Azure HA for Sophos is not the same as plugging two appliances into the same LAN. Use Azure Load Balancer with health probes, then align policy across nodes with Sophos Central—because you are orchestrating two independent firewalls, not one clustered brain.
Stand up Sophos Firewall (SFOS) as a VM on Proxmox for proof-of-concept or lab: images, NICs, resources, and a few pitfalls before you mirror the same design in production hardware.
Split Main, Guest, and IoT networks on a UDM Pro, keep IoT off your trusted LAN, and allow Chromecast and AirPlay from phones and laptops without flattening security.
Use Microsoft’s Win32 Content Prep Tool to wrap your installer folder into an .intunewin, then publish a Win32 app with silent install and detection.
Structuring Entra ID policies so security improves without endless exclusions.
A practical order of operations before you flip enforcement policies.
Why quarterly test restores beat a perfect backup policy on paper.
Constrained language, logging, and approval flows for high-privilege sessions.
Split-horizon, logging, and filtering without turning your helpdesk into a ticket factory.