Excited to share my latest open-source project: KubeCost Guardian
After seeing how many DevOps teams struggle with Kubernetes cost visibility on Azure, I built a full-stack cost optimization platform from scratch. ๐ช๐ต๐ฎ๐ ๐ถ๐ ๐ฑ๐ผ๐ฒ๐: โ Real-time AKS cluster monitoring via Azure SDK โ Cost breakdown per namespace, node, and pod โ AI-powered recommendations generated from actual cluster state โ One-click optimization actions โ JWT-secured dashboard with full REST API ๐ง๐ฒ๐ฐ๐ต ๐ฆ๐๐ฎ๐ฐ๐ธ: - React 18 + TypeScript + Vite - Tailwind CSS + shadcn/ui + Recharts - Node.js + Express + TypeScript - Azure SDK (@azure/arm-containerservice) - JWT Authentication + Azure Service Principal ๐ช๐ต๐ฎ๐ ๐บ๐ฎ๐ธ๐ฒ๐ ๐ถ๐ ๐ฑ๐ถ๐ณ๐ณ๐ฒ๐ฟ๐ฒ๐ป๐: Most cost tools show you generic estimates. KubeCost Guardian reads your actual VM size, node count, and cluster configuration to generate recommendations that are specific to your infrastructure not averages. For example, if your cluster has only 2 nodes with no autoscaler enabled, it immediately flags the HA risk and calculates exactly how much you'd save by switching to Spot instances based on your actual VM size. This project is fully open-source and built for the DevOps community. โญ GitHub: https://github.com/HlaliMedAmine/kubecost-guardian This project represents hours of hard work, and passion. I decided to make it open-source so everyone can benefit from it ๐ค ,If you find it useful, Iโd really appreciate your support . Your support motivates me to keep building and sharing more powerful projects ๐. More exciting ideas are coming soonโฆ stay tuned! ๐ฅ.
Building a Production-Ready Azure Lighthouse Deployment Pipeline with EPAC
Recently I worked on an interesting project for an end-to-end Azure Lighthouse implementation. What really stood out to me was the combination of Azure Lighthouse, EPAC, DevOps, and workload identity federation. The deployment model was so compelling that I decided to build and validate the full solution hands-on in my own personal Azure tenants. The result is a detailed article that documents the entire journey, including pipeline design, implementation steps, and the scripts I prepared along the way. You can read the full article herePipeline Intelligence is live and open-source real-time Azure DevOps monitoring powered by AI .
Every DevOps team I've worked with had the same problem: Slow pipelines. Zero visibility. No idea where to start. So I stopped complaining and built the solution. So I built something about it. โก Pipeline Intelligence is a full-stack Azure DevOps monitoring dashboard that: โ Connects to your real Azure DevOps organization via REST API โ Detects bottlenecks across all your pipelines automatically โ Calculates exactly how much time your team is wasting per month โ Uses Gemini AI to generate prioritized fixes with ready-to-paste YAML solutions โ JWT-secured, Docker-ready, and fully open-source Tech Stack: โ React 18 + Vite + Tailwind CSS โ Node.js + Express + Azure DevOps API v7 โ Google Gemini 1.5 Flash โ JWT Authentication + Docker ๐ช๐ต๐ฎ๐ ๐บ๐ฎ๐ธ๐ฒ๐ ๐ถ๐ ๐ฑ๐ถ๐ณ๐ณ๐ฒ๐ฟ๐ฒ๐ป๐? Most tools show you generic estimates. Pipeline Intelligence reads your actual cluster config, node count, and pipeline structure and gives you recommendations specific to your infrastructure. ๐ฏ This year, I set myself a personal challenge: Build and open-source a series of production-grade tools exclusively focused on Azure services tools that solve real problems for real DevOps teams. This project represents weeks of research, architecture decisions, and late-night debugging sessions. I'm sharing it with the community because I believe great tooling should be accessible to everyone not locked behind enterprise paywalls. If this resonates with you, I have one simple ask: ๐ A like, a comment, or a share takes 3 seconds but it helps this reach the DevOps engineers who need it most. Your support is what keeps me building. โค๏ธ GitHub: https://github.com/HlaliMedAmine/pipeline-intelligence
Intune MAM BYOD: Remove Account message for iOS devices
Hello, I am seeing an issue for Intune MAM BYOD(iOS) users. After a user account password reset, it causes Intune to remove the account configured from mobile applications like MS Outlook, Work, OneDrive, etc. Current Intune Configuration: Done - App Protection Policy Done - Conditional access policy --> Grant --> Requires app protection policy (checked) Users had to re-enrol to access his/her data. Here is the screenshot, Thank you,
Applying DevOps Principles on Lean Infrastructure. Lessons From Scaling to 102K Users.
