Key skills
AzureAzure ADEntra IDSSOLeadership
About this role
Key Responsibilities
- Architect the end-to-end Microsoft 365 tenant strategy covering Exchange Online, Teams, SharePoint, OneDrive, Intune, Defender, and Purview.
- Design migration architectures for On-Prem Exchange, Google Workspace, and M365 tenant-to-tenant consolidations.
- Architect identity and access management using Entra ID — including hybrid identity, SSO, MFA, PIM, YubiKey enforcement, and Conditional Access.
- Define and govern tenant configuration standards, licence models, admin role hierarchies, and Teams / SharePoint governance frameworks.
- Architect email security posture using Mimecast and/or Barracuda, including filtering, archiving, continuity, and threat protection policies.
- Lead technical design for M&A tenant consolidations and divestiture scenarios.
- Produce HLD/LLD architecture documentation and present to senior leadership and executive stakeholders.
- Provide technical oversight across migration engineers and Intune specialists during delivery.
Required Qualifications
- 6+ years Microsoft 365 architecture experience across multiple workloads.
- Proven track record architecting and delivering complex M365 migrations (minimum two paths: Exchange hybrid, Google Workspace, or tenant-to-tenant).
- Deep expertise in Entra ID / Azure AD — hybrid identity, Azure AD Connect, SSO, Conditional Access, and PIM.
- Strong knowledge of Mimecast or Barracuda platform architecture and integration with M365 mail flow.
- Experience architecting YubiKey or hardware MFA enforcement across an enterprise user base.
- Ability to produce and present HLD/LLD documentation to both technical and executive audiences.
Required Certifications
- Microsoft MS-102 (Enterprise Administrator Expert) — required or willingness to obtain.
- Microsoft SC-300 (Identity and Access Administrator) — required or willingness to obtain.
- Microsoft SC-400 (Information Protection and Compliance Administrator) — required or willingness to obtain.
- Mimecast Certified Associate or higher — required or willingness to obtain.
- Barracuda Technical Specialist (Email Security or Backup) — required or willingness to obtain.
- YubiKey / Yubico platform training — willingness to obtain required.
Candidates who do not hold the above certifications will be offered access to unpaid self-paced certification resources as part of onboarding to support role readiness.