Shannon Eldridge Kuehn
LightNews LightNews
banner
sbkuehn.bsky.social
Shannon Eldridge Kuehn
@sbkuehn.bsky.social
70 followers 70 following 48 posts
Cloud, FinOps, & Platform Engineering Leader @Ahead. Ex @Microsoft. DJ. Lover of tech, books, music, & food. Cat & human Mom. tweets == myOwn. She/Her.
Posts Replies Media Videos
sbkuehn.bsky.social
If your cloud architecture feels like Carmy’s kitchen during lunch rush, you might be running headfirst into Conway’s Law. I wrote about it.

www.shankuehn.io/post/conway-...

#conwayslaw #thebear #squads
Conway’s Law: What Your Cloud Team Can Learn from Stressed Out Kitchen Staff
I was reminded of Conway’s Law the day I watched an episode of The Bear where Carmy tried to redesign the entire kitchen workflow in the middle of lunch service. Onions were flying. Pans were screamin...
www.shankuehn.io
November 13, 2025 at 3:32 AM
sbkuehn.bsky.social
My old Pay-As-You-Go API: 💀
My new Exports API: 😎

Microsoft is changing the endpoint, so I wrote a blog to save you the debugging spiral.

👉 Read it here: www.shankuehn.io/post/updatin...

#Azure #FinOps #Cloud
Updating Your Scripts: PowerShell and Python for the New Azure PAYG APIs
In my last post, I talked about what’s changing with Azure’s Pay-As-You-Go (PAYG) APIs and why the old Usage Details endpoint is being retired. Now it’s time to roll up our sleeves! If your FinOps aut...
www.shankuehn.io
November 1, 2025 at 7:42 PM
sbkuehn.bsky.social
RIP to the old Azure Usage Details API. You served us well, throttles and all.

Time to meet your replacement: Cost Details and Exports.

What’s changing, why it matters, and how to stay ahead of the cutoff:
www.shankuehn.io/post/the-azu...
The Azure PAYG API Shift: What’s Actually Changing (and Why It Matters)
If you pull cost data from Azure’s Pay-As-You-Go (PAYG) subscriptions, you might have noticed something new in Microsoft’s documentation lately: the legacy “Get Usage Details” API is being deprecated....
www.shankuehn.io
October 29, 2025 at 1:28 AM
sbkuehn.bsky.social
Latency gets up early and moves fast.
Throughput stays up late moving a lot.

Read the full breakdown (and why your “slow” app might not be what you think):
👉 www.shankuehn.io/post/latency...

#Cloud #FinOps #PlatformEngineering #Azure #AWS #Latency #Throughput
Latency vs Throughput: Why They Get Mixed Up and Why That Matters
People often toss around latency and throughput like they are one and the same. They are not. They live in the same world but serve very different roles. One cares about how fast something starts. The...
www.shankuehn.io
October 26, 2025 at 7:54 PM
sbkuehn.bsky.social
Achievement Unlocked!
October 2, 2025 at 1:58 AM
sbkuehn.bsky.social
So this STILL comes up in conversations with customers (take note, Microsoft!):

Even wizards need architecture reviews. Check your castle before the dragons show up (in Azure).

#waf #wafr #wellarchitected #azure

www.shankuehn.io/post/what-ex...
What Exactly is the "Azure Well-Architected Review"?
Picture this: you have built a castle in the cloud (filled with all your Azure workloads). Everything looks amazing, but is it safe, strong, and efficient? Will it handle a sudden rush of traffic or u...
www.shankuehn.io
October 2, 2025 at 12:16 AM
sbkuehn.bsky.social
CIEM is fancy, but sometimes all you need is Microsoft Graph, PowerShell (or Python), and a quick reality check on who has way too much access.

#entraid #overprivileged #identity #IAM

www.shankuehn.io/post/identif...
Identifying Over-Privileged Identities Using Microsoft Graph
All code for this blog can be found here.I keep hearing more and more interest by customers I work with in exploring Cloud Infrastructure Entitlement Management (CIEM) solutions. Their focus is usuall...
www.shankuehn.io
September 27, 2025 at 1:36 AM
sbkuehn.bsky.social
There’s nothing like an SSL certificate error to remind you technology is basically duct tape and trust. Blog’s up on the quick fix for GitHub clones on Windows (yeah, yeah, yeah...I should probably just use a Mac at some point).

www.shankuehn.io/post/when-gi...
When GitHub Won’t Clone: Fixing the SSL Certificate Problem on Windows
So there I was, ready to pull down a GitHub repo and get to work finishing a recent blog. I typed in the familiar command:git clone https://github.com/sbkuehn/transit-routing-vnet-peer.gitAnd what doe...
www.shankuehn.io
September 26, 2025 at 5:56 PM
sbkuehn.bsky.social
MFA resets: Because apparently everyone’s phone disappears right before Monday’s all-hands. New post breaks down the three ways to reset MFA in Entra ID. Spoiler: Not all resets are created equal.

