Key skills
Microsoft 365AzureMicrosoft Entra IDAzure AD identity and access solutionsMicrosoft Entra External IDB2B collaborationCross-tenant accessMicrosoft Purview Information ProtectionSensitivity labelsEncryptionMicrosoft Purview Message EncryptionConditional Access policiesSharePoint OnlinePower Platform governancePower BI securityPowerShellMicrosoft GraphMicrosoft certificationsConsultingBIPower BIAzure ADEntra IDCommunicationCollaboration
About this role
AIS is a mission-driven company focused on making a difference through innovative projects. They are seeking a Senior Microsoft Cloud Engineer to lead the design and optimization of secure external collaboration capabilities within the Microsoft cloud ecosystem.
Responsibilities:
- Design, configure, and maintain Microsoft Entra B2B collaboration and cross-tenant access settings to support secure partner and guest access to enterprise applications, collaboration workloads, and external-facing business solutions
- Engineer and administer external identity controls including invitation workflows, trust settings, guest lifecycle processes, access reviews support, and secure onboarding/offboarding patterns for third-party users
- Design and implement security architecture for external access to SharePoint extranets, including authentication patterns, authorization boundaries, site and content protection models, sharing restrictions, and monitoring requirements
- Define and implement Microsoft Purview Information Protection controls including sensitivity labels, encryption, data handling rules, and integration points with DLP and collaboration workloads
- Design and implement Microsoft Purview Message Encryption and related encrypted mail protections for secure communication with external recipients, including policy-based encryption use cases and operational support models
- Design, test, and tune Conditional Access policies to govern external access based on user, device, application, session, location, risk, and authentication context, using phased rollout and validation practices
- Build secure access patterns for Power Platform applications, flows, and connectors through environment strategy, role design, data policies, connector governance, and identity controls
- Define and implement security controls for Power BI reports, dashboards, semantic models, workspaces, sharing models, and external consumption scenarios
- Partner with security, compliance, messaging, collaboration, and application teams to translate policy and regulatory requirements into enforceable cloud controls
- Produce architecture diagrams, standards, control narratives, engineering runbooks, and operational procedures for steady-state support
Requirements:
- 8+ years of experience in Microsoft cloud engineering, with substantial hands-on responsibility for Microsoft 365, Azure, and enterprise security controls
- 4+ years of direct experience designing and administering Microsoft Entra ID / Azure AD identity and access solutions
- Deep experience with Microsoft Entra External ID / B2B collaboration, cross-tenant access, external collaboration settings, guest access governance, and secure partner access models
- Strong experience implementing Microsoft Purview Information Protection capabilities, including sensitivity labels, encryption, and data protection policy integration
- Strong experience designing Microsoft Purview Message Encryption / OME solutions for secure external email exchange
- Proven experience designing and deploying Conditional Access policies in enterprise environments, including policy testing, exception handling, and access hardening
- Experience securing SharePoint Online sites and extranets for external access, including site permissions, sharing models, and information protection considerations
- Experience implementing governance and security controls for Power Platform, including environment strategy, roles, and data policies
- Experience securing Power BI platforms, including workspace governance, dataset security, sharing controls, and report access design
- Experience in highly regulated environments such as defense, government, healthcare, financial services, or other compliance-driven enterprises
- Experience supporting security assessments, accreditation packages, or control inheritance models
- Familiarity with Microsoft Defender, audit logging, insider risk considerations, and monitoring of collaboration and sharing events
- Experience with DevOps, infrastructure as code, or scripted administration using PowerShell, Microsoft Graph, or automation tooling
- Microsoft certifications in areas such as Microsoft Entra, Microsoft 365 Security, Azure Security, or Purview