Jet Mariano

Author: jetnmariano

  • “Meeting The Challenges Today” Neal A. Maxwell

    Last light, first peace. Syracuse Utah Temple. 🌅

    “Meeting the Challenges of Today” — Elder Neal A. Maxwell

    Intro

    Driving to the Syracuse Temple, I queued up Elder Neal A. Maxwell’s 1978 devotional “Meeting the Challenges of Today.” One line kept burning: God’s foreknowledge and foreordination “underline how very long and how perfectly God has loved us and known us with our individual needs and capacities.” That changes how I face pushback—not with heat, but with holy steadiness.

    Listening loop: I’ve listened/read this message 30+ times since Thursday—car to Jordan River, then to Syracuse. Each pass peeled back another layer.

    Selected lines (to read slowly)

    • “In the months and years ahead, events will require of each member that he or she decide whether…to follow the First Presidency.”
    • “A new irreligion seeks to make itself the state religion…using preserved freedoms to shrink freedom.”
    • “Be principled but pleasant…perceptive without being pompous.”
    • “We were measured before and found equal to our tasks…God will not overprogram us.”

    Doctrine Note: Foreordination ≠ Predestination

    Foreordination is a conditional stewardship, not a guarantee. God can foresee outcomes without forcing them; agency remains intact.

    • David: God foresaw David’s fall but did not cause it. David chose Bathsheba; agency—and accountability—were David’s.
    • Martin Harris (116 pages): God foresaw the loss and prepared a remedy centuries earlier (see D&C 10; Words of Mormon).
    • Conclusion: God is never surprised; we are never compelled. Foreordination calls us to faithfulness, not fatalism.

    When minor defeats loom

    “There will also be times, happily, when a minor defeat seems probable, that others will step forward, having been rallied to righteousness by what we do.” — Elder Neal A. Maxwell

    How I’ve seen this: when I was knocked down at work, unexpected help appeared—quiet encouragements, timely messages, and small mercies that kept me moving. God’s compensating provisions are often people.

    Practice today: Who can I quietly rally by how I show up? Act first; announce later.

    My working understanding now

    • God doesn’t live inside my clock. He sees past–present–future at once.
    • Agency is real. He allowed me to choose Utah and walk hard roads; He wasn’t the cause of every sorrow, nor surprised by any of it.
    • Compensating provisions exist. He prepares remedies far ahead of my missteps.
    • **We are not foreordained to fail, but called to succeed—**and to become.

    Becoming, Not Just Describing

    Maxwell doesn’t invite us to argue; he invites us to become. Utah’s quiet—sometimes lonely—became the classroom where I finally studied harder, worshiped more steadily, and let the doctrine soak until it changed my reflexes.

    How I’ll practice becoming (small and daily):

    • Act > announce: do the next right thing before I say the next right thing.
    • Covenant rhythm: weekly temple worship, even when feelings lag.
    • Charity first: measure responses by love, not by likes or score-keeping.
    • Ask once, then release: honor others’ agency as God honors mine.

    Working creed: God foresees; I choose. If I stay on the covenant path, I’m not “stuck”—I’m becoming what my blessing already pointed to.

    Foreordination (Maxwell’s core teaching — extended excerpt)

    “Foreordination is like any other blessing—it is a conditional bestowal subject to our faithfulness… Prophecies foreshadow events without determining the outcomes… God foresaw the fall of David, but was not the cause of itGod foresaw, but did not cause, Martin Harris’s loss… and made plans to cope with that failure over fifteen hundred years before it was to occur.”

    Premortal memory (often called the “council in heaven”) — Joseph F. Smith:

    “In coming here, we forget all, that our agency might be free indeed… by the power of the Spirit… we often catch a spark from the awakened memories of the immortal soul, which lights up our whole being as with the glory of our former home.” (Gospel Doctrine, pp. 13–14)

    Why this belongs here: Foreordination honors agency; mortal forgetting protects it. The Spirit’s “spark” is what turns doctrine into direction—reminding me who I’m to become, not scripting how I’m forced to get there.

    When minor defeats loom (for this week’s online heat)

    “There will also be times, happily, when a minor defeat seems probable, that others will step forward, having been rallied to righteousness by what we do.”

    Application: in the FB pile-on, unexpected help appeared. God’s compensating provisions are often people. Charity begets courage in others.

    Tone to keep (even online):

    “Be principled but pleasantperceptive without being pompoushave integrity and not write checks with our tongues which our conduct cannot cash.”

    We cannot judge who will come (God’s sight ≠ our verdicts)

    “The Lord… said, ‘Cast the net on the right side’… If he knew beforehand the whereabouts of fishes in the Sea of Tiberias, should it offend us that he knows beforehand which mortals will come into the gospel net?

    Application: He knows who will soften, when, and how. My job is faith and kindness—not forecasting souls.

    A living (not retired) God

    “One dimension of worshipping a living God is to know that he is alive and seeing and acting. He is not a retired God… He is, at once, in all the dimensions of time—past, present, and future—while we labor within time’s limits.”

    Takeaway: He foresees without forcing, prepares without pampering, and lives to help—now.

    Final Reflection

    If God truly knew us and trusted us with these exact days, then opposition isn’t proof He abandoned us; it’s evidence He appointed us. Foreordination isn’t status—it’s stewardship; not a guarantee—but a charge to be faithful.

    What I hear now

    • Choose loyalty early; live it quietly.
    • Be firm without sharpness—principled but pleasant.
    • Treat foreordination as fuel for service, not status.
    • When weary, remember: we were measured before, and God won’t press more than we can bear.
    • Let pushback refine your discipleship, not redefine it.


    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • “I Love To See The Temple”

    Jordan River Utah Temple — filmed today around 3:15 pm on the way home from work. Summer birds, soft wind, and a steady spire through the trees… “a place of love and beauty.”

    Intro
    On the way home I pulled over where the Jordan River Temple rises above the trees and filmed a slow, quiet pass. The line kept looping: “a place of love and beauty.” With the temple in view, “I’ll prepare myself…” didn’t sound like childhood someday—it sounded like a choice for today.

    Song
    I Love to See the Temple — Janice Kapp Perry

    I love to see the temple;
    I’m going there someday
    to feel the Holy Spirit,
    to listen and to pray.
    For the temple is a house of God—
    a place of love and beauty.
    I’ll prepare myself while I am young;
    this is my sacred duty.

    I love to see the temple;
    I’ll go inside someday.
    I’ll covenant with my Father;
    I’ll promise to obey.
    For the temple is a holy place
    where we are sealed together.
    As a child of God, I’ve learned this truth:
    a family is forever.

    Final Reflection
    This children’s hymn grows up with us. “I’ll go inside someday. I’ll cov’nant with my Father; I’ll promise to obey.” The melody is simple; the promises are not. Preparation is worship. Obedience is love in motion. And “As a child of God, I’ve learned this truth: A fam’ly is forever” is more than a lyric—it’s a covenant Christ makes possible in His house.

    What I hear now

    • Prepare beats postpone. If it’s “my sacred duty,” act today.
    • Covenants quietly reorder life.I’ll promise to obey” changes calendars and priorities.
    • Keep the temple in frame. Let “a place of love and beauty” shape how I speak, serve, and schedule.
    • Family is the point. Live so “a fam’ly is forever” feels true at home, not just in song.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • “A Wonderful Flood of Light” (Elder Neal A. Maxwell)

    Draper Utah Temple, late-morning sunbeams after summer clouds—color in the garden, light on the steeple. A small, literal “flood of light.” 🌤️✨🌸

    Intro
    Some days we feel a homesick tug for “another place”—only a mist of memory, but real enough to re-center us. President Joseph F. Smith taught that through obedience we sometimes catch a spark from awakened memories of the immortal soul that lights our whole being. Elder Maxwell adds that most of us arrive in mortality as buds of possibility, meant to open under covenant light—not merely to admire truth, but to apply it.

