure networking, RBAC, CI/CD, and centralized monitoring via Log Analytics and Azure Policy.

Azure Functions Cosmos DB Bicep RBAC CI/CD Log Analytics
Coming Soon
AI-Powered Document Processing System

AI-Powered Document Processing System

Serverless Azure solution that uses AI to extract data from PDFs and images, stores it in Cosmos DB, and enforces compliance with Azure Policy, fully automated with Bicep and CI/CD.

Azure AI Azure Functions Cosmos DB Bicep Azure Policy CI/CD
Coming Soon
Automated Azure Resource Hardening & Audit System

Automated Azure Resource Hardening & Audit System

Cloud-native security automation platform to detect and auto-remediate misconfigurations using Resource Graph, Azure Policy, Automation, and Bicep, with dashboards and alerts for governance.

Azure Policy Resource Graph Azure Automation Bicep Security Alerts
Coming Soon

My Certifications

Microsoft Certified: Azure Fundamentals badge
Microsoft Certified: Azure Fundamentals
Microsoft · AZ-900
Active Verify credential ↗
Microsoft Certified: Azure Administrator Associate badge
Microsoft Certified: Azure Administrator Associate
Microsoft · AZ-104
In Progress
Core stack & platforms

Core Stack for Automating, Securing, and Operating Cloud Native Infrastructure.

Azure Azure
Terraform Terraform
GitHub Actions GitHub Actions
DevOps DevOps
Python Python

Contact Me!