M365 - Service and Architecture Lead

Role Summary: We are seeking a hands-on Microsoft 365 Administrator to manage and continuously improve our Microsoft cloud productivity, collaboration, identity, security, and endpoint landscape. You will be the subject matter expert for Entra ID (Azure AD), Microsoft 365 core services, Defender, Intune, and Purview, with an emphasis on security, automation, compliance, and user experience. You will also oversee the design, governance, automation, and optimization of the M365 platform, ensuring high performance, secure collaboration, and alignment with corporate standards. You will partner with Security, Collaboration, Data, Privacy, and End User Computing teams to ensure a secure, reliable, and measurable value across the business. Job Responsibility: Tenant & Identity • Own tenant-level configuration and lifecycle, including licensing, service health, message center, and roadmap adoption. • Manage Entra ID objects: users, groups, devices, service principals, application registrations, Enterprise Apps, and gallery/non-gallery SSO integrations (SAML/OIDC/OAuth2). • Implement and maintain Conditional Access policies, MFA, Passwordless, and Risk-based access. • Govern Privileged Identity Management (PIM) for roles and groups; enforce least privilege and just-in-time elevation. • Configure Entra ID Connect / Cloud Sync for directory synchronization; resolve identity lifecycle and UPN conflicts. • Enforce Identity Protection baselines: risky users/sign-ins, token protection, continuous access evaluation. Security & Compliance • Implement and maintain Security Defaults, Baseline Policies, and secure configurations aligned to CIS/Microsoft recommendations. • Administer Microsoft Purview: DLP, Information Protection/Sensitivity Labels, Auto-labeling, Data Lifecycle, eDiscovery (Standard/Premium), Audit, Communication Compliance, Insider Risk. • Configure Safe Links/Safe Attachments, anti-phishing/anti-spam rules, and authentication hardening. • Collaborate with Security to operationalize alerts, hunting, and incident response in Defender/XDR and Crowdstrike (if applicable). Collaboration Services • Exchange Online o Administer mail flow, connectors, transport rules, shared mailboxes, RBAC, retention policies, and litigation holds. o Manage hybrid coexistence (if any), MTA integrations, quarantine review, and message trace investigations. • SharePoint Online & OneDrive o Govern site provisioning, site designs, hub architecture, permissions models, external sharing policies, and lifecycle. o Manage storage quotas, retention/records policies, DLP for sites, and data residency as applicable. o Guide information architecture, metadata, and collaboration best practices. • Microsoft Teams o Configure Teams policies/profiles, app permissions, external access/guest access, meeting/recording/retention settings. o Oversee Teams Rooms, devices, and voice/telephony integration (if applicable). o Implement lifecycle governance for Teams/Groups (naming, expiration, classification, archival). Endpoint & Device Management • Enroll and manage Windows, macOS, iOS/iPadOS, Android devices; compliance policies, configuration profiles, remediation. • Autopilot provisioning, application deployment, patching, update rings, BitLocker/FileVault, Defender management. • Conditional access enforcement tied to device compliance; platform hardening baselines. Threat Protection • Configure and tune Defender for Endpoint, Defender for Office 365, Defender for Identity, Defender for Cloud Apps (MCAS). • Onboard devices, manage indicators, attack surface reduction, device control, web content filtering. • Investigate incidents, run advanced hunting queries, coordinate with SecOps for response. Automation & Operations • Automate repetitive tasks with PowerShell (Exchange Online, Entra, MSOnline, Teams, SharePoint, Graph), Graph API, and Power Automate where appropriate. • Create runbooks for provisioning/deprovisioning, license assignment, lifecycle, and compliance enforcement. • Maintain operational documentation, architecture diagrams, SOPs, and knowledge base articles. Governance & License Management • Manage licenses (E5/E3/Fx/LOB add-ons), allocations, re-harvesting, and cost optimization (FinOps mindset). • Define and enforce governance for Groups/Teams/Sites/Apps, data residency, external collaboration, and third party integrations. • Conduct periodic access reviews, entitlement management, and app/consent governance. Monitoring & Reliability • Proactive monitoring of service health, adoption metrics, and capacity; define SLAs/OLAs and escalation paths. • Coordinate tenant change control, release validation, communications, and user readiness. • Implement backup/restore strategies for M365 services (native + third-party), and participate in business continuity/disaster recovery planning and tests. Support & Stakeholder Management • Provide tier 3 support, coordinate with security, legal, HR, and lead training, communication, and adoption efforts. Job Qualification: • Bachelor's degree in Computer Science, IT, or related discipline. • 4–7 years of M365 and Entra ID administration. • Strong expertise with Conditional Access, MFA/Passwordless, PIM, and Identity Protection. • Experience with Exchange, SharePoint, Teams, Intune, and Defender. • Knowledge of Purview (DLP, labels, eDiscovery, retention). • Proficiency in PowerShell and Graph API. • Understanding of Zero Trust and least privilege. • Strong communication and documentation skills. • Microsoft Certifications (Nice to have) o Microsoft 365 Certified: Administrator Expert o Microsoft Certified: Cybersecurity Architect Expert o Microsoft Certified: Security Operations Analyst Associate o Microsoft Certified: Identity and Access Administrator Associate o Microsoft Certified: Information Protection and Compliance Administrator Associate o MD-102 (Endpoint Administrator) / MS-102 (M365 Administrator) Key Competencies: • Strong ownership mindset, capable of driving platform vision and roadmap. • Deep technical expertise combined with excellent communication and stakeholder engagement. • Governance-focused, detail oriented, and proactive in identifying opportunities for optimization. • Passion for building scalable, secure, and high value collaboration environments. • Ability to lead cross-functional initiatives and act as the central reference point for all M365 platform matters.

More information about NXP in India...

#LI-2734