    Final Reflection
    Think of yourself not only as you are, but as you can become. Our premortal traits still whisper here; environment matters, but eternal identity matters more. Light from the Restoration isn’t for display—it is for development: meekness, patience, mercy. Knowledge informs; obedience transforms. Keep placing today’s light on today’s altar until those buds of possibility unfold.

    What I hear now

    • Receive impressions before the morning mists burn off.
    • Lead with identity; let environment follow.
    • Nurture buds with small, exact obedience.
    • Move truth from admired → applied—light becoming life.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • Called To Serve

    Called to serve.” Elder Mariano’s missionary tag resting on well-used scriptures—belief becoming deeds. 📖

    Intro

    I’ve been looping Elder Neal A. Maxwell’s “Called to Serve.” Two voices keep converging: King Benjamin’s charge, “If you believe all these things, see that ye do them” (Mosiah 4:10), and Elder Maxwell’s reminder that **deeds, not words—and becoming, not describing—**define discipleship. Mere assent without application is like hearing a lecture but skipping the lab. The audit is personal: Am I taking the field trip with the Savior, or just acing the lecture?

    Final Reflection

    “One mistake we can make… is to value knowledge apart from the other qualities to be developed in submissive discipleship… Being knowledgeable, by itself… is not enough… It’s like being briefed on a field trip but never taking the field trip.” And then the piercing question: “Are we steadily becoming what gospel doctrines are designed to help us become? Or are we… rich inheritors… but poor investors…?” —Elder Neal A. Maxwell, Called to Serve (BYU, Mar 27, 1994)

    Elder Maxwell won’t let truth stop at the ears. Doctrine is meant to develop us—into merciful, meek, patient disciples. King Benjamin removes the wiggle room: if we believe, we do (Mosiah 4:10). Knowledge informs; obedience transforms. The treasure we’ve inherited only yields a return when we invest it in daily, quiet, consecrated doing.

    Elder Maxwell says our “defining moments” rarely stand alone; they’re preceded by small, subtle preparatory moments and followed by many smaller moments shaped by them. His Okinawa story (age 18) shows how a single spared moment led to a lifetime pledge—and then came years of quiet confirmations: the Lord’s short, crisp promptings (often “more instructions than explanations”), the urgent nudge to “write the letter now,” and the painter’s metaphor—countless brushstrokes that outsiders may not value, but God is “in the details.” Put beside King Benjamin’s charge, the pattern is clear: belief ripens into decisive, timely doing. Knowledge informs; obedience transforms. Defining moments are built, one obedient brushstroke at a time.

    What I hear now

    • My past can shape me, but it will not script me.
    • Charity tells the truth and sets kind boundaries.
    • Don’t just know the gospel—become it.
    • Belief proves itself by doing (Mosiah 4:10).
    • Trade admiration for application—put today’s light on today’s altar.
    • Measure growth by Christlike traits formed, not facts recalled.
    • Keep taking the “field trips” of faith—show up, serve, endure cheerfully.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • His Image in Your Countenance

    Rain on the glass, light in the heart—‘Have you received His image in your countenance?

    Intro
    Yesterday after work, I was driving in the rain and decided to swing by the Taylorsville Utah Temple to photograph it through the windshield. The lyric asks, “Does the Light of Christ shine in your eyes?” Storms don’t decide that—presence does. The rain softened everything, but the temple remained steady, a quiet reminder of “a beauty from within.”

    His Image in Your Countenance (Janice Kapp Perry) — full song

    With no apparent beauty that man should Him desire,
    He was the promised Savior to purify with fire.
    The world despised His plainness, but those who followed Him
    Found love and light and purity—a beauty from within.

    Chorus
    Have you received His image in your countenance?
    Does the Light of Christ shine in your eyes?
    Will He know you when He comes again, for you shall be like Him?
    When He sees you, will the Father know His child?

    We seek for light and learning as followers of Christ,
    That all may see His goodness reflected in our lives.
    When we receive His fulness and lose desire for sin,
    We radiate His perfect love—a beauty from within.

    The ways of man may tempt us, and some will be deceived,
    Preferring worldly beauty, forgetting truth received.
    But whisperings of the Spirit remind us once again
    That lasting beauty, pure and clear, must come from deep within.

    Final Reflection
    Two lines won’t leave me: “Does the Light of Christ shine in your eyes?” and “We radiate His perfect love—a beauty from within.” The first is a question of identity; the second is a promise of overflow. Christ does not polish the surface—He converts the source. When His fulness displaces our old appetites, radiance stops being borrowed and starts being reflected. The world chases visibility; disciples seek visibility of Him. And like last night’s view, life can be rainy without being dim. If He is in frame, light still finds us—and then finds others through us.

    What I hear now

    • Holiness isn’t cosmetic; it’s conducted through a willing heart.
    • Eyes preach what lips can’t; let them carry peace.
    • Reflection over performance: light, not glare.
    • Repent quickly so the window stays clear.
    • Trade comparison for compassion; both can’t live in the same face.
    • Keep the Temple in frame when the week gets rainy.
    • Ask nightly: “Did someone feel His love in my countenance today?”

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • 5-Minute Fix: Why Your Windows PC Feels Slow (and what to try before calling IT)

    Top memory consumers at a glance—captured with PowerShell to diagnose a sluggish system.

    TL;DR: Check Task Manager → close the hog → restart apps/PC → free space → trim startup apps → update → quick scan. If it’s still slow, capture a screenshot and call IT.

    1) Is it one app or everything?

    • Press Ctrl+Shift+EscTask ManagerProcesses.
    • If CPU / Memory / Disk sits >90% for a minute, note the top app.
    • Right-click → End task (only on apps you opened). If speed returns, you found the culprit.

    2) Quick reset (fastest real fix)

    • Save work → Restart the PC (not Shut down). Restarts clear memory leaks and stuck updates.

    3) Free up space

    • Open File Explorer → This PC. If your C: drive has <10 GB free, Windows will crawl.
    • Settings → System → Storage → Storage Sense → Run cleanup now.
    • Empty Downloads and Recycle Bin if safe.

    4) Trim startup apps (the slow-boot killers)

    • Ctrl+Shift+Esc → Startup apps.
    • Set non-essentials to Disabled (music updaters, PDF helpers, “helper” launchers, etc.). Leave security/backup tools enabled.

    5) Browser bloat check

    • Close tabs you don’t need.
    • Disable heavy extensions (Edge/Chrome → … → Extensions).
    • Consider “Continue running background apps” Off (Chrome → System).

    6) Updates (do it once, then restart)

    • Settings → Windows Update → Check for updates.
    • Install → Restart outside your busiest hour.

    7) Quick malware scan

    • Windows Security → Virus & threat protection → Quick scan.

    8) Network ≠ computer

    • If only web/video is slow, run a quick speed test. If speed is normal but the PC lags, it’s local; if speed is bad on all devices, it’s the network.

    Optional: Simple PowerShell checks (for confident users)

    Open PowerShell as your normal user.

    Top memory users

    Get-Process | Sort-Object -Descending WorkingSet |
 Select-Object -First 10 Name,Id,@{n='RAM(MB)';e={[math]::Round($_.WorkingSet/1MB)}}

    Disk space by drive

    Get-PSDrive -PSProvider FileSystem |
 Select Name,@{n='Free(GB)';e={[math]::Round($_.Free/1GB,1)}},
        @{n='Used(GB)';e={[math]::Round(($_.Used)/1GB,1)}}

    List startup items (view only)

    Get-CimInstance Win32_StartupCommand | Select Name,Command,Location

    Tip: Disable startup apps in Task Manager, not via the registry.

    When to call IT (and what to send)

    If it’s still slow after these steps, send:

    • A screenshot of Task Manager → Processes (sorted by CPU and then Memory),
    • Your free disk space (C: drive),
    • What you were doing when it slowed down.

    That info turns a 30-minute back-and-forth into a 5-minute fix.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • The Quest

    Each step will leave its mark. “My footsteps are protected / By one who cares to see my life.”

