Role Purpose
We are seeking a Senior Microsoft Expert to own, optimize, and govern the organization’s Microsoft ecosystem, including Microsoft 365, Active Directory, Entra ID (Azure AD), Windows platforms, Microsoft Intune, and Company Portal.
This role exists to:
- Ensure Microsoft platforms are secure, stable, standardized, and optimized
- Establish strong endpoint, identity, and Microsoft 365 governance
- Act as the deep technical authority for all Microsoft-related services
This is not a general IT Administrator role.
The Microsoft Expert is expected to operate at Level 3 / Expert level.
Scope of Ownership
- The Microsoft Expert owns technical excellence and optimization across:
- Microsoft 365 (Tenant-level)
- Identity & Access (AD, Entra ID, Hybrid Identity)
- Microsoft Intune & Company Portal
- Windows Client & Server (Microsoft stack only)
- Microsoft Security & Compliance capabilities
Key Responsibilities:
- Microsoft 365 Platform Ownership
Own and optimize:
- Exchange Online
- SharePoint Online
- OneDrive for Business
- Microsoft Teams
Tenant-level configuration, governance, and optimization
Define:
- Usage standards
- Security baselines
- Feature adoption strategy
- Identity & Access Architecture (Microsoft-Centric)
Own Microsoft identity platforms:
- Active Directory (on-premises)
- Microsoft Entra ID (Azure AD)
- Hybrid identity design
Design and manage:
- Conditional Access policies
- MFA enforcement
- Role-based access control (RBAC)
Ensure secure identity lifecycle:
- Joiner / Mover / Leaver processes
- Endpoint Management – Intune & Company Portal (Core Responsibility)
Own and design Microsoft Intune architecture and configuration
Manage:
- Windows 10 / 11 device enrollment
- Mobile device enrollment
- Compliance policies
- Configuration profiles
Own Company Portal experience:
- Application publishing
- Self-service app lifecycle
- User experience optimization
Define and enforce:
- Device compliance standards
- Security baselines
Support:
- Autopilot deployment models (where applicable)
- Windows Client & Endpoint Security
Define Windows endpoint standards:
- OS hardening
- Security configurations
Manage:
- Group Policy (where applicable)
- Co-management (GPO + Intune)
Integrate endpoints with:
Microsoft Defender for Endpoint
Ensure:
- Device health
- Patch compliance
- Secure configuration
- Microsoft Security & Compliance (Platform Scope)
Implement and optimize:
- Microsoft Defender (Endpoint, Identity, Office 365)
- Secure Score improvements
Work with IT Security teams on:
- Threat protection strategy
- Audit and compliance readiness
Support:
- DLP
- Retention and sensitivity labels (if applicable)
- Microsoft Server & Core Services (Platform Expertise)
Expert-level knowledge of:
- Windows Server platforms
- DNS, DHCP, Active Directory services
Optimize:
- Directory design
- Replication
- Authentication performance
Support the Senior Server, Linux & Datacenter Expert with Microsoft-specific platform expertise
- Automation & Operational Excellence
Automate Microsoft platform tasks using:
- PowerShell
- Microsoft Graph API
Reduce manual configuration and operational errors
Create reusable scripts and standards
- Documentation, Standards & Governance
Create and maintain:
- Microsoft platform architecture documentation
- Intune and endpoint standards
- Identity and security configuration baselines
Ensure consistency across environments
Enable knowledge transfer to Level 2 teams
- Expert Escalation & Advisory Role
Act as Level 3 / Expert escalation for:
- Microsoft 365 incidents
- Identity and authentication issues
- Intune and endpoint failures
Advise architecture and management on:
- Microsoft roadmap and feature usage
- Licensing optimization
- Platform risk and impact
Required Languages
- 8+ years working with Microsoft enterprise platforms
- 5+ years Microsoft 365 experience
- 5+ years hands-on Microsoft Intune experience
- Strong background in hybrid identity and endpoint environments
Mandatory Technical Expertise
Microsoft 365
- Exchange Online
- SharePoint Online
- Teams
- Tenant governance
Identity & Access
- Active Directory
- Microsoft Entra ID
- Conditional Access
- MFA and RBAC
Endpoint Management
- Microsoft Intune
- Company Portal
- Windows Autopilot (preferred)
- Compliance and configuration profiles
Windows Platforms
- Windows Server 2016 / 2019 / 2022
- Windows 10 / 11 Enterprise
Soft Skills
- Strong analytical and troubleshooting mindset
- Clear documentation and communication skills
- Ability to challenge incorrect Microsoft configurations
- Ownership and accountability
- Calm and structured approach during critical incidents
Certification Requirements
Mandatory (At Least One)
- Microsoft 365 Enterprise Administrator Expert
OR
- Microsoft Certified: Identity and Access Administrator Associate
Strongly Preferred
Microsoft Certified: Endpoint Administrator Associate
Microsoft Certified: Security Operations Analyst Associate
Microsoft Certified: Windows Server Hybrid Administrator Associate
Nice to Have (Expert Signal)
SC-100: Microsoft Cybersecurity Architect Expert
Microsoft Certified Trainer (MCT)
ITIL 4 – Managing Professional
Success Criteria
- Secure and compliant endpoint environment
- Stable, optimized Microsoft 365 and identity platforms
- Reduced endpoint and identity-related incidents
- Clear Intune, Company Portal, and Microsoft standards in place