👉 www.shankuehn.io/post/resetti...
Resetting MFA in Microsoft Entra ID: The Three Flavors of Reset
All code for this blog can be found here. I've been trailblazing with Azure since 2016. Before 2016, I set up an Entra ID (formerly Azure Active Directory) tenant for my O365/Exchange Online environme...
www.shankuehn.io
September 24, 2025 at 2:02 AM
sbkuehn.bsky.social
Transitive routing in 2025: still breaking my home lab. Turns out the problem was me (and my networking design). Blog’s here:

shankuehn.io/post/transit...

#networking #cloud #design #transitiverouting
Transitive Routing in 2025: Still Relevant, Still Causing Trouble
All code for this blog can be found here.So this is still relevant in 2025. Having worked at Microsoft, I always believed customers were at the AI level of cloud adoption. After Microsoft and working ...
shankuehn.io
September 20, 2025 at 8:24 PM
sbkuehn.bsky.social
Me: “Let’s save money with Spot VMs.”
Azure: “LOL. Cute. Evicted.”

So I:

1. Dug up the disks & NIC
2. Deleted the VM
3. Rebuilt it PAYG
4. Enabled Trusted Launch
5. No IPs harmed. No restore point needed.

Blog: www.shankuehn.io/post/flippin...

#Azure #CloudOps #PowerShell
Flipping a Spot VM to PAYG in Azure (Without Losing Your Disks, NIC, or Sanity)
All code for this blog can be found here.So you went all-in on Spot VMs to save money, but now you’ve hit that dreaded eviction wall. Whether your instance was deallocated or you’re simply ready to mo...
www.shankuehn.io
September 15, 2025 at 12:41 AM
sbkuehn.bsky.social
Pulled the plug on my Azure S2S VPN. Everything still works. Tailscale: 1, old VPN: 0. 🐢🌐

www.shankuehn.io/post/site-to...

#tailscale #meshvpn #azure #cloudops #part3
Site-to-Site Networking with Tailscale: Part 3 — Two Regions, One Tailnet
All code for this blog post can be found here.By now you’ve probably figured out I like to make things harder on myself before I make them easier. The first blog post was about beating the UDM Pro int...
www.shankuehn.io
September 13, 2025 at 8:28 PM
sbkuehn.bsky.social
Azure Update Manager didn’t work. Now it does. The fix? One sudoers line. 🎤 www.shankuehn.io/post/fixing-...

#azure #update #manager #sudoer #fixitall #learnitall
Fixing “Sudo Status Check Failed” in Azure Update Manager
All code for this blog can be found here.Azure Update Manager promises to make patching easier. The idea is simple: assess your VMs, install updates, and report on compliance without you logging into ...
www.shankuehn.io
September 13, 2025 at 2:44 AM
sbkuehn.bsky.social
Az CLI on Windows: where az login turns into chaos engineering. where.exe az found the culprit, cleanup fixed it.

#azcli #windows #dllnotfound

www.shankuehn.io/post/when-az...
When Az CLI and Windows Stop Playing Nice
Shannon's Disclaimer: All code for this blog can be found here. I'm going to start out code based blogs with their own repo and will clean up older blog posts as time allows.If you spend enough time w...
www.shankuehn.io
September 11, 2025 at 6:49 PM
sbkuehn.bsky.social
Not all Azure logs are created equal. Some stick around for 90 days, some for years, and others vanish unless you export them. I broke it down in Demystifying Log Retention in Azure.

www.shankuehn.io/post/demysti...

#monitorallthethings #log #retention #azure #cheat #sheet
Demystifying Log Retention in Azure
Often times I think the idea is not to confuse, but when you sort of pile on all the different services in Azure, some of the details get muddy and quickly. One of the areas that I even have hard time...
www.shankuehn.io
September 8, 2025 at 1:30 AM
sbkuehn.bsky.social
Durability ≠ Resiliency ≠ Backups.

A customer asked me: “Doesn’t GRS mean we’re covered?”

I wrote up why the answer is “partially”...plus shared a PowerShell script to check your own Blob accounts. #Azure #storage

🔗 www.shankuehn.io/post/i-m-usi...
"I'm Using GRS...Aren't I Covered?" A Curious Question Met With The Reality of Azure Storage
This post came from a customer conversation that started with a seemingly innocent question:“I’m using GRS for my storage accounts. Doesn’t that basically cover me if there’s a compelling event?”On th...
www.shankuehn.io
September 7, 2025 at 1:42 AM
sbkuehn.bsky.social
Spent part of the weekend in my homelab making packets flow like magic… because “everyone connected everywhere with ease” doesn’t configure itself.
#homelab #pihole #networking

www.shankuehn.io/post/more-ho...
More Home Networking Wrestling!
One of the joys of running a homelab is the constant reminder that technology never sits still. I'm currently in the middle of a massive overhaul at home and I've heard that my posts have helped other...
www.shankuehn.io
September 1, 2025 at 6:36 PM
sbkuehn.bsky.social
Looked simple on paper. Reality? Approvals, retries, and angry routes before my Azure subnet router finally behaved. Now the tailnet stretches clean across on-prem + cloud. Part 2 blog with the scars included.