    Intro
    “Though I am young, I know the way; the road lies marked before me.” Youth isn’t drift; it’s direction. And “I stand free to weave my life from my heart’s lovely pattern”—agency as craftsmanship. The quest isn’t loud or showy; it’s steady steps on a marked road, shaped with God.

    The Quest (full lyrics)
    Seminary Album, “The Quest,” 1977

    Though I am young, I know the way;
    the road lies marked before me.
    I can progress, rejoice, and grow—
    the sources given to me to know.

    That sweet, unchanging promise: the Quest.

    For I stand free to weave my life
    from my heart’s lovely pattern.
    I have a vague soft’s memory
    of what I was, yet cannot see—
    that helps me not to faulter.

    Often I stand alone,
    forsake the crowds around me;
    seek strength to live the truths I find,
    clothe modestly my flesh and mind—
    my spirit’s humble and refined.
    I can be pure because I see the joy
    that waits eternally.

    Each step I take will leave its mark,
    for each step leads me somewhere;
    and though the end is deemed to sight,
    the steps I take, if true and right,
    will bring me exaltation.

    I know I do not walk alone—
    my footsteps are protected
    by One who cares to see my life
    shine forth in beauty and love and light,
    exalted and perfected.

    Often I stand alone,
    forsake the crowds around me;
    seek strength to live the truth I find,
    clothe modestly my flesh and mind—
    my spirit’s humble and refined.
    I can be pure because I see the joy
    that waits eternally.

    This is my quest.
    This is my quest.

    Final Reflection
    “Each step I take will leave its mark… and though the end is deemed to sight, the steps I take, if true and right, will bring me exaltation.” Small, faithful steps compound. And “I know I do not walk alone—my footsteps are protected…” The hidden gem is how standards (modesty of flesh and mind, truth first, crowd second) are framed as joy: “I can be pure because I see the joy that waits eternally.”

    What I hear now
    • Agency is artistry: I’m weaving a life with God, not winging it.
    • Holiness is glad, not grim; joy powers obedience.
    • Standing apart is part of discipleship.
    • The Lord walks the road with me—protection, light, and finish.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • Free to Choose

    Mount Timpanogos Utah Temple — double rainbow before the storm.

    Intro
    On the drive to my 7:30 pm proxy endowment, I played the Seminary song “Free to Choose” and felt the nudge to write. The song isn’t about doing whatever I want; it’s about turning agency toward the light—again and again. When it says:

    So I choose freedom,
    and there I learn to walk within the light…
    what leads me to free to choose again—
    and again…”

    that’s discipleship: choices that keep future choices open. And when it warns,

    “If I refuse… don’t be confused;
    …can slip and fall—
    got to stay free to choose,”

    it’s honest about missteps. Freedom shrinks when I’m captured by habits, pride, anger, or appetite; it grows when I repent and realign with Jesus Christ. That’s why the temple fits this song so well.

    Song: Free to Choose (Seminary album, 1987)

    I’m free to choose,
    to win or lose,
    no matter who
    comes and tries to turn my head around—
    and I’ll be fine.

    I’m in control;
    I’m free to choose,
    I’m free to choose.

    I’ve heard the news
    that I can choose
    the song I sing and what I want to say—
    what I got tied.

    I will set my goals,
    ’cause I’m free to choose.

    So I choose freedom,
    and there I learn to walk within the light.
    He said I’ll choose
    what leads me to free to choose again—
    and again—so when I choose,

    If I refuse,
    don’t be confused;
    just understand that I can cross the line,
    can slip and fall—
    got to stay free to choose.

    Choose what I will be;
    I am free to choose.

    So I choose freedom—
    I am free to choose.

    How the song teaches agency (my takeaway)
    “I will set my goals”—Agency is deliberate, not drift.
    “Walk within the light”—Freedom is not rebellion; it’s alignment.
    “Choose again—and again”—Agency is renewed daily on the covenant path.
    “If I refuse… can slip and fall”—Repentance restores freedom; sin constricts it.
    “Got to stay free to choose”—Guard the heart from anything that addicts, divides, or dulls the Spirit.

    Reinforced by Elder Neal A. Maxwell
    “[God] wants us to have joy. We cannot do that unless we are free to choose. But neither can we have that joy unless we are willing to be spiritually submissive day in, day out, and unless we exercise that grand and glorious freedom to choose in which people truly matter more than stars.”
    — Elder Neal A. Maxwell, “Free to Choose,” BYU Devotional, March 16, 2004

    “So, brothers and sisters, here we are in Eden, and Eden has become Babylon… Even if we leave Babylon, some of us endeavor to keep a second residence there… Babylon does not give exit permits gladly… No wonder Jesus’s marvelous invitation to leave Babylon’s slums and join Him in the stunning spiritual highlands goes largely unheeded.”
    — Elder Neal A. Maxwell, “A Wonderful Flood of Light,” BYU Devotional, March 26, 1989

    Final reflection
    Agency is God’s gift; joy is the fruit of using it His way. The world shouts for weekend commutes back to Babylon. The temple whispers, “Choose light again.” Tonight I choose freedom by choosing Christ—so I can keep choosing tomorrow.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • That’s You and That’s Me

    Two open hands—one giving, one receiving. Some needs are plain to see; others we carry quietly. That’s you and that’s me.

    Intro
    Some needs are easy to spot—a hand outstretched at a corner, a face weeping in public. Others ride quietly under the surface: worry that doesn’t show, loneliness with a practiced smile, a “load” carried where no one can see. This week I kept thinking about both kinds—the visible and the hidden—and how the Lord is the One who sees them all. The photo below is the obvious kind. But I’m learning to look for the quiet kind too, including in my own life. “No one makes it all alone… we all rely on help from Home.”

    That’s You and That’s Me — Seminary album Free to Choose (1987)

    Some reach out with their hands,
    Some reach out with their eyes,
    And most try hard not to let it show,
    But it’s a thin disguise.

    Some needs can be hidden;
    Some are plain to see.
    No one makes it all alone—
    We all rely on help from Home
    To get us back to where we want to be.

    And that’s you and that’s me,
    Living off His goodness
    And learning how to be.

    And that’s you and that’s me;
    I want to be ever you—like He’s ever you and me.

    Sometimes I can’t hide it;
    Sometimes I just want to cry:
    “I need someone to share my load,”
    When no one’s on my side.

    That’s when I remember:
    You have days like these.
    No one makes it alone—
    We all rely on help from Home
    To get us back to where we want to be.

    And that’s you and that’s me,
    Living off His goodness
    And learning how to be.
    That’s you and that’s me—
    I want to be ever you, like He’s ever you and me;
    And He gives so freely and shows us how to care.

    And that’s you and that’s me,
    Living off His goodness
    And learning how to be.

    Final reflection
    The song names what discipleship looks like in real time: noticing. Some needs are loud; some are quiet. Christ meets both, and He invites us to do the same—“living of His goodness and learning how to be.” Sometimes that means coins in a palm. Sometimes it’s a steady text, a prayer in someone’s name, a ride, a listening ear, or a temple visit offered for a friend. And when the load is ours, we remember we also “rely on help from Home.” Seen or unseen, He sees—and He sends us to see.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • Secure Azure setup with Entra ID, Bastion, and private VM

    Scope

    Stand up a fresh Azure landing zone with a minimal but secure baseline: Entra ID (Azure AD) hardening, management structure, logging, networking, a Windows/Linux VM without public exposure, and safe access (Bastion + Entra sign-in).

    Placeholders to replace:
    TENANT_NAME · MG_ROOT · SUB_NAME · RG_CORE · RG_NET · RG_VM · LOCATION · VNET_NAME · SUBNET_APP · BASTION_SUBNET · VM_NAME · VM_SIZE · ADMIN_GROUP_OBJECTID

    0) Prereqs

    • Azure tenant & subscription created (via portal/Commerce).
    • Azure CLI logged in: az login az account set --subscription "SUB_NAME"
    • Optional SKUs: Entra ID P1/P2 for Conditional Access, PIM, Identity Protection.

