Microsoft 365, Intune, networks, servers, VoIP, cameras, cabling — and native iOS apps, M365 automation, Claude-API workflows. The full stack, run by the person actually doing the work. Not a ticket queue. Not an agency. Based in Glendale, serving LA and Orange County. Bilingual English / Русский.
Small-business IT problems rarely stay in one lane — an Intune issue becomes a network issue becomes a cabling issue. Coordinating three vendors is how those problems fall through the cracks. These two are where most engagements start:
Tenant admin, license optimization, Conditional Access + MFA design, cross-tenant migrations, and email security hardened to p=reject.
Intune rollouts from scratch across Windows, iOS, macOS. Autopilot, ESP, BitLocker, Win32 packaging, Apple Business Manager federation, Security Baseline audits.
A guided audit of your Microsoft 365 tenant against CISA's Secure Cloud Business Applications (SCuBA) baselines — Entra ID, Defender, Exchange Online, SharePoint & OneDrive, Teams, Power Platform — plus the hardening work to close the gaps that actually matter for your business. Written report mapped to the baseline. You hand it to a board, an auditor, or your next IT vendor; nothing depends on me being on the call.
30 minutes from kickoff to raw results.quarterly re-scan to catch drift.Not a generalist with a long CV — three lines of software work, each picked because they reward the kind of attention one person can actually give them. Native, automated, and quietly intelligent.
From first commit to App Store. Road-distance routing on MapKit, CoreLocation for live tracking, SwiftData for persistence, native UI for iOS 26's design language. No webview wrappers, no React-Native-in-a-mask, no Electron pretending to be an app.
Onboarding, license cleanup, mailbox migrations, conditional-access drift checks, scheduled audits, custom reports. The recurring work that should never have been someone's Monday morning — written once, then forgotten about.
LLM features wired into existing systems. Prompt caching to cut cost, tool use for structured outputs, Custom Agents and Skills that fit the team you already have. Integrations that get used after week two, not abandoned.
A native iOS mileage tracker for sole proprietors and contractors. Drives detect themselves — background GPS, motion-gated so a walk never logs as a trip, with a lock-screen Live Activity while you drive. SwiftUI throughout, SwiftData synced to your private iCloud, MapKit road-distance instead of crow-flies, CSV import/export for tax filing. Built end-to-end. App Store release upcoming.
A small sample of engagements, scrubbed of client names. Each of these was root-caused by me — not a tier-1 somewhere else. For a technical buyer: this is what "the engineer doing the work" actually produces.
Compromised mailbox on a small professional-services tenant. Produced a full forensic report with attacker infrastructure mapped across 4 rotating IPs, post-incident CA + Spoof Intelligence hardening, and a re-usable runbook for the client's ops lead.
Three other engineers had chased this as an RDS config issue for weeks. Root cause was fragmented DF-set packets silently dropped upstream. Fix: MTU 1400 on the tunnel interface + TCP MSS clamping. 20-minute change, problem gone.
Collapsed two acquired entities into a single tenant. BitTitan MigrationWiz for mailboxes + OneDrive; eDiscovery PST exports for retention; accepted-domain cleanup to prevent external spoofed mail routing through the old tenant during cutover.
Detection script had been authored on a mixed-line-ending editor. Intune's -ExecutionPolicy Bypass runner was silently failing with exit code 1. Re-saved with LF, bumped the detection version, pushed. Full fleet green within the next sync cycle.
New 30-person tenant moving into an empty shell. Cat6a pulls + patch panel terminations, UniFi Wi-Fi with VLAN segmentation, Windows Server + AD, Avaya IP Office with hunt groups and voicemail, IP cameras + NVR. One engineer, one vendor invoice.
p=reject.Progressive rollout across a portfolio of client domains: SPF audit, DKIM signing on all legitimate senders, DMARC p=none → quarantine → reject with aggregate-report monitoring. Eliminated a recurring pattern of domain-spoofing phishing targeting finance staff.
Most of the environments I've inherited were tangled because the previous vendor never wrote anything down. That's the problem I'm trying to not be.
I start by understanding what's actually in place — not what a previous vendor claimed was there. Every engagement produces diagrams, runbooks, and inventories. Your team can read them. Your next IT provider can read them. Nothing depends on remembering what I told you on a phone call six months ago.
I also do the work myself. I write the PowerShell, terminate the cables, rack the server, and run the migration. No handoffs to an offshore tier-1 who has never seen your environment.
I'm Aidar. I run Aidar LLC as an independent IT engineering practice, focused on small businesses and nonprofits in the Los Angeles area.
What I enjoy — and what I'm best at — is taking tangled, undocumented environments and turning them into something reliable and well-managed. The kind of network you don't have to think about. The kind of M365 tenant where Conditional Access, licensing, and mail flow are all in a known state rather than a mystery.
I work across a wider stack than most solo engineers: cloud identity and endpoint management on one end, rack-and-stack server and cabling on the other. For a small business, that usually means coordinating one person instead of three vendors who each blame the other when something goes wrong.
Bilingual English / Russian — I work with Russian-speaking business owners across LA, including on Russian-language server environments where few local providers can help. Если удобнее по-русски — пишите, помогу.
Migration, incident, second-opinion audit, or just a sanity check on whether your current setup is holding up — reach out. I'll tell you honestly whether I'm the right fit.
Email me →