OO
Azure Infrastructure Engineer

Obed Owusu · Azure Infrastructure Engineer

I design and automate Azure first platforms that are secure, reliable and easy to operate.

I build modern Azure estates using landing zone architectures, Infrastructure-as-Code and Zero Trust identity—integrating VNets, hybrid networking, governance and monitoring to deliver secure, consistent and reliable platforms across all environment tiers.

Azure core · VNets · Landing Zones Entra ID · Conditional Access · Zero Trust Infrastructure as Code · Bicep · Terraform Automation · Python · DevOps pipelines
Who I work with Azure-first MSPs and enterprise hybrid-cloud teams running workloads across Azure and on-prem.
Core expertise Azure networking & landing zones – Entra ID & Intune – Terraform – Bicep – Python scripting
How I typically help
Design & land Azure foundations
Secure hub-and-spoke landing zones with identity, networking, policy and guardrails.
Standardize deployments with IaC
Terraform/Bicep modules and pipelines for consistent, auditable Azure.
Secure & modernize hybrid estates
Connect on-prem to Azure, enforce Zero Trust and build observable cloud workloads.
Obed Owusu
Senior Associate Engineer · Harlow

Hello, My name is

Obed Owusu

Azure-focused Infrastructure Engineer working across 2nd line and 3rd line, growing into full Cloud & Platform Engineering.

Building the Future in the Cloud, One Project at a Time

I work across Azure identity, automation, governance, networking, and hybrid environments building strong technical foundations through real, hands-on engineering. I focus on secure, scalable cloud architecture using Infrastructure-as-Code, CI/CD, monitoring, and reusable design patterns. My portfolio captures the problems I solve and the systems I build, and it evolves as I continue to grow technically.

5+ Years in IT 1st–3rd line, MSP & enterprise
20+ Cloud Projects Azure, automation, governance
Core Stack Azure · Entra ID · Intune · Terraform · Cloudflare
Profile image

About Me

Senior Associate Engineer!

I’m an Azure-focused Infrastructure Engineer with hands on experience supporting and securing modern cloud and hybrid environments across Microsoft 365, Azure, and on-premises systems. I specialise in identity and access management, Azure networking, Intune lifecycle management, Cloud PC deployments, and enterprise email security using SPF/DKIM/DMARC, Mimecast, and Barracuda. My background spans 1st to 3rd Line engineering, giving me a deep understanding of how systems behave end to end from user onboarding and endpoint management to VPN connectivity, AD/Entra ID configuration, automation, and disaster recovery. I’ve delivered solutions across MSP and enterprise environments, often leading escalations, building automation scripts, and improving operational processes using PowerShell, Logic Apps, and Bicep/ARM templates. I’m passionate about building reliable, secure, and scalable systems that enable businesses to operate efficiently. I enjoy solving complex technical challenges, improving infrastructure performance, and continuously learning to advance toward senior cloud engineering roles.

Skills & Tools

Cloud & Platform

Designing Azure first, hybrid estates with secure landing zones, governance and observability.

Microsoft Azure Advanced Azure Landing Zones Advanced Azure Virtual Network Proficient Azure Storage / Compute Proficient Azure Arc & Hybrid Proficient

Identity, Security & Devices

Zero Trust identity, secure device posture and policy-driven access across tenants.

Entra ID (Azure AD) Advanced Conditional Access Advanced Intune / Endpoint Management Proficient MFA, SSPR, PIM Proficient SPF / DKIM / DMARC, Mimecast Proficient

Automation & Scripting

Automating repeatable tasks, enforcing guardrails and integrating cloud workflows.

PowerShell Advanced Python Proficient Bash / Linux CLI Proficient Azure CLI & Azure PowerShell Proficient Logic Apps / Functions Growing

Infrastructure as Code & DevOps

Declarative infrastructure, policy-driven environments and CI/CD automation for cloud platforms.

Bicep / ARM Templates Advanced Terraform (Azure) Proficient Git & GitHub Proficient GitHub Actions Proficient Azure DevOps Pipelines Growing

Networking & Hybrid Connectivity

Connecting on-premises and cloud estates with secure, observable network topologies.

VNets, Subnets, NSGs Advanced VPNs & Site-to-Site Tunnels Proficient DNS / DHCP / Routing Proficient Load Balancers & HA patterns Growing

Monitoring, Governance & Operations

Enforcing guardrails, surfacing risk and running stable cloud platforms in production.

Azure Policy & Blueprints Proficient Azure Monitor / Log Analytics Proficient KQL & Workbooks Growing Backup & DR (Azure Backup) Proficient Documentation (IT Glue) Proficient

Experience

Proven across MSP & enterprise, from support to Azure-first engineering.