    1) Entra ID (Tenant) Baseline

    • Create two break-glass cloud-only Global Admin accounts; long passwords; exclude from CA; store offline.
    • Turn on Security Defaultsor implement baseline Conditional Access:
      • Require MFA for admins.
      • Disable legacy/basic auth.
      • Require MFA for all users or at least privileged roles.
    • Enable SSPR, passwordless Authenticator (and FIDO2 keys if available).
    • Use PIM for role activation (P2).
    • Create AAD groups for RBAC (e.g., Azure-VM-Admins).

    (Portal-driven; no commands included to keep this redacted.)

    2) Management Structure & Tags

    • Create management group root and place the subscription under it.
    • Standardize tags (Owner, CostCenter, Env, DataClass).
    az account management-group create -n MG_ROOT
az account management-group subscription add --name MG_ROOT --subscription "SUB_NAME"

    3) Core Resource Groups & Logging

    az group create -n RG_CORE -l LOCATION
az group create -n RG_NET  -l LOCATION
az group create -n RG_VM   -l LOCATION

# Log Analytics workspace
az monitor log-analytics workspace create -g RG_CORE -n LAW-CORE -l LOCATION
LAW_ID=$(az monitor log-analytics workspace show -g RG_CORE -n LAW-CORE --query id -o tsv)

# Send Activity Logs to LAW
az monitor diagnostic-settings create \
  --name "activity-to-law" \
  --resource "/subscriptions/$(az account show --query id -o tsv)" \
  --workspace $LAW_ID \
  --logs '[{"categoryGroup":"allLogs","enabled":true}]'

    4) Guardrails with Azure Policy (minimal starter)

    # Require tags
az policy assignment create -g RG_CORE -n require-tags \
  --policy "Require a tag and its value on resources" \
  --params '{"tagName":{"value":"Owner"},"tagValue":{"value":"REDACTED"}}'

# Allowed locations
az policy assignment create -g RG_CORE -n allowed-locations \
  --policy "Allowed locations" \
  --params '{"listOfAllowedLocations":{"value":["LOCATION"]}}'

    Enable Microsoft Defender for Cloud and auto-provision agents (portal) to get JIT VM access recommendations and secure score.

    5) Networking (no public RDP/SSH)

    # VNet + subnets
az network vnet create -g RG_NET -n VNET_NAME -l LOCATION \
  --address-prefixes 10.10.0.0/16 \
  --subnet-name SUBNET_APP --subnet-prefix 10.10.10.0/24

# Dedicated Bastion subnet (must be exactly AzureBastionSubnet)
az network vnet subnet create -g RG_NET --vnet-name VNET_NAME \
  -n AzureBastionSubnet --address-prefixes 10.10.254.0/27

# NSG and rules (deny inbound by default; allow vnet)
az network nsg create -g RG_NET -n NSG-APP
az network nsg rule create -g RG_NET --nsg-name NSG-APP -n Allow-VNet \
  --priority 100 --access Allow --direction Inbound --protocol '*' \
  --source-address-prefixes VirtualNetwork --source-port-ranges '*' \
  --destination-address-prefixes VirtualNetwork --destination-port-ranges '*'

# Associate NSG to the app subnet
az network vnet subnet update -g RG_NET --vnet-name VNET_NAME -n SUBNET_APP \
  --network-security-group NSG-APP

    6) Bastion (safe console access)

    # Public IP for Bastion
az network public-ip create -g RG_NET -n pip-bastion -l LOCATION --sku Standard --zone 1 2 3

# Bastion host
az network bastion create -g RG_NET -n bas-VNET_NAME -l LOCATION \
  --public-ip-address pip-bastion --vnet-name VNET_NAME

    7) VM (managed identity, no public IP, Entra login)

    Windows example:

    # NIC (no public IP)
az network nic create -g RG_VM -n nic-VM_NAME \
  --vnet-name VNET_NAME --subnet SUBNET_APP

# VM
az vm create -g RG_VM -n VM_NAME \
  --image Win2022Datacenter --size VM_SIZE \
  --nics nic-VM_NAME --assign-identity \
  --admin-username "localadmin" --admin-password "GENERATE-STRONG-PASSWORD" \
  --enable-agent true --os-disk-size-gb 128

# Enable AAD login extension (Windows)
az vm extension set -g RG_VM -n AADLoginForWindows --publisher Microsoft.Azure.ActiveDirectory \
  --vm-name VM_NAME

# Grant Entra groups the VM login roles
VM_ID=$(az vm show -g RG_VM -n VM_NAME --query id -o tsv)
az role assignment create --assignee-object-id ADMIN_GROUP_OBJECTID \
  --role "Virtual Machine Administrator Login" --scope $VM_ID

    Linux example (SSH keys + AAD login):

    az vm create -g RG_VM -n VM_NAME \
  --image Ubuntu2204 --size VM_SIZE \
  --nics nic-VM_NAME --assign-identity \
  --authentication-type ssh --ssh-key-values ~/.ssh/id_rsa.pub

# Enable AAD SSH login (Linux)
az vm extension set -g RG_VM -n AADSSHLoginForLinux --publisher Microsoft.Azure.ActiveDirectory \
  --vm-name VM_NAME

# RBAC for login
az role assignment create --assignee-object-id ADMIN_GROUP_OBJECTID \
  --role "Virtual Machine Administrator Login" --scope $VM_ID

    Accessing the VM (no public IP):

    • Portal → Resource → ConnectBastion → Open session (RDP for Windows, SSH for Linux).
    • Optionally enable Just-In-Time in Defender for Cloud; keep NSG closed otherwise.

    8) Backup, Patching, and Keys

    # Recovery Services vault + VM backup
az backup vault create -g RG_CORE -n rsv-core -l LOCATION
az backup protection enable-for-vm -g RG_CORE -v rsv-core --vm VM_NAME --policy-name "DefaultPolicy"

# VM guest patching (Update Manager) – enable in portal for the RG/VM
    • Store secrets/keys in Azure Key Vault; use managed identity from the VM to fetch secrets.
    • Use Server-side encryption (SSE) with platform-managed keys (default) or customer-managed keys (CMK) via Key Vault if required.

    9) Monitoring (Guest + Platform)

    # Enable VM Insights / Diagnostics to LAW
az monitor diagnostic-settings create \
  --name "vm-to-law" \
  --resource $VM_ID --workspace $LAW_ID \
  --metrics '[{"category":"AllMetrics","enabled":true}]' \
  --logs '[{"categoryGroup":"allLogs","enabled":true}]'

    10) Cost Guardrails

    • Create a Budget in Cost Management with email alerts at 50/80/100%.
    • Consider Reservations and Auto-shutdown on dev/test VMs.

    11) Access Patterns to Prefer

    • Bastion or Private endpoints; avoid public RDP/SSH.
    • Entra sign-in to VMs with RBAC (Virtual Machine User/Administrator Login).
    • PIM + MFA for privileged roles.
    • JIT for any temporary inbound need.

    Minimal Tear-down (lab)

    # Danger: deletes resources
az group delete -n RG_VM  -y
az group delete -n RG_NET -y
az group delete -n RG_CORE -y

    Notes & Deviations

    • For domain-join scenarios, use Entra ID DS (managed domain) or a full AD DS in Azure; keep DCs on a separate subnet with restricted NSG.
    • For Intune/MDM of servers, consider Azure Arc + Defender for Endpoint.
    • Replace all placeholders and remove screenshots/IDs before publishing externally.

    For more info:
    Microsoft Entra ID overview/service description. Microsoft Learn
    • Connect to a VM using Azure Bastion (private IP). Microsoft Learn
    • Private Endpoint / Private Link overview & quickstart. Microsoft Learn+1

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • I’d Like to Feel This Way Again

    Taylorsville Temple, pre-sunrise—benches waiting, light rising. Day 5: “I’d like to feel this way again.”

