Microsoft 365 Engineer

About The Position

Requirements

• 5+ years of hands-on engineering experience with Microsoft 365 at enterprise scale, including direct administration of Entra ID, Intune, Exchange Online, Teams, and SharePoint Online.
• Deep, demonstrated expertise in Microsoft Entra ID, including hybrid identity (Entra Connect / Cloud Sync), enterprise application integration, and group-based licensing and assignment models.
• Proven ability to engineer and operate Microsoft Intune at scale, including device configuration, compliance, app protection, and Windows Autopilot.
• Strong software packaging and deployment experience for Win32, MSI, and LOB applications in Intune.
• Working expertise in Exchange Online mail flow, Teams administration, and SharePoint/OneDrive governance.
• PowerShell proficiency for M365 administration and automation (Microsoft Graph PowerShell, Exchange Online, Teams, SharePoint PnP).
• Working exposure to M365 security tooling (Defender for Office 365, Microsoft Purview, Conditional Access) sufficient to partner effectively with the Security team.
• Strong written and verbal communication; ability to translate between technical engineering, end-user support, and business stakeholder audiences.
• High degree of ownership, follow-through, and comfort operating with limited supervision.

Nice To Haves

• Hands-on experience piloting or operationalizing Microsoft Copilot for M365 in an enterprise environment.
• Experience with tenant-to-tenant migration, merger/acquisition integration, or multi-tenant architectures.
• Experience in a regulated industry (healthcare, financial services, or government) with HIPAA, HITRUST, or equivalent compliance requirements.
• Familiarity with Infrastructure-as-Code approaches to M365 configuration (Microsoft Graph, Microsoft365DSC, Bicep/ARM for adjacent Azure resources).
• Experience with SaaS Security Posture Management (SSPM) tooling such as AppOmni, Adaptive Shield, or equivalents.
• Microsoft certifications: MS-102 (Microsoft 365 Administrator Expert), SC-300 (Identity and Access Administrator), MD-102 (Endpoint Administrator), or equivalent current credentials.

Responsibilities

• Own the engineering and day-to-day administration of Microsoft Entra ID (formerly Azure AD), including users, groups, roles, administrative units, and directory extension attributes.
• Maintain and evolve hybrid identity architecture, including Entra Connect / Cloud Sync, synchronization health, attribute flow, and write back configurations.
• Engineer group-based licensing, dynamic groups, and application assignment models that scale cleanly across the workforce.
• Administer enterprise application registrations, SSO configurations (SAML, OIDC), service principals, and managed identities in partnership with application owners.
• Support Entra ID B2B and guest access patterns.
• Partner with Security teams on Conditional Access, MFA, and identity protection policies.
• Own the enterprise Intune tenant, including device configuration profiles, compliance policies, app protection policies, and platform scripts across Windows, macOS, iOS, and Android.
• Engineer and maintain Windows Autopilot deployment profiles, enrollment status pages, and provisioning workflows to support zero touch device delivery at scale.
• Manage endpoint security baselines and settings catalog configurations in alignment with security defined policy intent.
• Troubleshoot enrollment, sync, and policy application issues across the device estate, including co-management and migration scenarios from legacy MDM/MEM tooling as applicable.
• Drive continuous improvement of device posture, patch hygiene, and update ring strategy using Windows Update for Business and Autopatch, Patch my pc.
• Package, publish, and maintain Win32, MSI, LOB, and Microsoft Store apps through Intune; establish consistent packaging and testing standards.
• Own the lifecycle of enterprise application deployment including pilot, broad deployment, supersedence, and retirement.
• Standardize M365 Apps (formerly Office) deployment rings, update channels, and language/add-in policies.
• Partner with application owners and the service desk to ensure reliable software delivery with clear success metrics and minimal user disruption.
• Administer Exchange Online including mail flow, connectors, anti-spam baselines (coordinated with Security), transport rules, shared mailboxes, and hybrid considerations where applicable.
• Engineer and govern Microsoft Teams, including teams lifecycle, policies (messaging, meeting, calling, app permission).
• Own SharePoint Online and OneDrive for Business administration including site architecture, hub relationships, external sharing policy, storage governance, and known folder move.
• Develop and enforce tenant wide governance standards for group provisioning, naming, retention, and lifecycle to prevent sprawl.
• Advance the modern intranet and collaboration experience in partnership with business stakeholders.
• Monitor Microsoft 365 service health, roadmap changes, and major release impacts; translate Microsoft communications into clear operational guidance for the team and business.
• Author and maintain current, version-controlled documentation for tenant configuration, identity architecture, endpoint baselines, and deployment runbooks.
• Participate in change advisory and release management forums; author change records with clear risk and rollback considerations.
• Partner with the Service Desk and Field Support teams to enable Tier 1/2 resolution of common M365 issues and reduce escalation volume.
• Adhere to HIPAA, HITRUST, and internal governance standards in all configuration, access management, and data handling activities.

Benefits

• career growth
• internal advancement
• work-life balance
• regular weekday office hours
• employee well-being