Ravi Bajwa

Operational Duties:

• Managed day-to-day administration of Azure IaaS and PaaS resources to ensure 24/7 uptime.
• Oversaw Identity and Access Management (IAM) via Entra ID, focusing on Conditional Access configuration.
• Maintained infrastructure health through scheduled maintenance and automated patching with Azure Update Manager.
• Monitored system health using Azure Monitor and Log Analytics, proactively addressing performance issues.
• Acted as Tier 3 escalation point, collaborating with technical teams to troubleshoot complex infrastructure bugs.
• Drafted and maintained comprehensive technical documentation detailing system builds and disaster recovery procedures.

Project 1:Azure Governance & Resource Efficiency Initiative

• Built a multi-subscription Azure Landing Zone from scratch, leveraging Azure Policy and Management Groups to keep our cloud environment compliant and properly organized with resource tags.
• Drove FinOpsinitiatives by using Azure Cost Management to spot underutilized resources and cut unnecessary spend through right-sizing and general resource hygiene.
• Created automated deployment workflows so that different departments could spin up their own cloud environments while staying within our security and compliance guardrails.
• Handled RBACand Resource Locks across the enterprise to protect mission-critical workloads from unauthorized changes or accidental deletion.

Project 2: Hybrid Connectivity & Secure Traffic Management

• Set up a high-availability network using Azure ExpressRoute to give us a solid, private connection between our on-prem data centers and the cloud.
• Used Azure Virtual WAN to clean up our branch-to-cloud networking, which really helped speed things up for our different office locations.
• Deployed Azure Application Gatewaywith a Web Application Firewall (WAF) to keep our public apps and APIs safe from common web attacks.
• Configured Azure Private Link and Private Endpoints so that our sensitive data traffic stayed on our private network instead of going over the public internet.

Project 3: Advanced Cloud Security & Observability Operations

• Hardened our overall security posture by using Microsoft Defender for Cloud to find and fix vulnerabilities before they could be exploited.
• Set up Azure Key Vault to centralize how we handle secrets, keys, and certificates, making sure our app authentication and data encryption were handled securely.
• Built out an enterprise-wide Observability framework using Azure Monitorand Log Analytics to give us real-time dashboards for tracking system health and performance.
• Automated our security incident response using custom workflows, which let us quickly isolate and shut down infrastructure threats as soon as they were detected.

Project 4: Business Continuity & Multi-Region Disaster Recovery

• Used Microsoft Defender for Cloud to harden our security posture, proactively patching vulnerabilities to keep our secure score high.
• Centralized our secrets, keys, and certificates using Azure Key Vault, ensuring all application authentication and data encryption remained secure.
• Developed an enterprise Observability setup with Azure Monitor and Log Analytics to build real-time dashboards for tracking system health.
• Set up automated incident response workflows to quickly isolate and mitigate infrastructure threats the moment they were flagged.

• Administered Azure tenant operations, managing resource groups, subscriptions, and billing alerts across client portfolios.
• Built and maintained Azure Virtual Machines and App Services, ensuring optimal SKU selection and proper disk encryption.
• Managed Entra ID environments, including user identities, security groups, and enterprise app setup for Single Sign-On (SSO).
• Maintained Hybrid Identity functionality with Azure AD Connect, resolving sync errors to align on-premises and cloud identities.
• Executed Modern Endpoint Management via Microsoft Intune, overseeing device enrollment, configuration profiles, and remote app deployment.
• Conducted Cloud Security audits by analyzing Azure Monitor logs and addressing vulnerabilities identified by Microsoft Defender for Cloud.
• Configured VNet peering and managed Network Security Groups (NSGs) to secure traffic flow between cloud segments.
• Served as technical escalation point for complex Azure infrastructure issues, authoring Root Cause Analysis (RCA) reports to prevent recurrence.

Project 1: Enterprise Identity Modernization & Zero Trust Implementation

• Led the move from old on-prem Active Directory to a Hybrid Identity setup using Entra Connect to sync over 2,000 user accounts.
• Created and enforced Conditional Access Policies to protect company data, using MFA and device compliance to build a Zero Trust environment.
• Automated how we handle user accounts and temporary admin access using Privileged Identity Management (PIM), which helped cut down on security risks.
• Set up Azure App Proxy so employees could securely access our internal web apps from home without needing a slow VPN.

Project 2: Scalable Azure Virtual Desktop (AVD) Deployment & Optimization

• Built a multi-session Azure Virtual Desktop (AVD) setup for over 500 remote employees, using FSLogix to make sure user profiles loaded quickly and smoothly.
• Cut cloud compute costs by using Autoscale and picking the right Azure VM sizes based on how much power the team actually needed.
• Made apps run better by using MSIX App Attach, which separated the apps from the OS for faster sign-ins and easier updates.
• Set up Azure Front Door and global load balancing so users across different regions had a fast, low-latency connection to their desktops.

