> managing group policy sanely is still a challenge I've found - it's very resistant to configuration as code
Imho, this was historically (and continues to be) Microsoft's Achilles heel.
Large parts of the company reflexively wrote features / tooling as manual-first, code-second (or never).
In hindsight, what was missing was a Gates-level memo circa 2000 similar to Amazon's API one: all teams are required to build their configurators to be programmatically exposed.
Unfortunately, I don't think Ballmer was enough of a technologist (and was likely too distracted) to intuit that path not taken.
Imho, this was historically (and continues to be) Microsoft's Achilles heel.
Large parts of the company reflexively wrote features / tooling as manual-first, code-second (or never).
In hindsight, what was missing was a Gates-level memo circa 2000 similar to Amazon's API one: all teams are required to build their configurators to be programmatically exposed.
Unfortunately, I don't think Ballmer was enough of a technologist (and was likely too distracted) to intuit that path not taken.