Hi Azure Community, I'm a Microsoft Certified DevOps Engineer, and I want to share an unusual journey. I have been applying DevOps principles on traditional VPS infrastructure to scale to 102,000 users with 99.2% uptime. Why am I posting this in an Azure community? Because I'm planning migration to Azure in 2026, and I want to understand: What mistakes am I already making that will bite me during migration? THE CURRENT SETUP Platform: Social commerce (West Africa) Users: 102,000 active Monthly events: 2 million Uptime: 99.2% Infrastructure: Single VPS Stack: PHP/Laravel, MySQL, Redis Yes - one VPS. No cloud. No Kubernetes. No microservices. WHY I HAVEN'T USED AZURE YET Honest answer: Budget constraints in emerging market startup ecosystem. At our current scale, fully managed Azure services would significantly increase monthly burn before product-market expansion. The funding we raised needs to last through growth milestones. The trade: I manually optimize what Azure would auto-scale. I debug what Application Insights would catch. I do by hand what Azure Functions would automate. DEVOPS PRACTICES THAT KEPT US RUNNING Even on single-server infrastructure, core DevOps principles still apply: CI/CD Pipeline (GitHub Actions) โข 3-5 deployments weekly โข Zero-downtime deploys โข Automated rollback on health check failures โข Feature flags for gradual rollouts Monitoring & Observability โข Custom monitoring (would love Application Insights) โข Real-time alerting โข Performance tracking and slow query detection โข Resource usage monitoring Automation โข Automated backups โข Automated database optimization โข Automated image compression โข Automated security updates Infrastructure as Code โข Configs in Git โข Deployment scripts โข Environment variables โข Documented procedures Testing & Quality โข Automated test suite โข Pre-deployment health checks โข Staging environment โข Post-deployment verification KEY OPTIMIZATIONS Async Job Processing โข Upload endpoint: 8 seconds โ 340ms โข 4x capacity increase Database Optimization โข Feed loading: 6.4 seconds โ 280ms โข Strategic caching โข Batch processing Image Compression โข 3-8MB โ 180KB (94% reduction) โข Critical for mobile users Caching Strategy โข Redis for hot data โข Query result caching โข Smart invalidation Progressive Enhancement โข Server-rendered pages โข 2-3 second loads on 4G WHAT I'M WORRIED ABOUT FOR AZURE MIGRATION This is where I need your help: Architecture Decisions โข App Service vs Functions + managed services? โข MySQL vs Azure SQL? โข When does cost/benefit flip for managed services? Cost Management โข How do startups manage Azure costs during growth? โข Reserved instances vs pay-as-you-go? โข Which Azure services are worth the premium? Migration Strategy โข Lift-and-shift first, or re-architect immediately? โข Zero-downtime migration with 102K active users? โข Validation approach before full cutover? Monitoring & DevOps โข Application Insights - worth it from day one? โข Azure DevOps vs GitHub Actions for Azure deployments? โข Operational burden reduction with managed services? Development Workflow โข Local development against Azure services? โข Cost-effective staging environments? โข Testing Azure features without constant bills? MY PLANNED MIGRATION PATH Phase 1: Hybrid (Q1 2026) โข Azure CDN for static assets โข Azure Blob Storage for images โข Application Insights trial โข Keep compute on VPS Phase 2: Compute Migration (Q2 2026) โข App Service for API โข Azure Database for MySQL โข Azure Cache for Redis โข VPS for background jobs Phase 3: Full Azure (Q3 2026) โข Azure Functions for processing โข Full managed services โข Retire VPS QUESTIONS FOR THIS COMMUNITY Question 1: Am I making migration harder by waiting? Should I have started with Azure at higher cost to avoid technical debt? Question 2: What will break when I migrate? What works on VPS but fails in cloud? What assumptions won't hold? Question 3: How do I validate before cutting over? Parallel infrastructure? Gradual traffic shift? Safe patterns? Question 4: Cost optimization from day one? What to optimize immediately vs later? Common cost mistakes? Question 5: DevOps practices that transfer? What stays the same? What needs rethinking for cloud-native? THE BIGGER QUESTION Have you migrated from self-hosted to Azure? What surprised you? I know my setup isn't best practice by Azure standards. But it's working, and I've learned optimization, monitoring, and DevOps fundamentals in practice. Will those lessons transfer? Or am I building habits that cloud will expose as problematic? Looking forward to insights from folks who've made similar migrations. --- About the Author: Microsoft Certified DevOps Engineer and Azure Developer. CTO at social commerce platform scaling in West Africa. Preparing for phased Azure migration in 2026. P.S. I got the Azure certifications to prepare for this migration. Now I need real-world wisdom from people who've actually done it!
Having trouble with MDM
I am trying to set up a surface pro with a business account. However I got a error saying looks like we can't connect to the URL for your organization's MDM terms of us. Error: invalid_client Error subcode: Description: failed%20to%20authenticate%20user Does anyone know a quick fix to this problem. Thanks,
Conditional Access Policy Loop with Edge on BYOD Devices โ Need Help!
Body: Hello Tech Community, Iโm facing an issue with an Azure AD Conditional Access Policy that seems to be causing a loop when users access Office 365 resources using Microsoft Edge on Windows 11 24H2 BYOD devices. Hereโs the scenario: Problem: The policy is titled "Require App Protection Policy for Edge on Windows for All Users when Browser and Non-Compliant-v1.0" and continuously prompts users to switch profiles in Edge. These devices are BYOD and intentionally excluded from full Intune management (non-compliant by design). However, Edge repeatedly requests authentication or profile switching, creating a frustrating experience. Policy Details: Applies to: Windows devices using browsers (primarily Edge). Excludes: Compliant devices or those with trustType = ServerAD. Includes: Office 365 applications. Excludes Groups: Certain groups that should bypass the policy. What Iโve Tried: Verified device compliance status in Azure AD and Intune. Checked Azure AD Sign-In Logs for errors or repetitive authentications. Cleared Edge browser cache and cookies. Ensured Edge is configured to use Windows sign-in information. Adjusted the App Protection Policy settings for Edge. Questions: Could this be an issue with how Edge handles profile authentication in Conditional Access scenarios? How can I ensure that BYOD devices remain excluded from full Intune management but still work seamlessly with this policy? Are there specific adjustments I can make to the Conditional Access or App Protection Policy to avoid these loops? Additional Context: My goal is to secure access using App Protection Policies (MAM) for BYOD scenarios without requiring full device enrollment in Intune. Any insights, suggestions, or similar experiences would be greatly appreciated! Thank you in advance for your help!
