Skip to main content
Shpend Kelmendi

Shpend Kelmendi

Software Engineer & Architect

Shpend Kelmendi is a Software Engineer and Cloud Architect at bbv Software Services AG. He leads the Cloud Community. He helps teams build solutions that are simple, sustainable, and customer-focused. His playground: Azure, DevOps, and cloud architecture — where complexity is optional, clarity is required. As a Microsoft Certified Trainer (MCT), he shares what he learns and helps others succeed in the cloud.

View all authors

Quick Azure Cost Management: Budget and Notifications with Bicep and alternatives

· 4 min read
Shpend Kelmendi
Shpend Kelmendi
Software Engineer & Architect
Quick Azure Cost Management: Budget and Notifications with Bicep and alternatives

Managing costs in the cloud is crucial to avoid unexpected expenses.
How many times have I read "Azure just charged me 1k dollars because of a misconfiguration".
Did it happen to you as well? Me too. And I know how stupid you feel after that. Sometimes it is not even our fault. (cough* strange defaults from Azure *cough)

So to avoid that, we can setup budgets and get notified when we reach certain thresholds.
It's important to know which scope you want to set the budget on. It can be at management group level, subscription level or resource group level. Choose the scope you are responsible for and want to monitor costs for.

What are the options? Let's explore them.

Practical guide to organizing Azure resources

· 5 min read
Shpend Kelmendi
Shpend Kelmendi
Software Engineer & Architect
How to organize Azure resources

Organizing Azure resources is one of those rare tasks that sounds straightforward until you actually start doing it.
Suddenly you’re trying to balance cost allocation, security boundaries, governance rules, domain ownership, deployment pipelines, and team autonomy. All while the number of services grows faster than your architecture diagram can keep up.

If designing cloud boundaries feels like organizing a city while it’s still being built, that’s because it is.
And like any good city, Azure needs structure: districts, buildings, addresses, zoning rules, and a way to understand who owns what. Why? Because moving buildings (or Azure resources) is not always easy.

This guide takes a practical look at how to design resource boundaries in Azure—using concepts from Domain-Driven Design (DDD), Team Topologies, CAF, Well-Architected Framework.

Fix expired secrets in Azure DevOps Service Connections

· 2 min read
Shpend Kelmendi
Shpend Kelmendi
Software Engineer & Architect

Workload Identity Federation is the recommended approach for Service Connection. So why would I use the old approach with an app registration where I need to rotate the secret by myself? Well, there are some pipeline tasks which doesn't support Workload Identity Federation.
And in this case, you have to use the old approach.
And today was the day of rotation.
And a team member tried to renew the secret but didn't know how to do it, because the problem is still not fixed correctly in the UI.

Let's check the steps to fix it.