Microsoft 365 Engineer

MAXhealthTampa, FL
Hybrid

About The Position

MaxHealth is seeking a Microsoft 365 Engineer to serve as the enterprise subject matter expert across the M365 productivity, identity, and endpoint management stack. This role owns the day-to-day engineering, configuration, and lifecycle of Microsoft Entra ID, Intune, Autopilot, Exchange Online, Teams, SharePoint Online, OneDrive, and the core productivity applications that support the organization's clinical and corporate workforce. The successful candidate will bring deep, hands on experience administering Microsoft 365 at enterprise scale in a regulated environment, with demonstrated expertise in identity architecture, endpoint management, software deployment, and productivity platform engineering. The endpoint and identity platform is cloud-first, built on Microsoft Intune and Entra ID (no on-premises Configuration Manager), with a strong emphasis on modern deployment, automation, and governance. While this role works closely with the Security team, the M365 Engineer will also get hands on with security tools like Defender for Office 365, Purview DLP, eDiscovery, and Conditional Access. This is a Hybrid role, requiring residence in the greater Tampa area with flexibility to work in person with the team as needed based on project needs.

Requirements

  • 5+ years of hands-on engineering experience with Microsoft 365 at enterprise scale, including direct administration of Entra ID, Intune, Exchange Online, Teams, and SharePoint Online.
  • Deep, demonstrated expertise in Microsoft Entra ID, including hybrid identity (Entra Connect / Cloud Sync), enterprise application integration, and group-based licensing and assignment models.
  • Proven ability to engineer and operate Microsoft Intune at scale, including device configuration, compliance, app protection, and Windows Autopilot.
  • Strong software packaging and deployment experience for Win32, MSI, and LOB applications in Intune.
  • Working expertise in Exchange Online mail flow, Teams administration, and SharePoint/OneDrive governance.
  • PowerShell proficiency for M365 administration and automation (Microsoft Graph PowerShell, Exchange Online, Teams, SharePoint PnP).
  • Working exposure to M365 security tooling (Defender for Office 365, Microsoft Purview, Conditional Access) sufficient to partner effectively with the Security team.
  • Strong written and verbal communication; ability to translate between technical engineering, end-user support, and business stakeholder audiences.
  • High degree of ownership, follow-through, and comfort operating with limited supervision.

Nice To Haves

  • Hands-on experience piloting or operationalizing Microsoft Copilot for M365 in an enterprise environment.
  • Experience with tenant-to-tenant migration, merger/acquisition integration, or multi-tenant architectures.
  • Experience in a regulated industry (healthcare, financial services, or government) with HIPAA, HITRUST, or equivalent compliance requirements.
  • Familiarity with Infrastructure-as-Code approaches to M365 configuration (Microsoft Graph, Microsoft365DSC, Bicep/ARM for adjacent Azure resources).
  • Experience with SaaS Security Posture Management (SSPM) tooling such as AppOmni, Adaptive Shield, or equivalents.
  • Microsoft certifications: MS-102 (Microsoft 365 Administrator Expert), SC-300 (Identity and Access Administrator), MD-102 (Endpoint Administrator), or equivalent current credentials.

Responsibilities

  • Own the engineering and day-to-day administration of Microsoft Entra ID (formerly Azure AD), including users, groups, roles, administrative units, and directory extension attributes.
  • Maintain and evolve hybrid identity architecture, including Entra Connect / Cloud Sync, synchronization health, attribute flow, and write back configurations.
  • Engineer group-based licensing, dynamic groups, and application assignment models that scale cleanly across the workforce.
  • Administer enterprise application registrations, SSO configurations (SAML, OIDC), service principals, and managed identities in partnership with application owners.
  • Support Entra ID B2B and guest access patterns.
  • Partner with Security teams on Conditional Access, MFA, and identity protection policies.
  • Own the enterprise Intune tenant, including device configuration profiles, compliance policies, app protection policies, and platform scripts across Windows, macOS, iOS, and Android.
  • Engineer and maintain Windows Autopilot deployment profiles, enrollment status pages, and provisioning workflows to support zero touch device delivery at scale.
  • Manage endpoint security baselines and settings catalog configurations in alignment with security defined policy intent.
  • Troubleshoot enrollment, sync, and policy application issues across the device estate, including co-management and migration scenarios from legacy MDM/MEM tooling as applicable.
  • Drive continuous improvement of device posture, patch hygiene, and update ring strategy using Windows Update for Business and Autopatch, Patch my pc.
  • Package, publish, and maintain Win32, MSI, LOB, and Microsoft Store apps through Intune; establish consistent packaging and testing standards.
  • Own the lifecycle of enterprise application deployment including pilot, broad deployment, supersedence, and retirement.
  • Standardize M365 Apps (formerly Office) deployment rings, update channels, and language/add-in policies.
  • Partner with application owners and the service desk to ensure reliable software delivery with clear success metrics and minimal user disruption.
  • Administer Exchange Online including mail flow, connectors, anti-spam baselines (coordinated with Security), transport rules, shared mailboxes, and hybrid considerations where applicable.
  • Engineer and govern Microsoft Teams, including teams lifecycle, policies (messaging, meeting, calling, app permission).
  • Own SharePoint Online and OneDrive for Business administration including site architecture, hub relationships, external sharing policy, storage governance, and known folder move.
  • Develop and enforce tenant wide governance standards for group provisioning, naming, retention, and lifecycle to prevent sprawl.
  • Advance the modern intranet and collaboration experience in partnership with business stakeholders.
  • Monitor Microsoft 365 service health, roadmap changes, and major release impacts; translate Microsoft communications into clear operational guidance for the team and business.
  • Author and maintain current, version-controlled documentation for tenant configuration, identity architecture, endpoint baselines, and deployment runbooks.
  • Participate in change advisory and release management forums; author change records with clear risk and rollback considerations.
  • Partner with the Service Desk and Field Support teams to enable Tier 1/2 resolution of common M365 issues and reduce escalation volume.
  • Adhere to HIPAA, HITRUST, and internal governance standards in all configuration, access management, and data handling activities.

Benefits

  • career growth
  • internal advancement
  • work-life balance
  • regular weekday office hours
  • employee well-being

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Senior

Education Level

No Education Listed

Number of Employees

1-10 employees

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service