    Intro
    Before sunrise, the temple sits like a lighthouse on the ridge, and the road in feels like a small uphill each time. Taylorsville at daybreak, five mornings straight—the air cool, the world unhurried—and something true brushed past me again and again, enough to bring tears and resolve. It felt like the quiet lift this Seminary song points to—something real, not just a mood—nudging me higher. I want to live so that what I felt in those minutes before dawn can come back tomorrow, and again after that. These images (and this song) are my reminder to keep choosing the places where that feeling can find me.

    I’d Like to Feel This Way Again
    Like the snowflakes that fall on the ground,
    words in my heart sometimes don’t make a sound.
    Like spring raindrops that fall from the sky,
    tears can be joyful, escaping my eyes.

    I’d like to feel this way again;
    I’d like to feel this way tomorrow.

    Was I just lonely—did I need a friend?
    Was it convenience, a means to an end?
    Still, something touched me—I feel it, I do;
    some kind of message is trying to get through.

    I’d like to feel this way again;
    I’d like to feel this way tomorrow.

    Deep in there, words just burn within me;
    such new emotions I have known.
    Deepen their teachings; lift me higher—
    higher than all the blessings I have known.

    Sometimes the wind tries to turn me around—
    “Give up the climb, it’s so nice to come down.”
    Somehow this feeling keeps pushing me high;
    tells me it’s treasure I stumbled upon.

    I’d like to feel this way again;
    I’d like to feel this way tomorrow.
    I’d like to feel this way again;
    I’d like to feel this way forever.

    Source note
    “I’d Like to Feel This Way Again,” Seminary album Free to Choose (1987). Words & music: Ron Simpson.

    Final reflection
    For me, this lyric is about a real but delicate moment with God—quiet enough that words stumble, strong enough that tears come. The chorus isn’t chasing emotion; it’s choosing a life that welcomes the Spirit back. The questions (“Was I just lonely?”) are honest self-checks, but the fire in the words—how truth “burns within”—confirms it’s more than mood. The “wind” that tells me to turn around is the ordinary pull of ease and hurry; the climb is discipleship. And the push “higher” is grace, turning a chance moment into a new pattern. That’s why I keep coming back before sunrise. The temple on the horizon, the stillness, the scripture that settles, the small covenants kept—these are the places where that feeling returns, tomorrow, and—by His mercy—again and again.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • Hot-cloning a Running Windows 11 VM in vSphere (Forensic, Redacted Runbook)

    This guide covers hot cloning a Windows 11 VM in vSphere with PowerCLI

    Goal. Create a new Windows 11 jump VM (WIN11-Jumpbox-6) by cloning a running source (WIN11-Jumpbox-2) in vCenter—without interrupting the source—and bring the clone up with a fresh identity (Sysprep), correct name, and domain join.

    Applies to. vCenter/vSphere with vSAN (or any datastore), Windows 11 guest, PowerCLI.

    Redaction note: All names below are placeholders. Replace the ALL_CAPS parts with local values.
    vCenter: VCENTER.FQDN
    Source VM: WIN11-Jumpbox-2
    New VM: WIN11-Jumpbox-6
    Target ESXi host: esxi-03.example.local
    Datastore: vsanDatastore
    Domain (optional): corp.local
    Join account: corp.local\joinaccount

    Constraints & safety

    • No source outage. Clone while the source is powered on (vCenter snapshots and clones from it).
    • Fresh identity. Use guest customization (Sysprep) so the clone receives a new SID and hostname.
    • Parameter sets. When cloning with -VM, avoid -NetworkName/-NumCPU/-MemoryGB in the same New-VM call; set those after the clone boots.
    • VMware Tools must be running in the guest for customization to apply.

    Pre-flight checks (30–60 seconds)

    # Connect
Connect-VIServer VCENTER.FQDN

# Capacity snapshot (optional)
Get-VMHost | Select Name,
 @{N="CPU MHz Used";E={$_.CpuUsageMhz}},
 @{N="CPU MHz Total";E={$_.CpuTotalMhz}},
 @{N="Mem GB Used";E={[math]::Round($_.MemoryUsageGB,2)}},
 @{N="Mem GB Total";E={[math]::Round($_.MemoryTotalGB,2)}}

Get-Datastore -Name "vsanDatastore" | Select Name,Type,State,
 @{N="CapacityGB";E={[math]::Round($_.CapacityGB,2)}},
 @{N="FreeGB";E={[math]::Round($_.FreeSpaceGB,2)}},
 @{N="Free%";E={[math]::Round(($_.FreeSpaceGB/$_.CapacityGB)*100,2)}}

    Rule of thumb: keep vSAN Free% ≥ 20–25% to avoid slack-space pressure during resync/rebuild.

    Method A — Clone with one-time guest customization (recommended)

    This path Syspreps the clone, renames it, and (optionally) joins the domain. It also avoids the PowerShell reserved variable $host (use $targetHost).

    # -------- Vars --------
$srcName        = "WIN11-Jumpbox-2"
$newName        = "WIN11-Jumpbox-6"
$targetHostName = "esxi-03.example.local"
$dsName         = "vsanDatastore"
$domainFqdn     = "corp.local"                 # leave blank if no domain join
$joinUser       = "corp.local\joinaccount"     # account allowed to join computers

# -------- Objects --------
$src        = Get-VM -Name $srcName -ErrorAction Stop
$targetHost = Get-VMHost -Name $targetHostName -ErrorAction Stop
$ds         = Get-Datastore -Name $dsName -ErrorAction Stop
$pg         = ($src | Get-NetworkAdapter | Select-Object -First 1).NetworkName

# -------- One-time Windows customization spec (NonPersistent) --------
$specName = "TMP-Join-Redacted"
$existing = Get-OSCustomizationSpec -Name $specName -ErrorAction SilentlyContinue
if ($existing) { Remove-OSCustomizationSpec -OSCustomizationSpec $existing -Confirm:$false }

# If domain join is desired
$spec = if ($domainFqdn) {
  $joinCred = Get-Credential -UserName $joinUser -Message "Password for $joinUser"
  New-OSCustomizationSpec -Name $specName -Type NonPersistent `
    -OSType Windows -NamingScheme VMName -FullName "IT" -OrgName "Redacted" `
    -Domain $domainFqdn -DomainCredentials $joinCred
}
else {
  New-OSCustomizationSpec -Name $specName -Type NonPersistent `
    -OSType Windows -NamingScheme VMName -FullName "IT" -OrgName "Redacted"
}

# NIC(s) -> DHCP (switch to static if needed)
Get-OSCustomizationNicMapping -OSCustomizationSpec $spec |
  ForEach-Object { Set-OSCustomizationNicMapping -OSCustomizationNicMapping $_ -IpMode UseDhcp | Out-Null }

# -------- Clone (do NOT pass -NetworkName/-NumCPU/-MemoryGB here) --------
$newVM = New-VM -Name $newName -VM $src -VMHost $targetHost -Datastore $ds -OSCustomizationSpec $spec

Start-VM $newVM
$newVM | Wait-Tools -TimeoutSeconds 900

# -------- Post-boot tuning --------
Set-VM -VM $newVM -NumCPU 4 -MemoryGB 8 -Confirm:$false
Get-NetworkAdapter -VM $newVM | Set-NetworkAdapter -NetworkName $pg -Connected:$true -Confirm:$false

    Why this works (and common pitfalls)

    • Reserved variable. Cannot overwrite variable Host… appears when assigning to $host (PowerShell reserved). Use $targetHost.
    • Missing spec. Get-OSCustomizationSpec … ObjectNotFound indicates the named spec didn’t exist. The runbook creates a NonPersistent spec on the fly.
    • Ambiguous parameter set. New-VM : Parameter set cannot be resolved… occurs when mixing clone parameter -VM with -NetworkName/-NumCPU/-MemoryGB. Clone first, then adjust CPU/RAM/NIC after boot.

    Method B — Fallback: clone now, join inside the guest

    If guest customization is blocked (e.g., Tools not running, limited join rights), clone without customization, then rename/join inside the guest.

