M365 Service and Architecture Lead

Role Summary: We are seeking a hands-on Microsoft 365 Administrator to manage and continuously improve our Microsoft cloud productivity collaboration identity security and endpoint landscape. You will be the subject matter expert for Entra ID (Azure AD) Microsoft 365 core services Defender Intune and Purview with an emphasis on security automation compliance and user will also oversee the design governance automation and optimization of the M365 platform ensuring high performance secure collaboration and alignment with corporate standards. You will partner with Security Collaboration Data Privacy and End User Computing teams to ensure a secure reliable and measurable value across the Responsibility: Tenant & Identity Own tenant-level configuration and lifecycle including licensing service health message center and roadmap adoption. Manage Entra ID objects: users groups devices service principals application registrations Enterprise Apps and gallery/non-gallery SSO integrations (SAML/OIDC/OAuth2). Implement and maintain Conditional Access policies MFA Passwordless and Risk-based access. Govern Privileged Identity Management (PIM) for roles and groups; enforce least privilege and just-in-time elevation. Configure Entra ID Connect / Cloud Sync for directory synchronization; resolve identity lifecycle and UPN conflicts. Enforce Identity Protection baselines: risky users/sign-ins token protection continuous access & Compliance Implement and maintain Security Defaults Baseline Policies and secure configurations aligned to CIS/Microsoft recommendations. Administer Microsoft Purview: DLP Information Protection/Sensitivity Labels Auto-labeling Data Lifecycle eDiscovery (Standard/Premium) Audit Communication Compliance Insider Risk. Configure Safe Links/Safe Attachments anti-phishing/anti-spam rules and authentication with Security to operationalize alerts hunting and incident response in Defender/XDR and Crowdstrike (if applicable).Collaboration Services Exchange OnlineoAdminister mail flow connectors transport rules shared mailboxes RBAC retention policies and litigation hybrid coexistence (if any) MTA integrations quarantine review and message trace Online & OneDriveoGovern site provisioning site designs hub architecture permissions models external sharing policies and storage quotas retention/records policies DLP for sites and data residency as information architecture metadata and collaboration best TeamsoConfigure Teams policies/profiles app permissions external access/guest access meeting/recording/retention Teams Rooms devices and voice/telephony integration (if applicable).oImplement lifecycle governance for Teams/Groups (naming expiration classification archival).Endpoint & Device ManagementEnroll and manage Windows macOS iOS/iPadOS Android devices; compliance policies configuration profiles remediation. Autopilot provisioning application deployment patching update rings BitLocker/FileVault Defender management. Conditional access enforcement tied to device compliance; platform hardening Protection Configure and tune Defender for Endpoint Defender for Office 365 Defender for Identity Defender for Cloud Apps (MCAS). Onboard devices manage indicators attack surface reduction device control web content filtering. Investigate incidents run advanced hunting queries coordinate with SecOps for & OperationsAutomate repetitive tasks with PowerShell (Exchange Online Entra MSOnline Teams SharePoint Graph) Graph API and Power Automate where appropriate. Create runbooks for provisioning/deprovisioning license assignment lifecycle and compliance enforcement. Maintain operational documentation architecture diagrams SOPs and knowledge base & License ManagementManage licenses (E5/E3/Fx/LOB add-ons) allocations re-harvesting and cost optimization (FinOps mindset). Define and enforce governance for Groups/Teams/Sites/Apps data residency external collaboration and third party integrations. Conduct periodic access reviews entitlement management and app/consent & ReliabilityProactive monitoring of service health adoption metrics and capacity; define SLAs/OLAs and escalation paths. Coordinate tenant change control release validation communications and user readiness. Implement backup/restore strategies for M365 services (native third-party) and participate in business continuity/disaster recovery planning and & Stakeholder ManagementProvide tier 3 support coordinate with security legal HR and lead training communication and adoption efforts. Job Qualification: Bachelors degree in Computer Science IT or related discipline.47 years of M365 and Entra ID expertise with Conditional Access MFA/Passwordless PIM and Identity with Exchange SharePoint Teams Intune and of Purview (DLP labels eDiscovery retention).Proficiency in PowerShell and Graph of Zero Trust and least communication and documentation Certifications (Nice to have)oMicrosoft 365 Certified: Administrator Expert oMicrosoft Certified: Cybersecurity Architect Expert oMicrosoft Certified: Security Operations Analyst Associate oMicrosoft Certified: Identity and Access Administrator Associate oMicrosoft Certified: Information Protection and Compliance Administrator Associate oMD-102 (Endpoint Administrator) / MS-102 (M365 Administrator) Key Competencies: Strong ownership mindset capable of driving platform vision and technical expertise combined with excellent communication and stakeholder -focused detail oriented and proactive in identifying opportunities for for building scalable secure and high value collaboration to lead cross-functional initiatives and act as the central reference point for all M365 platform matters.

More information about NXP in India...

#LI-2734