Currently at Microsoft Germany · Munich, DE

Securing identity
and infrastructure
at enterprise scale.

I'm Jan Tiedemann — a Cloud Solution Architect at Microsoft, focused on Azure Network & Security. For 20+ years I've designed, hardened and rescued Active Directory, identity, cloud and network‑security platforms for some of Europe's largest enterprises.

Explore my work Download résumé (PDF)
  • 0years in IT security
  • 0open‑source repos
  • 0commits last year
01 — About

Engineer. Trainer. Troubleshooter.

Based in Munich, I work for Microsoft Deutschland as a Cloud Solution Architect, partnering with enterprise customers across EMEA on Microsoft's most demanding cloud, security and identity platforms. My day‑to‑day swings between deep technical architecture, hybrid & Azure adoption, executive briefings and hands‑on enablement.

I started out as an industrial mechanic, picked up a computer‑science degree from FH Frankfurt, and spent the early 2000s migrating 80,000 Allianz/Dresdner users from Windows NT 4.0 into Active Directory. Since then I've kept following the same thread: how do we make identity, networks and the Microsoft stack genuinely secure — without breaking the business?

On the side I maintain several open‑source PowerShell modules for AD and Windows forensics, plus a Home Assistant integration for my motorhome.

02 — Experience

A 25‑year arc through enterprise IT

  1. 03/2007 — present Microsoft Deutschland GmbH · Munich

    Cloud Solution Architect (19+ yrs at Microsoft)

    Trusted advisor to Microsoft enterprise customers across EMEA on cloud adoption, identity, Active Directory, Entra ID, PKI and network‑security platforms.

    • Cloud Solution Architect — 07/2023 → present
    • Cloud Solution Architect — Engineering — 08/2022 → 07/2023
    • Senior Customer Engineer — EMEA Apps & Infrastructure — 07/2020 → 08/2022
    • Senior Premier Field Engineer — 03/2007 → 08/2022

    Earlier in tenure: Master Trainer for DirectAccess (IPv6 / IPSec), creator of the internal DirectAccess Assessment service, member of the Windows Server 2012 R2 Web Application Proxy test team, and author of multiple TechNet articles on Threat Management Gateway, IIS and Unified Access Gateway.

    • Active Directory
    • Entra ID
    • PKI
    • ADFS
    • DirectAccess / IPv6
    • TMG / UAG / WAP
    • IIS
  2. 01/2004 — 02/2007 Allianz · Unterföhring

    Senior Active Directory Architect

    Member of the Active Directory Engineering Team. Technical project lead for the migration of 80,000 users and 120,000 groups from Windows NT 4.0 account domains into the new Allianz Active Directory forest. Designed Disaster‑Recovery for AD, drove the Lotus Notes → Exchange 2003 migration, and introduced Microsoft Identity Integration Server (MIIS).

    • AD Engineering
    • AD Migration
    • Exchange 2003
    • MIIS
    • MOM 2005
  3. 11/2000 — 12/2003 Dresdner Bank AG · Frankfurt

    Windows System Engineer

    Active Directory and Internet Information Services Engineer. Co‑designed and implemented the original Active Directory for the Dresdner Bank group, migrated 600 NT 4.0 branch domains into the consolidated central forest, and built the hierarchical AD administration role‑model that drastically reduced the number of Domain Admins. Member of the bank's Directory Services Technical Control Board.

    • AD Design
    • Domain Migration
    • IIS
    • MOM 2000
  4. 03/1998 — 10/2000 Dresdner Bank AG · Frankfurt

    NT System Engineer

    Windows NT and Fibre Storage specialist. Early SAN pioneer — evaluated Fibre Channel topologies (Arbitrated Loop, Fabric, Point‑to‑Point) for connecting Windows NT servers to Comparex and EMC storage subsystems, and rolled out IBM Netfinity 1U servers with FC connectivity.

    • Windows NT
    • Fibre Channel / SAN
    • IIS 4.0
  5. 1996 — 1999 Frankfurt University of Applied Sciences

    Dipl.‑Informatiker (FH) — Computer Science

    Degreed computer scientist. Active in the digital signal processing (DSP) group at FH‑FFM. Diploma thesis: a web‑based database query system built on Oracle NT, PL/SQL and Perl.

03 — Skills

What I bring to a project

Identity & Access

Active Directory, Entra ID, Entra ID Connect (hybrid sync), ADFS, Kerberos hardening, MFA, conditional access, PKI & smartcard logon.

  • AD / Entra ID
  • Entra ID Connect
  • ADFS
  • Kerberos
  • RBAC
  • PKI

Security & Hardening

Threat & risk assessments, server hardening, perimeter design, NTLM/RC4 auditing, incident forensics.

  • Hardening
  • RC4 / NTLM audit
  • RDP forensics
  • Spectre / MDS

Networking & Edge

Azure VPN (S2S / P2S), Azure Application Gateway & WAF, IPv6, IPSec, DirectAccess, Web Application Proxy, Unified Access Gateway, Threat Management Gateway, IIS.

  • Azure VPN
  • Azure App Gateway / WAF
  • IPv6
  • IPSec
  • DirectAccess
  • WAP / UAG / TMG
  • IIS

Automation & Code

Production‑grade PowerShell modules, Pester testing, Sampler build pipelines, GitVersion releases, CI/CD on Azure DevOps and GitHub.

  • PowerShell
  • Pester
  • Sampler
  • Azure Pipelines
  • C# .NET

Consulting & Delivery

Workshops, executive briefings, EMEA‑wide training, health‑check assessments, and translating deep tech into business outcomes.

  • Workshops
  • Assessments
  • Training
  • Pre‑Sales

IoT & Home Automation

Home Assistant integrations, BLE/CAN reverse engineering, embedded Python/ESPHome — currently building HYMER Connect for motorhomes.

  • Home Assistant
  • BLE
  • ESPHome
  • Python
04 — Projects

Open source & side projects

Live‑fetched from github.com/BetaHydri. All public repositories, sorted by recent activity.

View all 65 repositories on GitHub →
05 — Contact

Let's talk.

Hiring for a security or identity project? Need a second opinion on an AD migration, PKI rollout or Entra ID architecture? Or just curious about the HYMER Connect integration? I'd love to hear from you.

Email jan.tiedemann@outlook.com LinkedIn jan-tiedemann-a0a37819 GitHub @BetaHydri Résumé Download as PDF