I’ve grown from hands-on IT support into an Azure-focused engineer trusted with escalations, hybrid connectivity, security, and governance. Each role enhanced my expertise in rapid troubleshooting, targeted automation, and building resilient cloud architectures that remain stable under real operational demands.

MSP & Enterprise Hybrid Azure / On-Prem Security & Compliance Automation & Scripting
Oct 2024 – Present Senior · MSP

Senior Associate Engineer

Lifeline IT (MSP)

  • Led escalated incidents across Entra ID, Azure networking, VPNs, email flow, and hybrid identity issues.
  • Configured and monitored Site-to-Site VPNs for hybrid connectivity, analysing tunnel health and implementing failover plans.
  • Used MxToolbox, message trace, and DNS tools to diagnose mail flow failures and reputation issues (SPF/DKIM/DMARC).
  • Tuned Mimecast & Barracuda security policies, reducing phishing-related incidents across several clients.
  • Deployed Intune compliance baselines & Conditional Access, achieving 95%+ device compliance across managed tenants.
Apr 2023 – Aug 2024 2nd Line · Enterprise

2nd Line Technical Support Engineer

News Corp UK

  • Provided Tier 2 escalation support across AD, Group Policy, networking, DNS/DHCP and VPN connectivity for a distributed enterprise estate.
  • Investigated and resolved replication issues, GPO failures, login delays, and hybrid identity inconsistencies.
  • Created and maintained technical documentation and runbooks using IT Glue.
  • Supported and monitored Darktrace, SonicWall, Mimecast, and Bitwarden across the environment.
Jan 2024 – Mar 2024 Azure · Internship

Junior Azure Cloud Engineer (Intern)

Firebrand Training (Remote)

  • Built Azure lab environments with VNets, NSGs, Load Balancers, and hub-and-spoke networking patterns.
  • Assisted with AD Connect and hybrid identity testing, including Site-to-Site VPNs for multi-environment connectivity.
  • Configured Azure Monitor, Log Analytics, and alert rules for lab environments.
Nov 2019 – Apr 2023 1st–2nd Line

IT Support Engineer

ONTRAQ

  • Delivered Tier 1–2 support across Windows environments, printers, VPN access and on-prem applications.
  • Configured UNC paths, group-based access, and basic file permissions for shared data.
  • Installed and maintained Sage 50/200 for finance users, resolving client and server connectivity issues.
  • Supported Duo MFA rollout and VPN access for administrative and remote staff.

Latest Projects

Onboarding Automator

(AZ-104) Onboarding Automator

Automates the onboarding process using Azure AD, RBAC roles, and policy-driven scripting.

View Project
SecureShare Hub

SecureShare Hub · Azure Zero-Trust File Distribution Platform

A hardened internal file distribution system built on private-only Azure Blob Storage with enforced Microsoft authentication, one-time SAS delegation links, automated malware scanning and full audit visibility. Every file request is authenticated, time-limited and logged end to end.

View Project
Cloud Policy Compliance Dashboard

Cloud Policy Compliance Dashboard — Enterprise Governance Baseline

A management-group-level Azure governance baseline enforcing policies across Dev/Test/Prod using Bicep and GitHub Actions. Includes shared Log Analytics, Workbooks, and KQL alerts that surface non-compliant resources in real time.

View Project
Weather Tracker

Weather Tracker

Live weather monitor with alerts via Azure Functions and Logic Apps.

Coming Soon
Enterprise Inventory Management System

Enterprise Inventory Management System

Enterprise-grade inventory platform on Azure using Bicep, Cosmos DB, Azure Functions, secure networking, RBAC, CI/CD, and centralized monitoring via Log Analytics and Azure Policy.

Coming Soon
AI-Powered Document Processing System

AI-Powered Document Processing System

Serverless Azure solution that uses AI to extract data from PDFs and images, stores it in Cosmos DB, and enforces compliance with Azure Policy, fully automated with Bicep and CI/CD.

Coming Soon
Automated Azure Resource Hardening & Audit System

Automated Azure Resource Hardening & Audit System

Cloud-native security automation platform to detect and auto-remediate misconfigurations using Resource Graph, Azure Policy, Automation, and Bicep, with dashboards and alerts for governance.

Coming Soon

My Certifications

Certifications section coming soon.

Core stack & platforms

Core Stack for Automating, Securing, and Operating Cloud Native Infrastructure.

Azure Azure
Terraform Terraform
GitHub Actions GitHub Actions
DevOps DevOps
Python Python

Contact Me!