Cloud-Based School Network Deployment
☁️ This project demonstrates my ability to design and deploy a secure, enterprise-style cloud network using Microsoft Azure and Active
Directory. The goal was to simulate a real-world school IT environment with centralized identity management, role-based access control,
and strong network segmentation to protect users and systems.
⚙️ The environment was built in Azure using a custom Virtual Network (VNet) segmented into Management, Server, and Client subnets to
reduce attack surface and enforce logical separation. A Windows Server domain controller was deployed to provide Active Directory Domain
Services (AD DS) and DNS, enabling centralized authentication, authorization, and policy enforcement across all domain-joined systems.
🔐 Security and access control were core design priorities. Network Security Groups (NSGs) were configured to block direct public access
to virtual machines while allowing secure administrative connectivity through Azure Bastion. Organizational Units (OUs), security groups
, and Group Policy Objects (GPOs) were implemented to enforce least-privilege access—restricting student permissions, granting elevated
rights to IT administrators, and simplifying Remote Desktop access without manual workstation configuration.
📁 Shared resources were centrally managed and protected using NTFS and share permissions to ensure only authorized teacher accounts
could access sensitive data. This mirrors real educational environments where controlled access to shared curriculum and administrative
resources is critical.
🚀 Through this project, I demonstrated hands-on experience with Azure networking, Windows Server administration, Active Directory
design, and Group Policy management. The deployment reflects real-world enterprise practices and highlights my ability to build secure,
scalable cloud infrastructure suitable for educational and organizational environments.
Email