#tailscale #azure #azcli

👉 www.shankuehn.io/post/site-to...
Site to Site Networking with Tailscale: Part 2 — Teaching Azure Some New Tricks
In Part 1, I wrestled my Unifi Dream Machine Pro into submission and got it talking on Tailscale. That gave me a subnet router for my home LAN (192.168.1.0/24). Now it is time to bring Azure into the ...
www.shankuehn.io
September 1, 2025 at 2:00 AM
sbkuehn.bsky.social
Standard VPNs in Azure are expensive. Wrestling a UDM Pro into Tailscale is comedy. At least the repo errors built character. 😂 #part1of3 #tailscale #udmpro

www.shankuehn.io/post/site-to...
Site to Site Networking with Tailscale: Part 1 — Wrestling a UDM Pro Into Submission
I set out to replace my traditional Azure site to site VPN with something lighter and easier to manage (plus Microsoft is effectively retiring the Basic S2S VPN SKU on January 31, 2026). The idea was ...
www.shankuehn.io
August 30, 2025 at 7:46 PM
sbkuehn.bsky.social
Platform engineering teams succeed when they scale together...not when one person is sweating bullets while everyone else just codes away. #teamdynamics #structureyourteamright #platformengineering

www.shankuehn.io/post/buildin...
Building the Right Platform Engineering Team
Platform engineering isn’t just about standing up Kubernetes clusters or pushing Terraform templates. It’s about creating a team that accelerates developers instead of slowing them down. In today’s cl...
www.shankuehn.io
August 29, 2025 at 9:20 AM
sbkuehn.bsky.social
Some more content comin' for ya'!

Kubernetes is magical, but the real trick is having an operating model so the magic does not burn down the village. #k8s #kubernetes #sorcery #magic

www.shankuehn.io/post/kuberne...
Kubernetes without an Operating Model is Just Controlled Chaos
Containers and Kubernetes often arrive in organizations with big promises. I can't tell you the amount of customers I work with who believe Kubernetes is the promised land (oh contraire mon frere). Ge...
www.shankuehn.io
August 28, 2025 at 11:45 PM
sbkuehn.bsky.social
Pro tip: Don’t “accidentally” enable Sentinel in your VS sub with IaC… unless you want it to self-destruct in 17 days. 😅

I learned the hard way. Here’s how to turn it off without redeploying:

🔗 www.shankuehn.io/post/how-to-...

#Azure #Sentinel #LogAnalytics #TipsFromTheField
How to Remove Microsoft Sentinel (Security Insights) from a Log Analytics Workspace
Over the course of my career, I've picked up various Visual Studio Subscriptions that enable me to build and maintain a small Azure footprint to the tune of $150/month. My Microsoft Certified Trainer ...
www.shankuehn.io
August 25, 2025 at 2:25 PM
sbkuehn.bsky.social
The easy questions never make it to my meetings.

What makes it to my meetings?

“How do I save the day when every VM across my tenant forgot boot diagnostics?”

Answer: PowerShell, Policy, and a new blog post to follow.

#azure #bootdiagnostics #howto

www.shankuehn.io/post/turning...
Turning on Boot Diagnostics for Every VM in Your Azure Tenant
Like a lot of my posts lately, this one kicked off with a customer question. An innocent question at that, but the kind that makes you pause and realize plenty of others are probably wondering the sam...
www.shankuehn.io
August 20, 2025 at 1:45 AM
sbkuehn.bsky.social
NEXT BLOG POST!

You can’t cut your way to growth. FinOps success isn’t measured in discounts, it’s measured in decisions. Here’s the next step beyond savings.

www.shankuehn.io/post/past-th...

#metricsthatmatter #beyondcostsavings #finopsevolution
Past the Price Tag: What FinOps Success Really Looks Like
When people hear the word FinOps, their minds almost always jump to one thing: savings. • “How much money can we cut from the cloud bill?” • “Where can we shave costs?” • “Why is this so expensive?” ...
www.shankuehn.io
August 20, 2025 at 12:44 AM
sbkuehn.bsky.social
Me: How much free space do my Azure VMs have? Azure Resource Graph, do you know?
Azure Resource Graph: Lol, nope.
Me: PowerShell + Log Analytics to the rescue.

www.shankuehn.io/post/the-gre...
The Great Disk Space Hunt: Why Azure Resource Graph Won’t Tell You Everything
Like a lot of my blog posts as of late, I get asked all sorts of questions by customers struggling to make sense of Azure and in this case, it all started innocently enough: A customer asked me a seem...
www.shankuehn.io
August 18, 2025 at 2:23 AM