// personal & homelab

My Projects

A mix of personal builds and homelab experiments - from custom PC hardware to self-hosted infrastructure. Each project is a chance to learn something new outside of work.

// identity · zero trust

Conditional Access Framework

A complete nine-policy Conditional Access stack designed for SMBs on M365 Business Premium. MFA enforcement, device compliance, legacy auth blocked, and risk-based policies. Built to be set once with minimal ongoing maintenance.

Entra ID Conditional Access Intune Zero Trust

View project →

// tenant hardening · m365

Secure Score: 34% to 81%

Took a neglected M365 Business Premium tenant from 34% to 81% Secure Score across four phases. Every action documented with the reasoning behind each decision, including what was skipped and why.

Secure Score Defender Intune M365 BP

View project →

// hardware build

Custom Gaming PC

Built a custom PC from scratch, hand-picking every component to balance performance, aesthetics, and future upgradability. This project deepened my understanding of hardware compatibility, thermal management, and system-level performance tuning.

Custom Build Hardware Overclocking Cable Management

View build details →

// homelab · virtualisation

Proxmox Homelab

Repurposed a mini Dell OptiPlex into a Proxmox hypervisor hosting a Minecraft server, Pi-hole, and Wazuh SIEM. Significantly deepened my knowledge of Linux CLI, virtualisation, and self-hosted service management.

Proxmox Linux Wazuh Pi-hole Docker

View project →

// homelab · cybersecurity

Home SOC: Wazuh + Elastic

Built a Security Operations Centre on Proxmox using Wazuh for host-based intrusion detection and Elastic for log aggregation. 9 agents, 40,000 events per day, custom detection rules mapped to MITRE ATT&CK. Caught real threats in the first week.

Wazuh Elasticsearch Kibana Proxmox SIEM

View project →

// m365 · cybersecurity

M365 Tenant Hardening Checklist

A complete walkthrough of locking down a Microsoft 365 tenant from scratch. SPF, DKIM, DMARC, Conditional Access, BitLocker, DLP, sensitivity labels, and audit logging. 40+ controls, all documented with licence requirements.

Microsoft 365 Entra ID Intune DMARC Defender

View project →

// powershell · automation

Automated Compliance Reporting

PowerShell script that authenticates to the Microsoft Graph API, pulls all Intune device compliance data, builds a formatted HTML report, and emails it to stakeholders automatically each morning. Zero manual effort, £0 additional cost.

PowerShell Graph API Intune Automation

View project →

// migration · m365

Google Workspace to M365 Migration

Full documented migration for a 35-user business: Gmail to Exchange, Google Drive to SharePoint, Calendar and Contacts. Weekend cutover with zero email loss. Real decisions, real problems documented.

M365 Migration Exchange Online SharePoint MigrationWiz

View project →

// powershell · automation

Automated M365 Offboarding Script

One PowerShell command handles the full M365 offboarding process. Blocks sign-in, revokes sessions, removes licences, converts the mailbox, sets forwarding and out-of-office, and retires the Intune device. Full audit log generated automatically.

PowerShell Graph API Exchange Online Intune

View project →

// powershell · reporting

Monthly M365 Security Report

PowerShell script that pulls Secure Score, risky sign-in count, MFA registration coverage, and non-compliant devices from the Graph API and emails a formatted HTML report to management on the 1st of each month.

PowerShell Graph API Secure Score Automation

View project →

// what's next

More projects on the way

Always working on something new. Follow along on GitHub or check the blog for write-ups as projects progress.

GitHub → Read the Blog