About
OVERVIEW
We are implementing a fully designed, security-first Microsoft 365 environment across multiple tenants. The architecture, role model, access mappings, Conditional Access matrix, and compliance controls have already been meticulously designed and approved.
We are not looking for an architect to redesign or simplify the model.
We are looking for a highly disciplined Microsoft 365 security implementation engineer who can execute the defined architecture precisely and without deviation.
This is a configuration-heavy, control-plane-focused engagement requiring strong hands-on experience with Entra ID, Conditional Access, Intune, Microsoft Purview, and Windows 365 / Azure Virtual Desktop.
SCOPE OF WORK
You will be responsible for implementing the following domains strictly according to provided specifications:
Identity & Access Control
• Entra ID role group creation (RG → AG model)
• Group-based access enforcement (no direct user permissions)
• Privileged Identity Management (PIM) configuration
• Break-glass account configuration
• Enforcement of no-standing-admin model
Conditional Access
• Implementation of a defined Conditional Access policy matrix
• MFA enforcement
• Device compliance requirements
• Privileged role protections
• Execution routing into Cloud PC / AVD
• No policy redesign or consolidation without approval
Endpoint & Execution Controls
• Intune compliance policies (Windows & macOS)
• Device enrollment configuration
• Defender for Endpoint alignment
• Windows 365 Cloud PC deployment
• Azure Virtual Desktop configuration (if required)
• Session restriction controls (USB, clipboard, drive mapping)
Compliance & Information Protection
• Sensitivity label configuration
• Label publishing policies
• Label-driven retention policies (no location-wide defaults)
• DLP configuration
• Audit log configuration
• eDiscovery configuration (if applicable)
Email & Governance
• Exchange Online security hardening
• SPF / DKIM / DMARC validation
• Mailbox governance implementation
REQUIRED SKILLS & EXPERIENCE
• Deep hands-on experience with Microsoft Entra ID
• Conditional Access policy implementation at scale
• Privileged Identity Management (PIM)
• Intune device compliance & configuration profiles
• Windows 365 Cloud PC or Azure Virtual Desktop deployment
• Microsoft Purview (retention policies, DLP, sensitivity labels)
• Exchange Online governance
• Experience in regulated or compliance-heavy environments preferred
ENGAGEMENT STRUCTURE
• Project-based contract (phased execution)
• Initial phase: Identity & Conditional Access
• Subsequent phases: Endpoint enforcement, Purview, Monitoring
• All changes documented and reviewed
• Clear milestone-based deliverables
BUDGET
Open to market rate for experienced security implementation engineers.
Contract duration of 1 to 3 months. with 30 hours per week.
Mandatory skills: Microsoft Azure, Office 365, Information Security, Security Infrastructure, Microsoft Active Directory, Microsoft Entra ID, Conditional Access, Microsoft Intune, Microsoft Purview, Azure Virtual Desktop
Languages
- English
Notice for Users
This job comes from a TieTalent partner platform. Click "Apply Now" to submit your application directly on their site.