Microsoft 365 & Azure Administrator (L2)
Gargash Group
Description
About the Role : This is a hands-on technical role responsible for the day-to-day administration, operational stability, and security posture of the Group’s Microsoft 365 tenant and Microsoft Azure environment. The role holder will ensure that the tenant and cloud environment are administered to a professional standard, secure by default, licensed correctly, fully documented, and aligned with Group security and compliance requirements.
Responsibilities :
-
Microsoft 365 Administration
-
Administer the Microsoft 365 tenant on a day-to-day basis, including Exchange Online (mailboxes, distribution lists, mail flow, transport rules), SharePoint and OneDrive (sites, sharing policies, retention), and Microsoft Teams (teams, channels, policies, voice configuration where applicable).
-
Manage Intune / Endpoint Manager configuration: device enrolment, compliance policies, configuration profiles, application deployment, and conditional access integration.
-
Operate Microsoft Purview controls in coordination with Cybersecurity and Risk & Governance — data loss prevention, retention labels, sensitivity labels, eDiscovery requests.
-
Maintain tenant hygiene: unused mailboxes, shared mailbox sprawl, orphaned guest accounts, stale Teams and SharePoint sites.
-
Identity & Access Management
-
Administer Entra ID (Azure AD): user lifecycle, group management, application registrations, enterprise applications, service principals.
-
Implement and maintain Conditional Access policies, MFA enforcement, sign-in risk policies, and named locations in line with the Group security baseline.
-
Operate Privileged Identity Management (PIM) for just-in-time elevation of administrative roles; conduct periodic access reviews.
-
Support the migration from on-premises Active Directory to a cloud-native Entra ID environment, including hybrid identity synchronisation and the phased decommissioning of legacy domain controllers.
-
Partner with the Cybersecurity and Applications teams on identity and access management, maintaining identity hygiene across the estate.
-
Azure Administration
-
Administer Azure subscriptions, resource groups, and management groups under the Group’s tenant governance model.
-
Provision, configure, and maintain Azure IaaS (virtual machines, storage, networking) and PaaS services in line with architectural standards set with the Enterprise Architect.
-
Operate Azure Key Vault — secret, key, and certificate lifecycle management, access policies, and integration with application teams.
-
Configure and monitor Azure Backup, Site Recovery, and disaster-recovery components for in-scope workloads, sharing the backup and recovery support load with the Cybersecurity, Applications, and Infrastructure teams.
-
Use Azure Monitor, Log Analytics, and cost-management tooling to track resource health, utilisation, and spend.
-
Licensing & Cost Control
-
Administer licence assignment across the Microsoft 365 / Azure estate, including group-based licensing where appropriate.
-
Maintain an accurate, evergreen view of licence consumption versus entitlement under the EA and any CSP arrangements; flag over- and under-utilisation.
-
Track Azure consumption against budget and reservation commitments; raise variances to the Head of Technology Service Delivery and Enterprise Architect.
-
Support the annual EA true-up and renewal cycle with data, reconciliation, and recommendations.
-
Security & Compliance Operations
-
Operate Microsoft Defender (Endpoint, Identity, Office 365, Cloud) consoles in coordination with the Cybersecurity team; action alerts within agreed L2 scope and escalate as required.
-
Support the Cybersecurity function with tenant-side configuration changes required by ISMS, audit, or incident-response activity.
-
Maintain hardening baselines for tenant configuration in line with Microsoft Secure Score and CIS benc