×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity IT Support Systems Engineer Cloud Computing

Microsoft 365 Engineer

Job in Jacksonville, Duval County, Florida, 32290, USA
Listing for: APR Energy
Full Time position
Listed on 2025-11-25
Job specializations:
  • IT/Tech
    Cybersecurity, IT Support, Systems Engineer, Cloud Computing
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

1 day ago Be among the first 25 applicants

This range is provided by APR Energy. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

$/yr - $/yr

Location: On Site in our Jacksonville, FL Headquarters

Reports To: IT Infrastructure Manager / Director of IT

Experience: 7+ years professional IT; 5+ years hands‑on with Microsoft 365/Entra /Intune in enterprise settings

Position Summary

The Microsoft 365 Engineer is the primary administrator and service owner for our Microsoft cloud stack. You will design, deploy, secure, and operate Microsoft 365 (Exchange Online, SharePoint, One Drive, Teams), Intune/Endpoint Manager, and Entra  (Azure AD) with strong emphasis on Conditional Access, MFA, device compliance, and identity governance. You’ll partner with infrastructure/networking (Cisco ASAv, Meraki), datacenter, and applications teams to deliver a resilient, compliant, and cost‑effective service.

What

You’ll Own (Core Responsibilities) Tenant Architecture & Identity (Entra )
  • Design and run the target Microsoft 365 tenant (greenfield or separated), including domain and DNS cutover, directory topology, and identity lifecycle.
  • Implement Conditional Access (per‑user/per‑app/per‑device), MFA, Named Locations (including VPN egress IPs and HQ/DC public ranges), risk‑based policies, and break‑glass controls.
  • Deploy and maintain Entra Connect (Cloud Sync/AAD Connect) as needed; plan for hybrid to cloud‑only identity transitions where appropriate.
  • Stand up PIM (Privileged Identity Management), access reviews, entitlement management, and least‑privilege admin RBAC across workloads.
  • Govern B2B/B2C/guest access and external collaboration settings with clear guardrails.
Endpoint Management with Intune (Windows/iOS/Android/macOS)
  • Lead Intune architecture: device compliance, configuration profiles, security baselines, Bit Locker escrow, WUfB/feature update rings, Autopatch (where applicable), and Autopilot provisioning.
  • Build a scalable application packaging program (Win
    32, LOB, MSIX), pilot rings, rollback plans, and secure app protection policies (MAM).
  • Migrate GPOs to Intune policy equivalents; rationalize legacy builds and drive modern management adoption.
  • Establish gold images/profiles, device naming, asset tagging, and lifecycle processes.
Collaboration & Data Protection (Exchange/Teams/SharePoint/One Drive + Purview)
  • Plan and execute cross‑tenant migrations (mailboxes, Teams, SharePoint sites, One Drive) with coexistence strategies (free/busy, guest access, shared channels).
  • Implement Microsoft Purview: sensitivity labels, DLP, retention/records, insider risk (as needed), and eDiscovery (Standard/Premium) processes.
  • Define Teams/SharePoint information architecture and governance (naming, lifecycle, external sharing, sprawl control).
Threat Protection & Operations (Defender XDR + Sentinel optional)
  • Operate and tune Microsoft Defender XDR (Endpoint/Identity/Office/Cloud Apps) and leverage Advanced Hunting (KQL) for detection/response.
  • Integrate with SIEM (Microsoft Sentinel or existing), define alert routing/runbooks, and lead incident response for Microsoft 365 scope.
  • Build dashboards/SLOs for patch compliance, device posture, CA/MFA effectiveness, and threat metrics.
Integration & Network Awareness (Coordinate with ASA/Meraki/Datacenter)
  • Coordinate with network teams on VPN/IP allow lists, Named Locations, split‑tunnel considerations, and service endpoints impacting Conditional Access and Microsoft 365 reliability.
  • Support secure connectivity models across HQ, Datacenter, and new racks; ensure cloud posture reflects changing ISP/public IPs and DMZ patterns.
  • Align Autopilot/Intune content delivery with network design to avoid hair pinning and optimize end‑user experience.
Automation, Cost & Governance
  • Automate admin at scale with Power Shell and Microsoft Graph API (configuration‑as‑code for Intune/M365 where feasible).
  • Optimize licensing (E3/E5 add‑ons), storage, and service plans for cost control and best value.
  • Author SOPs/runbooks, DR/BCP playbooks, and admin guardrails; train IT and power users.
Seniority level

Mid‑Senior level

Employment type

Full‑time

Job function

Information Technology

Referrals increase your chances of interviewing at APR Energy by 2x

Apply BELOW

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search