Senior Modern Workplace Engineer

About the job

Primary Responsibilities • Architect, deploy, and optimise large-scale Microsoft 365 Modern Workplace solutions (5,000–150,000+ seats) • Serve as final escalation point for critical production incidents involving Intune, Autopilot, Windows 365 Cloud PC, Entra ID Conditional Access, Defender for Endpoint, and Teams • Provide advanced troubleshooting of device compliance, application deployment failures, provisioning issues, BitLocker recovery, and hybrid identity sync problems • Design and implement enterprise-grade Conditional Access policies, Intune configuration profiles, compliance policies, and Windows Update rings • Lead Autopilot migrations (on-prem ConfigMgr → full cloud Autopilot) and Windows 365 Cloud PC deployments • Build and maintain PowerShell/PnP/Graph API automation for tenant-wide governance and lifecycle management • Optimize Microsoft Teams environments (voice, meetings, governance, retention, data loss prevention) • Integrate and troubleshoot Defender for Endpoint, Defender for Office 365, and Microsoft Purview (Information Protection, DLP, Insider Risk) • Conduct performance and security reviews of Entra ID, SharePoint, and OneDrive configurations • Create and deliver technical runbooks, root-cause analysis reports, and proactive health assessments • Mentor mid-level engineers and contribute to the internal knowledge base and tooling • Participate in a 24×7 on-call rotation (with generous premium on-call compensation) Required Qualifications • 8+ years of progressive experience in Microsoft endpoint and cloud identity management • Expert-level knowledge of Microsoft Intune, Entra ID (Azure AD), Autopilot, Windows 365, and Co-management • Advanced PowerShell and Microsoft Graph API scripting (automation is a daily activity) • Proven track record in resolving complex, enterprise-scale Modern Workplace incidents • Deep understanding of Entra ID Conditional Access, MFA, identity protection, and privileged identity management • Hands-on experience with Defender for Endpoint advanced hunting, attack surface reduction, and ASR rules • Strong knowledge of Microsoft Teams administration (including Teams Phone / Direct Routing if certified) • Experience with large SharePoint Online migrations, sensitivity labels, and retention policies • Relevant Microsoft certifications required (at minimum two of the following): – MS-102: Microsoft 365 Administrator – MS-700: Managing Microsoft Teams – MD-102: Endpoint Administrator – SC-300: Identity and Access Administrator • Excellent communication skills and prior client-facing consulting or enterprise support experience.

Requirements

• Microsoft 365
• Intune
• PowerShell
• Graph API
• Conditional Access

Preferred Technologies

• Microsoft 365
• Intune
• PowerShell
• Graph API
• Conditional Access

About the company

AHEAD is an organization specializing in Modern Workplace solutions, with a focus on Microsoft 365 and related technologies.