MaxHealth is seeking a Microsoft 365 Engineer to serve as the enterprise subject matter expert across the M365 productivity, identity, and endpoint management stack. This role owns the day-to-day engineering, configuration, and lifecycle of Microsoft Entra ID, Intune, Autopilot, Exchange Online, Teams, SharePoint Online, OneDrive, and the core productivity applications that support the organization's clinical and corporate workforce.

The successful candidate will bring deep, hands on experience administering Microsoft 365 at enterprise scale in a regulated environment, with demonstrated expertise in identity architecture, endpoint management, software deployment, and productivity platform engineering. Our endpoint and identity platform is cloud-first, built on Microsoft Intune and Entra ID (no on-premises Configuration Manager), with a strong emphasis on modern deployment, automation, and governance.

While this role works closely with the Security team, the M365 Engineer will also get hands on with security tools like Defender for Office 365, Purview DLP, eDiscovery, and Conditional Access.

Location- Hybrid- Must reside in the greater Tampa area with flexibility to work in person with team as needed based on project needs.

Responsibilities

Identity & Access - Microsoft Entra ID

• Own the engineering and day-to-day administration of Microsoft Entra ID (formerly Azure AD), including users, groups, roles, administrative units, and directory extension attributes.
• Maintain and evolve hybrid identity architecture, including Entra Connect / Cloud Sync, synchronization health, attribute flow, and write back configurations.
• Engineer group-based licensing, dynamic groups, and application assignment models that scale cleanly across the workforce.
• Administer enterprise application registrations, SSO configurations (SAML, OIDC), service principals, and managed identities in partnership with application owners, Support Entra ID B2B and guest access patterns.
• Partner with Security teams on Conditional Access, MFA, and identity protection policies.

Endpoint Management - Microsoft Intune

• Own the enterprise Intune tenant, including device configuration profiles, compliance policies, app protection policies, and platform scripts across Windows, macOS, iOS, and Android.
• Engineer and maintain Windows Autopilot deployment profiles, enrollment status pages, and provisioning workflows to support zero touch device delivery at scale.
• Manage endpoint security baselines and settings catalog configurations in alignment with security defined policy intent.
• Troubleshoot enrollment, sync, and policy application issues across the device estate, including co-management and migration scenarios from legacy MDM/MEM tooling as applicable.
• Drive continuous improvement of device posture, patch hygiene, and update ring strategy using Windows Update for Business and Autopatch, Patch my pc.

Software Deployment & Application Lifecycle

• Package, publish, and maintain Win32, MSI, LOB, and Microsoft Store apps through Intune; establish consistent packaging and testing standards.
• Own the lifecycle of enterprise application deployment including pilot, broad deployment, supersedence, and retirement.
• Standardize M365 Apps (formerly Office) deployment rings, update channels, and language/add-in policies.
• Partner with application owners and the service desk to ensure reliable software delivery with clear success metrics and minimal user disruption.

Productivity Platforms - Exchange Online, Teams, SharePoint, OneDrive

• Administer Exchange Online including mail flow, connectors, anti-spam baselines (coordinated with Security), transport rules, shared mailboxes, and hybrid considerations where applicable.
• Engineer and govern Microsoft Teams, including teams lifecycle, policies (messaging, meeting, calling, app permission).
• Own SharePoint Online and OneDrive for Business administration including site architecture, hub relationships, external sharing policy, storage governance, and known folder move.
• Develop and enforce tenant wide governance standards for group provisioning, naming, retention, and lifecycle to prevent sprawl.
• Advance the modern intranet and collaboration experience in partnership with business stakeholders.

Platform Operations, Governance & Change

• Monitor Microsoft 365 service health, roadmap changes, and major release impacts; translate Microsoft communications into clear operational guidance for the team and business.
• Author and maintain current, version-controlled documentation for tenant configuration, identity architecture, endpoint baselines, and deployment runbooks.
• Participate in change advisory and release management forums; author change records with clear risk and rollback considerations.
• Partner with the Service Desk and Field Support teams to enable Tier 1/2 resolution of common M365 issues and reduce escalation volume.
• Adhere to HIPAA, HITRUST, and internal governance standards in all configuration, access management, and data handling activities.

Qualifications

Required

• 5+ years of hands-on engineering experience with Microsoft 365 at enterprise scale, including direct administration of Entra ID, Intune, Exchange Online, Teams, and SharePoint Online.
• Deep, demonstrated expertise in Microsoft Entra ID, including hybrid identity (Entra Connect / Cloud Sync), enterprise application integration, and group-based licensing and assignment models.
• Proven ability to engineer and operate Microsoft Intune at scale, including device configuration, compliance, app protection, and Windows Autopilot.
• Strong software packaging and deployment experience for Win32, MSI, and LOB applications in Intune.
• Working expertise in Exchange Online mail flow, Teams administration, and SharePoint/OneDrive governance.
• PowerShell proficiency for M365 administration and automation (Microsoft Graph PowerShell, Exchange Online, Teams, SharePoint PnP).
• Working exposure to M365 security tooling (Defender for Office 365, Microsoft Purview, Conditional Access) sufficient to partner effectively with the Security team.
• Strong written and verbal communication; ability to translate between technical engineering, end-user support, and business stakeholder audiences.
• High degree of ownership, follow-through, and comfort operating with limited supervision.

Preferred

• Hands-on experience piloting or operationalizing Microsoft Copilot for M365 in an enterprise environment.
• Experience with tenant-to-tenant migration, merger/acquisition integration, or multi-tenant architectures.
• Experience in a regulated industry (healthcare, financial services, or government) with HIPAA, HITRUST, or equivalent compliance requirements.
• Familiarity with Infrastructure-as-Code approaches to M365 configuration (Microsoft Graph, Microsoft365DSC, Bicep/ARM for adjacent Azure resources).
• Experience with SaaS Security Posture Management (SSPM) tooling such as AppOmni, Adaptive Shield, or equivalents.
• Microsoft certifications: MS-102 (Microsoft 365 Administrator Expert), SC-300 (Identity and Access Administrator), MD-102 (Endpoint Administrator), or equivalent current credentials.

ABOUT MAXHEALTH

MaxHealth is dedicated to simplifying healthcare and ensuring healthier futures-for our patients and our people.

Founded in 2015, MaxHealth is a leading primary care platform focused on delivering high‑quality, integrated, value‑based care to adults and senior patients throughout Florida. Today, we support more than 70,000 value‑based care patients through a growing network of more than 55 owned clinics and 30 affiliated practices across central and southern Florida.

Our success is driven by our people. MaxHealth is home to a diverse, multidisciplinary team of more than 700 employees-including primary care providers, specialists, clinical staff, and corporate professionals-who are united by a shared purpose: to make healthcare simpler, more compassionate, and more human.

We are proud to offer a workplace that supports career growth, internal advancement, and work‑life balance, with regular weekday office hours and a strong commitment to employee well‑being.

At MaxHealth, team members are encouraged to grow their skills, pursue leadership opportunities, and build long‑term careers in an environment where their contributions truly matter.

MaxHealth also partners with like‑minded independent providers, leveraging our platform to expand access to high‑quality care while preserving the personalized relationships that define great medicine.

Our values guide everything we do: we are customer‑centered, compassionate, results‑driven, proactive, collaborative, and adaptable. These values shape not only how we care for patients, but how we support one another as colleagues.

Our mission is simple: to deliver quality care, a simplified experience, and happiness-one patient, and one team member, at a time.

#IND123