Antonio Sansica IT Systems Engineer
01 / Index Remote-first

Let's make it boring,
in the best way possible.

I'm a freelance IT Systems Engineer working with modern teams on Microsoft 365, Zero Trust endpoint management, and resilient network architectures. I turn messy tenants and ad-hoc networks into auditable, automated, observable systems.

Start an engagement What I do
§ 02 — Writing

Field notes on identity, network, and observability.

Latest / 6
2026 · 04 · 09 Migrating a legacy fleet to Intune without breaking compliance A field-tested checklist — staged enrollment, ESP policy, and co-management fallbacks. Intune · Autopilot 2026 · 03 · 22 Conditional Access patterns that actually survive audit Named locations, device-state signals, and why "block legacy auth" is necessary but nowhere near sufficient. Entra ID 2026 · 02 · 18 Graylog + Wazuh: a small-team SIEM that won't eat your weekend Ingesting Windows, macOS and firewall logs with sane retention, actionable alerts, and reports leadership actually reads. Security · SIEM 2026 · 01 · 30 Designing a resilient small-office network with Meraki + UniFi When to mix vendors, how to stage SSIDs for BYOD vs corporate, and the VLAN layout I keep reaching for. Networking 2025 · 12 · 11 Autopilot + ESP: fixing the 20-minute onboarding Targeted apps, Win32 sequencing, and the handful of CSPs that cause most ESP timeouts in the wild. Intune · Autopilot 2025 · 11 · 04 Zabbix at 200 hosts: the starter playbook I wish I'd had Templates, discovery rules, macros — and the three dashboards that catch 90% of incidents before the alert hits. Monitoring
All articles →
§ Writing

Field notes.

Practical posts from real engagements — endpoint management, identity, networking, observability. Opinions, numbers, and the occasional config snippet.

Filter
2026
2026 · 04 · 09Migrating a legacy fleet to Intune without breaking complianceStaged enrollment, ESP policy, and co-management fallbacks from the NOBULL engagement.Intune · Autopilot 2026 · 03 · 22Conditional Access patterns that actually survive auditNamed locations, device-state signals, and the "block legacy auth" fallacy.Entra ID 2026 · 03 · 02PIM everywhere: Just-in-Time elevation for small IT teamsScoping roles, approval flows, and the Break-Glass accounts you actually need.Entra ID 2026 · 02 · 18Graylog + Wazuh: a small-team SIEM that won't eat your weekendWindows, macOS and firewall logs with sane retention and a Power BI overlay.Security · SIEM 2026 · 01 · 30Designing a resilient small-office network with Meraki + UniFiMixed-vendor VLAN layout, BYOD staging, and failover patterns.Networking 2026 · 01 · 12Ansible for Windows: the parts that still bite in 2026WinRM, Kerberos double-hop, and the PowerShell DSC handoff.Automation
2025
2025 · 12 · 11Autopilot + ESP: fixing the 20-minute onboardingTargeted apps, Win32 sequencing, and CSPs that cause most ESP timeouts.Intune · Autopilot 2025 · 11 · 04Zabbix at 200 hosts: the starter playbook I wish I'd hadTemplates, discovery rules, and the three dashboards that catch 90% of incidents.Monitoring 2025 · 09 · 16SonicWall NSA + SMA: perimeter that doesn't get in the wayLayering WAN rules, DPI-SSL decisions, and SMA portals for contractors.Networking 2025 · 08 · 20From SCCM to Intune: a realistic 90-day cutoverCo-management, workload shifting, and the scripts that bridge the gap.Intune · Autopilot
§ Capabilities

What I do.

Focused engagements across Microsoft 365, identity, security and network infrastructure. For role history and past engagements, see my LinkedIn.

Services
S·01 Endpoint · Identity
Microsoft 365 / Zero Trust

M365 tenant hardening

Tenant audits, Conditional Access design, Intune enrollment at scale, Autopilot provisioning, and privileged access with PIM. I bring tenants from ad-hoc to auditable — with a documented baseline your internal team can keep running.

AuditTenant review & gap analysis
MigrateLegacy MDM / SCCM → Intune
HardenCA policies, device compliance, PIM
DocumentRunbooks for handoff
S·02 Network
LAN / WAN / Perimeter

Network design & multi-site fabric

SLA-backed, highly-available networks for offices and small datacenters. VLAN segmentation that actually maps to policy, DPI-enabled perimeter, remote-access portals for contractors, and a boring day-to-day that stays boring.

DesignTopology, VLAN, SSID plan
DeployMeraki / UniFi fabrics
SecurePerimeter & remote access
OperateSLA-backed ongoing support
S·03 Observability
Monitoring & SIEM

Centralized logging, monitoring & SIEM

Right-sized monitoring for small and mid-sized IT teams. Zabbix for infrastructure health, Graylog or Wazuh for security-relevant logs, and reports when leadership needs numbers. Alerts tuned to be actionable, not noisy.

InstrumentServers, network, endpoints
IngestWindows / Linux / FW logs
AlertActionable thresholds & SLOs
ReportExecutive-ready dashboards
S·04 Security
EDR / Vulnerability mgmt

Endpoint detection, response & vuln management

Select, deploy and standardize EDR across Windows and macOS fleets. Vulnerability scanning, DNS-layer protection, and a response playbook the team can follow at 3am without paging me.

SelectEDR / vuln tooling fit-check
DeployFleet-wide rollout
RespondPlaybooks & triage runbooks
TrainInternal-team handoff
§ Contact

Start an engagement.

Quick note on scope, timelines, and the tenant or environment you need looked at. I'll reply within one business day — usually faster.