Project 3: Unified Endpoint Management & Automated Provisioning

• Moved our old SCCM-managed devices over to Microsoft Intune, reaching full cloud management for all our Windows and mobile devices.
• Created a "Zero-Touch" setup process with Windows Autopilot, which cut down the time it takes to get a new hire's laptop ready from hours to just a few minutes.
• Used Intune Compliance Policies to make sure every device was secure, keeping things like BitLocker encryption and software updates up to standard.
• Automated how we package and push out third-party apps using Patch My PC, which helped us fix software security holes within short time window.

• Resolved daily escalations for enterprise clients, addressing complex network outages and service interruptions.
• Monitored core network health and circuit stability across multiple carrier backbones.
• Conducted deep-packet analysis and log reviews to identify and rectify connectivity issues in VoIP and IPTV systems.
• Managed internal ticketing system, ensuring detailed root cause analysis and solutions for each escalation.
• Mentored Tier 1 support team, providing expertise on advanced routing issues and hardware failures.
• Collaborated with upstream providers and field technicians to coordinate repairs within strict SLA deadlines.

Project 1: Network Connectivity Troubleshooting.

• Acted as a senior escalation point for complex Layer 2 and Layer 3 network issues across major Canadian carrier backbones like Bell, Rogers, and Telus.
• Found and fixed routing and switching bottlenecks using BGP and OSPF protocols to keep WAN connections stable for business clients.
• Handled advanced troubleshooting for Site-to-Site VPNs and Point-to-Point circuits to ensure secure data flow between offices and data centers.
• Used advanced diagnostic tools to find the root cause of "last mile" infrastructure failures, which helped speed up recovery during critical outages.

Project 2: Infrastructure Service Reliability & SLA Management.

• Took the lead on fixing large-scale service drops, working with internal engineers and providers to meet our SLA deadlines.
• Wrote and updated technical SOPs to help the Tier 1 team quickly figure out if a problem was caused by hardware or a circuit failure.
• Studied network performance and traffic logs to find recurring issues and suggested infrastructure upgrades to stop them from happening again.
• Handled escalated tickets for VoIP and IPTV problems, using deep packet inspection to fix lag and jitter issues in the core network.

• Administered Windows Server (2012 R2/2016), ensuring health monitoring, user account management, and file permissions.
• Executed routine Active Directory maintenance, maintaining database integrity and updating Group Policies across all sites.
• Monitored VMware vSphere environment, assessing ESXi host performance and reallocating VM resources via vCenter.
• Managed SAN storage, tracking capacity and performance to support SQL database growth requirements.
• Executed daily backups with Veeam and performed regular test restores for data recovery assurance.
• Oversaw WSUS server operations, testing and deploying critical security patches to all servers and workstations.
• Provided Tier 3 support during major infrastructure outages, diagnosing root causes and resolving hardware issues.
• Updated technical documentation, including network diagrams and SOPs, ensuring accessible guidance for the team.

Project 1: High-Availability Virtualization & Compute Consolidation

• Built and deployed a VMware vSphere 6.0 cluster, moving old physical servers into a virtual setup to make better use of our hardware.
• Configured High Availability (HA)and DRS to make sure our critical highway management apps stayed online with zero downtime.
• Managed Windows Server 2012 R2/2016throughout their lifecycle, handling everything from creating "gold images" to automated patching via WSUS.
• Standardized how we harden our servers to make sure they passed security audits and met all company compliance rules.

Project 2: Enterprise Identity & Directory Services Optimization

• Cleaned up our Active Directory (AD DS) structure by reorganizing OUs, which let us use more specific Group Policy (GPO) settings.
• Managed FSMO roles and ran regular health checks on Domain Controllers to make sure our login services never went down across different sites.
• Set up DNS and DHCP failover, ensuring that the network stayed connected and IP addresses were always available.
• Handled secure remote access and user permissions using AD security groups, making sure employees had exactly the access they needed.

Project 3: Storage Modernization & Disaster Recovery Planning

• Managed our SAN storage by setting up LUNs and handling masking and zoning to support our heavy database workloads.
• Designed a solid backup and recovery plan using Veeam, which significantly cut down the time it would take to get back online after a failure.
• Speed up SQL Server performance by moving data and log files onto high-speed flash storage and fixing disk alignments.
• Ran Disaster Recovery (DR) drillsevery quarter to test our failover steps and make sure our offsite data was safe and ready to use.