    # Clone without customization
$src        = Get-VM -Name "WIN11-Jumpbox-2"
$targetHost = Get-VMHost -Name "esxi-03.example.local"
$ds         = Get-Datastore -Name "vsanDatastore"
$newName    = "WIN11-Jumpbox-6"

$newVM = New-VM -Name $newName -VM $src -VMHost $targetHost -Datastore $ds
Start-VM $newVM
$newVM | Wait-Tools -TimeoutSeconds 900

# Rename to match VM name (inside guest)
$localAdminCred = Get-Credential -Message "Local Administrator on the cloned VM"
Invoke-VMScript -VM $newVM -GuestCredential $localAdminCred -ScriptType Powershell -ScriptText `
 'Rename-Computer -NewName "WIN11-Jumpbox-6" -Force; Restart-Computer -Force'

$newVM | Wait-Tools -TimeoutSeconds 900

# Optional domain join (inside guest)
$joinCred = Get-Credential -UserName "corp.local\joinaccount"
Invoke-VMScript -VM $newVM -GuestCredential $localAdminCred -ScriptType Powershell -ScriptText `
 'Add-Computer -DomainName "corp.local" -Credential (New-Object System.Management.Automation.PSCredential("corp.local\joinaccount",(Read-Host -AsSecureString))) -Force -Restart'

    Verification (quick, non-invasive)

    # Where did it land? (host, datastore, portgroup)
Get-VM -Name "WIN11-Jumpbox-6" | Select Name,PowerState,
 @{N="Host";E={$_.VMHost.Name}},
 @{N="Datastore(s)";E={($_ | Get-Datastore).Name -join ", "}},
 @{N="PortGroup";E={(Get-NetworkAdapter -VM $_ | Select -First 1).NetworkName}}

# Optional: ensure VM files are on the intended datastore
Get-VM -Name "WIN11-Jumpbox-6" | Get-HardDisk | Select Parent,Name,FileName

    Post-build hygiene

    • RDP enabled; restricted to an AD group.
    • Endpoint agents (AV/EDR/RMM) register as a new device (fresh identity).
    • Patching applied; baseline GPO/Intune policies targeted; backup/monitoring added.

    Forensic addendum: errors & remediation

    • Cannot overwrite variable Host…
      Cause: attempted $host = Get-VMHost … (PowerShell reserved).
      Fix: rename the variable to $targetHost.
    • Get-OSCustomizationSpec … ObjectNotFound
      Cause: referenced a non-existent customization spec.
      Fix: create a NonPersistent spec in-line.
    • New-VM … Parameter set cannot be resolved…
      Cause: mixed -VM (clone) with create-new switches.
      Fix: keep New-VM to the clone parameter set; tune CPU/RAM/NIC after boot.

    Security & privacy guardrails

    • No real hostnames, domains, IPs, or identifying screenshots in public artifacts.
    • Least-privilege join accounts or pre-staged computer objects in AD.
    • When publishing logs, hash or redact VM names and datastore paths.

    Summary

    Hot-cloning a Windows 11 VM in vSphere is reliable for a jump host when the process (1) allows vCenter to snapshot and clone a powered-on source, (2) applies Sysprep guest customization for a clean identity, and (3) keeps New-VM to a single parameter set. The runbook above is deterministic, quiet, and free of sensitive fingerprints.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • Line Upon Line

    The Taylorsville Utah Temple at dusk, framed by golden wheat and roses. A reminder that spiritual harvests come “line upon line, precept upon precept” — in His time, His way, His will.

    There are weeks that pass quietly, and there are weeks that rearrange your spirit. In the span of just seven days, I’ve walked into the Taylorsville Temple three times. Each visit has been different, but together they’ve built something remarkable — a deepened layer of understanding, given to me line upon line, precept on precept.

    I think of my journey from 1981 up to today as “college-level” preparation in spiritual learning. Now, here in Utah, the Lord has been giving me what feels more like a “doctorate-level” education: His time, His way, His will.

    It’s like watching the stars appear at night.
    First one little light shines over there
    in the western sky, and then another,
    and then another — until finally, look for yourself…

    A whole wonderful endless universe
    began with one little star.

    Line upon line, precept on precept.
    That is how He lifts us, that is how He teaches His children.
    Line upon line, precept on precept.
    Like a summer shower giving us each hour His wisdom.
    If we are patient we shall see
    How the pieces fit together in harmony.
    We’ll know who we are in this big universe
    And then we’ll live with Him forever.

    But until it happens…

    Line upon line, precept on precept.
    That is how He lifts us, that is how He teaches His children.
    Line upon line, precept on precept.
    Like a summer shower giving us each hour His wisdom.

    (From Saturday’s Warrior, 1973 — Words by Doug Stewart, Music by Lex de Azevedo)

    Final Reflection

    Tonight in the Celestial Room, I prayed not to impose my will but to listen. What I felt wasn’t a grand vision but a gentle whisper — a reminder that revelation unfolds step by step, not all at once.

    Life keeps unfolding in ways I don’t always anticipate. Some lines remain unanswered, others open unexpectedly, but together they form a pattern that teaches me to trust the timing.

    Line upon line, I see how the Lord has been shaping my path. What once felt scattered now begins to come together in harmony — not all finished, but moving toward His perfect design.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • 🌥️ The Cloud Above Us

    PIMCO (Newport Beach HQ, CA) 🌍 — Global financial services supporting regions in NA, EMEA, APAC.
    Church (Riverton Office Building, UT) ⛪ — Worldwide infrastructure with 200k employees and over 80k missionaries.
    Monster Energy (Corona HQ, CA) ⚡ — Global enterprise IT operations across NA, EMEA, APAC.
    City National Bank (Downtown LA, CA) 🏙️ — U.S. banking systems at scale.

    A journey across scales: national (CNB), global (PIMCO & Monster Energy), and worldwide (The Church).

    Every IT career tells a story, and mine has moved through three different scales of impact:

    Company-Level Foundations → At PayForward, I migrated an entire OnPrem environment into AWS. That meant setting up VPCs, building HA Exchange clusters with load balancers, and proving the power of cloud for a fast-moving startup.

    Regional / Global Scale → At Monster Energy and PIMCO, the work stretched across North America, EMEA, and APAC. The systems never slept. VMware clusters and M365 tenants had to function as one, even though users were scattered across time zones and continents.

    Worldwide Reach → At the Church, the scale expanded beyond regions. Over 200,000 employees and over 80,000 missionaries, connected by systems that had to reach every corner of the globe, demanded both technical precision and spiritual responsibility.

    This journey shows that the “cloud above us” isn’t just AWS, Azure, or GCP — it’s the ability to design, secure, and sustain systems at every possible scale.

    A colleague once told me: “Automate, or eliminate.” In IT, that isn’t just a clever saying — it’s survival. At the scale of hundreds or even thousands of VMs, EC2 instances, or mailboxes, doing things manually is not just unrealistic — it’s risky. What automation can finish in under 10 minutes might take days or weeks by hand, and even then would be prone to errors.

    That’s why Python, PowerShell, Bash, and automation frameworks became part of my daily toolkit. Not to flaunt, but because without automation, no single engineer could handle the demands of environments as large as PIMCO, Monster Energy, or the Church.

    Snippet 1: AWS (My PayForward Days)

    import boto3

# Connect to AWS S3
s3 = boto3.client('s3')

# List buckets
buckets = s3.list_buckets()
print("Your AWS buckets:")
for bucket in buckets['Buckets']:
    print(f"  {bucket['Name']}")

    From racks of servers to a few lines of Python—that’s the power of AWS.

    Snippet 2: PowerShell + Azure (My Church Years, CNB)

    Connect-AzAccount
Get-AzResourceGroup | Select ResourceGroupName, Location

    One line, and you can see every Azure resource group spread across the world. A task that once required data center visits and clipboards is now just a command away.

