Microsoft 365 Consultant

Description

Responsible for leading and delivering Microsoft cloud solutions end-to-end across identity, endpoint, security, and Modern Work workloads. This role operates in customer-facing consulting environments — owning technical delivery from assessment through to handover — and is expected to produce structured, audit-ready deliverables while driving adoption and operational readiness for enterprise clients. The role also supports Microsoft Azure engagements on a project-dependent basis, where cloud infrastructure intersects with M365 workloads.

Requirements

1. Project Delivery (End-to-End)

• Lead and deliver Microsoft cloud projects across assessment, design, implementation, migration (project-dependent), and handover.

• Own project delivery quality: scope management, milestone execution, and customer sign-off.

• Ensure all deliverables are produced to standard and on schedule.

2. Technical Workshops & Customer Engagement

• Run technical workshops: discovery, requirements gathering, solution walkthroughs, and adoption readiness sessions.

• Manage stakeholder communication throughout the project lifecycle.

• Present technical trade-offs clearly to both technical and non-technical audiences.

3. Documentation & Deliverables

• High-Level Design (HLD): Solution architecture, component overview, integration dependencies, security posture, and design decisions with rationale.

• Low-Level Design (LLD): Detailed configuration specifications, policy definitions, step-by-step implementation sequences, rollback procedures, and environment-specific parameters.

• Runbooks: Operational procedures, escalation paths, and day-2 support guidance.

• Implementation Guides & Operational Handover Packs: Knowledge transfer checklists, admin onboarding, and steady-state operating procedures.

• Maintain structured, audit-ready project documentation across all engagements.

• Support SOP creation and knowledge transfer to customer IT teams.

4. Core Solution Delivery — Microsoft Entra (Identity & Access)

• Design and implement Conditional Access, MFA, and passwordless authentication.

• Configure Named Locations and access controls aligned to customer risk profiles.

• Deliver SSO integrations and application onboarding (SAML/OIDC).

5. Core Solution Delivery — Microsoft Intune (Endpoint Management)

• Deploy MAM/MDM policies, app deployment, compliance and configuration baselines.

• Implement Endpoint Security policies, device baselines, and operational reporting.

• Advise on co-management considerations where applicable.

• Onboarding of Endpoints (Windows, Mobile Devices)

6. Project-Dependent / Supporting Workloads

• Support Microsoft 365 workload governance and hardening (Exchange Online, SharePoint, OneDrive, Teams).

• Plan and support tenant-to-tenant migrations (Exchange, SharePoint/OneDrive, Teams) and endpoint profile migration.

• Deliver Microsoft Defender for Endpoint onboarding, baseline hardening, and alert tuning.

• Implement Microsoft Purview solutions: Sensitivity Labels, DLP, Information Lifecycle Management, and Insider Risk where applicable.

• Conduct tenant security assessments across Secure Score, Conditional Access posture, and endpoint health.

• Microsoft Azure (project-dependent): RBAC, networking concepts, logging/monitoring integrations, identity integrations.

7. Troubleshooting & Post-Go-Live Support

• Troubleshoot complex identity and endpoint issues and deliver root-cause fixes (enrollment failures, access blocks, policy conflicts).

• Provide post-go-live hypercare support: stabilisation, tuning, knowledge transfer, and operational readiness confirmation.

8. Travel

• Regional travel across ASEAN markets as required for project delivery, workshops, or client engagement.

Must-Have

• Microsoft Entra ID (Conditional Access, MFA, SSO/SAML/OIDC)

• Microsoft Intune (MDM/MAM, compliance policies, device baselines)

• End-to-end Microsoft cloud project delivery (consulting / SI / MSP / enterprise IT)

• Customer-facing delivery: workshops, stakeholder management, technical presentations

• HLD/LLD and technical documentation writing

• PowerShell scripting for deployment and troubleshooting

• Strong troubleshooting across identity / device / policy interactions

Good-to-Have

• Microsoft certifications: SC-300, MD-102, MS-102, SC-400 or equivalent

• Microsoft Defender for Endpoint, Microsoft Purview

• Tenant-to-tenant migration experience

• Microsoft Azure: RBAC, networking concepts, logging/monitoring integrations

• Hybrid identity environments and migration readiness

• Tooling ecosystem exposure (e.g. Patch My PC, AvePoint, Quest, ShareGate, BitTitan and any other tooling)