    Snippet 3: PHP + GCP (Expanding Horizons)

    use Google\Cloud\Storage\StorageClient;

$storage = new StorageClient([
    'keyFilePath' => 'my-service-account.json'
]);

$buckets = $storage->buckets();

foreach ($buckets as $bucket) {
    echo $bucket->name() . PHP_EOL;
}

    Snippet 4: VMware + M365 (Monster Energy, PIMCO, and Beyond)

    # Connect to vCenter and list VMs across data centers
Connect-VIServer -Server vcenter.global.company.com -User admin -Password pass
Get-VM | Select Name, PowerState, VMHost, Folder

# Quick check of licensed users in M365 (global tenants)
Connect-MgGraph -Scopes "User.Read.All"
Get-MgUser -All -Property DisplayName, UserPrincipalName, UsageLocation |
    Group-Object UsageLocation |
    Select Name, Count

    One script, and suddenly you’re seeing footprints of users spread across the globe — NA, EMEA, APAC, or even worldwide. That’s the reality of modern IT infrastructure.

    The “cloud above us” is both a literal technology — AWS, Azure, and GCP that I’ve worked across — and a metaphor. It represents resilience, scalability, and unseen support. Just as automation carries workloads we could never handle by hand, life has storms we cannot carry alone.

    From startups making their first move to the cloud, to global financial institutions, to worldwide organizations with hundreds of thousands of users, the lesson is the same: we are not meant to fight every battle manually.

    We are given tools, teammates, and even unseen strength from above to keep moving forward. The same way a script can manage thousands of servers or accounts without error, trust and preparation help us navigate the storms of life with less fear.

    ☁️ Above every storm, there’s always a cloud carrying potential. And above that cloud, always light waiting to break through.

    Before my cloud journey, I also spent nine years in forensic IT supporting law enforcement — a grounding reminder that technology isn’t only about systems and scale, but about accountability and truth.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • I Feel The Answer

    Draper Utah Temple — A rainbow of promise through the branches.

    Intro
    Some moments arrive quietly but carry the weight of eternity. This season has taken me away from the work I love, yet placed me in a space where the Lord can speak more directly. It feels like a “calling” — not just an assignment, but an invitation to walk a path I did not expect, at a time I did not plan.

    A calling can refine you, but it can also break you — I know this firsthand. When I lost my father and my younger brother, the grief was so heavy it lingered for over a year, leaving me with a frozen shoulder and a frozen spirit. But in that stillness, I learned something I now carry with me: when you are not preoccupied, when your heart is still enough, Heaven can speak — and you will hear.

    In 1987, during my Seminary days, there was a song in our Free to Choose program called I Feel the Answer. Its words spoke to the questions of a heart unsure yet willing, and today those words still echo in me.

    I Feel The Answer

    How I wish this hadn’t come right now,
    With so much on my mind.
    I just don’t think I’m ready for a calling of this kind —
    Where do I turn to, searching for me?

    Does He know me even better than I know myself?
    When I am sure that I can’t do it, can I turn to Him for help?
    And will He answer? Will He give me peace?

    More than air to breathe, I need to know
    If what I feel is right — Father, hear my pleading.
    Let me see the light. I’ll do whatever You ask me to do.

    And yes… I feel the answer.
    He calls my name and whispers to my soul.
    And oh, His gentle answer heals my aching heart — and I am whole.
    Heals my aching heart — and I am whole.

    Sometimes, a calling feels like a classroom. Sometimes, a setback is a sacred appointment. And sometimes, the answer doesn’t come as a trumpet blast, but as a whisper — so quiet you only hear it when you pause. In those still moments, He calls your name, and you know — you are exactly where He needs you to be.

    In this quiet stretch of life, I’ve learned that solitude isn’t the absence of connection — it’s the space where Heaven’s voice becomes unmistakably clear. Away from the noise and demands, I’ve come to see that even the pauses in our path are part of His perfect timing.

    Recently, the Spirit carried me back to a sacred temple moment, where familiar faces seemed etched with eternity — not just in their features, but in the quiet witness of the soul. At times, the Lord grants us glimpses of recognition that reach beyond mortal memory, as if to remind us that His hand has been guiding our paths long before we knew it.

    It was a quiet confirmation that the same Spirit who whispered then is still speaking now — through remembrance, through reflection, and through the gentle truth that our journeys, though carved by different streams, are being guided toward the same horizon. And in those moments, just as the song I Feel the Answer says, “He calls my name and whispers to my soul” — and I feel the answer.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • Secure Automation with PowerShell SecretManagement: Simplifying Credential Management for IT Pros

    Introduction:
    In enterprise environments, automation is only as secure as the credentials it uses. Hardcoding passwords into scripts is a security disaster waiting to happen. Enter PowerShell SecretManagement — a cross-platform module that allows IT professionals to store, retrieve, and manage credentials securely while keeping scripts clean, compliant, and automation-ready.

    Description & Guide:

    1. What is SecretManagement?
      The SecretManagement module provides a unified way to work with secrets across different vaults like Windows Credential Manager, Azure Key Vault, KeePass, or HashiCorp Vault — without locking you into a single storage provider.
    2. Installing the Modules
    Install-Module Microsoft.PowerShell.SecretManagement
Install-Module Microsoft.PowerShell.SecretStore

    3. Registering a Vault
    For a local secure store:

    Register-SecretVault -Name LocalVault -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault

    4. Adding a Secret

    Set-Secret -Name MySQLAdmin -Secret (Get-Credential)

    5. Retrieving a Secret in Scripts

    $cred = Get-Secret -Name MySQLAdmin -AsCredential
Invoke-Sqlcmd -ServerInstance "SQL01" -Username $cred.UserName -Password $cred.GetNetworkCredential().Password

    6. Why This Matters

    • Eliminates plaintext passwords in scripts
    • Centralizes secret management for easier updates
    • Works seamlessly with CI/CD pipelines and scheduled tasks

    Conclusion:
    Security and automation don’t have to be enemies. With PowerShell SecretManagement, you can protect sensitive credentials without sacrificing automation speed or flexibility. For IT pros managing hybrid environments, this module is a must-have in your PowerShell toolbox.

    If you’d like to go beyond this post and see what Microsoft officially recommends, here are my go-to resources:

    Microsoft Docs – SecretManagement Overview

    Microsoft Docs – SecretStore vault extension

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • Migrating Azure AD Scripts to Microsoft Graph PowerShell: A Practical Guide for IT Administrators

    Introduction
    The AzureAD PowerShell module has served IT administrators for years, but it’s now officially deprecated in favor of the Microsoft Graph PowerShell SDK. While the change may feel like another “cloud shuffle,” migrating your scripts is not just a compliance move — it’s your ticket to a more powerful, secure, and future-proof automation toolkit. In this post, I’ll walk you through the essentials of converting your Azure AD scripts to Microsoft Graph, with clear side-by-side examples.

    Why Migrate?

    • Future Support: Microsoft Graph is actively developed; AzureAD is on life support.
    • Unified Endpoint: Graph covers Azure AD, Intune, Exchange Online, Teams, and more in one API.
    • Security: Better authentication methods, including secure app registrations and least-privilege scopes.

    Step 1 – Install Microsoft Graph PowerShell

    # Install the module
Install-Module Microsoft.Graph -Scope CurrentUser

# Update if already installed
Update-Module Microsoft.Graph

# Connect with interactive sign-in
Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All"

# Confirm connection
Get-MgContext

    Step 2 – Side-by-Side Script Conversion

    Example: Get all Azure AD users
    AzureAD Module:

    Connect-AzureAD
Get-AzureADUser -All $true

    Microsoft Graph:

    Connect-MgGraph -Scopes "User.Read.All"
Get-MgUser -All

    Example: Get members of a group
    AzureAD Module:

    $groupId = (Get-AzureADGroup -SearchString "Sales Team").ObjectId
Get-AzureADGroupMember -ObjectId $groupId

    Microsoft Graph:

    $groupId = (Get-MgGroup -Filter "displayName eq 'Sales Team'").Id
Get-MgGroupMember -GroupId $groupId

    Example: Create a new group
    AzureAD Module:

    New-AzureADGroup -DisplayName "Project A Team" -MailEnabled $false -SecurityEnabled $true -MailNickname "ProjectATeam"

    Microsoft Graph:

    New-MgGroup -DisplayName "Project A Team" `
    -MailEnabled:$false `
    -SecurityEnabled `
    -MailNickname "ProjectATeam"

    Step 3 – Updating Authentication
    With Microsoft Graph, you can fine-tune permissions at sign-in instead of granting broad directory access:

    Connect-MgGraph -Scopes "User.ReadWrite.All", "Group.ReadWrite.All"

    Only request the scopes you actually need — this aligns with least privilege best practices.

    Step 4 – Testing and Verification
    Before replacing scripts in production, run them in a test tenant or a non-production environment. Compare outputs from AzureAD and Graph to ensure parity.

    Conclusion
    Migrating from AzureAD to Microsoft Graph PowerShell is more than just a rewrite — it’s a forward-looking investment. Once you adapt, you’ll unlock richer APIs, cross-service automation, and security benefits that AzureAD simply can’t match. My advice? Start small: pick one script, convert it, and test until you’re confident. Once you see the gains, the rest will follow naturally.

    For official guidance and best practices from Microsoft, check out these resources:

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • Only Whisper: Hearing the Voice of the Shepherd at Taylorsville Temple

    I have been here many times, but yesterday was special — the Taylorsville Temple became the backdrop for a sacred lesson on hearing the Lord’s voice.

    Only Whisper

    Revelation is never ours to control; it comes when and how the Lord chooses (D&C 88:68). He alone decides:

    1. To whom it is given
    2. When it is given
    3. How it is given
    4. What is given

    Yesterday, in the quiet holiness of the Taylorsville Temple, I was reminded of all four — not in grand visions, but in a gentle nudge. Even with my mind still learning to fully let go, the Lord chose to speak in His own way. It was not a rebuke, but a whisper — enough to remind me that He knows where I am, and He knows how to guide me forward.

    Most of the time, I move quickly — eager to help, eager to act — even when wisdom would invite me to slow down. I’ve often rushed to finish what’s before me rather than take time for careful preparation or documentation. Yet I’m learning that these slower, quieter moments are part of the work itself. King Benjamin taught that “all these things are to be done in wisdom and order” (Mosiah 4:27). Even after his people entered into a covenant with God, he paused to record each name (Mosiah 6:1) — a small, deliberate act that safeguarded sacred promises.

    And so, in that stillness, the Lord’s counsel from D&C 88:68 settled deeply — to keep my mind single to Him, even while I’m still learning to let go of what I hold dear. His voice is often a whisper, shaping not only what to do, but how and when to do it — in His way, and in His perfect timing.

    While pondering my temple experience in Taylorsville, this Seminary song came to mind, perfectly echoing the message of D&C 88:68:

    (From the Seminary song Voice of the Shepherd, Hold to the Rod series 1-6)

    I want to hear — really want to hear,
    But the sounds of the world loudly ring in my ear,
    While the voice of the Lord that is calling me near
    Only whisper.

    The voice of the Lord is so still, so small,
    I wonder if that’s what I’m hearing at all.
    How can I know if I heard the call of the Shepherd?

    I have His promise, but I have my choice;
    To be of His fold is to hear His voice.
    Knock, and He’ll open — ask and receive from the Shepherd.

    The voice of the world comes on so strong,
    Always insisting you’ve got to belong.
    How far can I follow without doing wrong to the Shepherd?

    Which is the world’s voice? Which voice is mine?
    Which voice is offering a message divine?
    I have His promise, but I have my choice;
    To be of His fold is to hear His voice.
    Knock, and He’ll open — ask and receive from the Shepherd.

    Now as I kneel here next to my bed,
    Chasing the voices from out of my head,
    Listening for feelings in my heart instead, comes a whisper —

    Wonderful message, welcome sound,
    Strange how loudly a whispering sounds.
    The hope that escaped me before has been found in the Shepherd.

    He gave His promise; I made my choice.
    I came to His call when I heard His voice.
    I knocked, and He opened; I asked and received from the Shepherd.

    There is peace in moving at the Lord’s pace (Mosiah 4:27).
    The temple stands, the Spirit speaks, and heaven records even what is unseen (D&C 88:68).
    In that stillness, I let go… trusting that what is meant for me will remain — even when my focus is imperfect, and my heart is still learning to let go of certain things.

    This reminded me of a season when I chased a goal with all my strength—read more in Sacred Reflections

    Most of the time, I am in a hurry and eager to help, preferring to act immediately rather than wait or work through slower, more deliberate steps. I’ve often found myself wanting to get things done rather than take time for careful preparation or documentation — yet I’m learning that these slower moments are part of the work itself. King Benjamin taught that “all these things are to be done in wisdom and order” (Mosiah 4:27). Even after his people entered into a covenant with God, he took the time to record each name (Mosiah 6:1) — a simple act of order that safeguarded sacred commitments.

    In the sacred quiet of the Taylorsville Temple, I felt the Lord’s counsel from D&C 88:68 settle deep into my heart — to keep my mind single to Him, even while my heart is still learning to fully let go. His voice came not as a rebuke, but as a whisper — reminding me that He knows where I am, He knows what I’m carrying, and He knows how to guide me forward.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • Living, moving and being

    Along California’s iconic Hwy 101, I captured this moment: a lone jogger silhouetted against the rising sun. I wasn’t the runner—but in that stillness, I remembered that I, too, live, and move, and have my being.

    A day not just lived, but felt.

    A day when the words from Acts 17:28 stirred within me: “For in Him we live, and move, and have our being.”
    I wasn’t chasing the sun—I was waiting for it. But as I framed this stranger in motion, I saw more than a runner. I saw a reflection of all of us: moving forward, unaware we’re part of something eternal. That’s what the lens captured. That’s what I needed to remember.

    On the Edge of Being

    Poem by Jet Mariano

    He ran before the world awoke,
    A silhouette against gold and smoke.
    No music, map, or finish line—
    Just dawn unfolding, pure and fine.

    I stood unseen, lens in hand,
    Still as stone, yet I understand:
    That in his stride was something more—
    A soul in motion, not at war.

    He moved, I watched; we both were free,
    Two lives unfolding by the sea.
    He didn’t know—but I could see—
    That we both live and move… and have our being.

    I wasn’t chasing the sun—I was waiting for it. But as I framed this stranger in motion, I saw more than a runner. I saw a reflection of all of us: moving forward, unaware we’re part of something eternal. That’s what the lens captured. That’s what I needed to remember.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • I’m Able: Climbing for Light, Capturing the Moon

    After hiking over 2,000 feet to my favorite mountain ridge, I waited in silence with my 1000mm + TC 2x lens—watching the Supermoon rise in full glory. It reminded me that some things are only visible to those willing to climb.
    From this 2K-foot summit, I waited with my 1000mm lens and 2x teleconverter. The shot was worth it. My eyes soaked in the rising Supermoon, but I wanted to remember the experience forever. It took patience, precise camera settings, and above all, an ‘I’m able’ attitude that brought me the stillness I needed. Here’s the result.

    That simple phrase didn’t just motivate me. It rejuvenated me. It reminded me that every setback I’ve endured, every delay, and every heartbreak was not the end—but a test of endurance. Like Edison, like Tesla, and like countless others who stood firm when things fell apart, I now carry this quiet fire inside me.
    No matter what the odds say—I’m able.
    And that means everything.

    I’m Able
    Poem by Jet Mariano

    I’m able—not because I’ve won,
    But because I choose to rise with the sun.
    I’m able—not from praise or might,
    But by standing up when wrong feels right.

    I’m able—through the tear-stained night,
    To cradle hope and guard the light.
    I’m able—though I walk alone,
    To make the climb and call it home.

    I’ve come to realize—I don’t need titles to prove my worth. I don’t measure myself by applause or position.
    What I carry is truth. Lived truth. Quiet truth. Hard-earned truth.
    And in those silent battles when no one’s watching, I remind myself:
    I’m able.
    And that means everything.

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

error: Content is protected !!