Azure Active Directory Consultant

Azure Active Directory (Microsoft Entra ID) Consultant

Entra ID

Key Responsibilities

Identity Architecture & Strategy

• Assess current identity and authentication landscape (cloud and on-prem) and produce a

  target-state identity architecture

  .
• Design secure and scalable identity patterns aligned with

  Zero Trust

  , least privilege, and compliance requirements.
• Create and maintain IAM standards: naming conventions, tenant governance, role assignment strategy, and operational runbooks.

Entra ID (Azure AD) Implementation & Operations

• Configure and optimize:

• Conditional Access

  policies (risk-based, device-based, location-based, app-based)

• MFA / Passwordless

  (FIDO2, Microsoft Authenticator, Windows Hello for Business)

• Self-Service Password Reset (SSPR)

• Identity Protection

  (user risk/sign-in risk policies)
• Implement

  Privileged Identity Management (PIM)

  , including just-in-time role activation, approval flows, and access reviews.
• Establish secure tenant administration practices (break-glass accounts, admin restrictions, privileged access workflows).

Hybrid Identity & Directory Integration

• Plan, deploy, and support hybrid identity solutions:

• Entra Connect (Azure AD Connect)

  and/or

  Cloud Sync

• Authentication methods:

  Password Hash Sync

  ,

  Pass-through Authentication

  , federation support as needed
• Support device identity scenarios:

• Entra ID Join / Hybrid Entra ID Join

• Integration considerations with

  Intune

  and compliance-based access

SSO & Enterprise Application Integrations

• Onboard SaaS and custom apps into Entra ID:
• SSO using

  SAML 2.0, OAuth 2.0, OpenID Connect

• User provisioning using

  SCIM

• App registrations, API permissions, consent governance, claims mapping, certificate management
• Troubleshoot authentication/authorization issues (token/claims, CA policy evaluation, provisioning failures).

Identity Governance & Lifecycle Management

• Implement identity lifecycle controls:
• Joiner/Mover/Leaver processes
• Group-based licensing and dynamic groups

• Access Reviews

  , Entitlement Management (where applicable)
• Support external collaboration:

• B2B guest access

  , cross-tenant access settings, collaboration controls

Monitoring, Security, and Continuous Improvement

• Configure and leverage Entra logs:
• Sign-in logs, audit logs, provisioning logs
• Integrate with monitoring/SIEM platforms (e.g.,

  Microsoft Sentinel

  , Log Analytics) where applicable.
• Recommend and implement improvements to reduce risk, improve usability, and streamline operations.

Documentation & Knowledge Transfer

• Produce high-quality deliverables:
• Architecture diagrams, policy matrix, migration plans, configuration baselines, runbooks
• Train IT teams and helpdesk on operational procedures and troubleshooting.

Required Qualifications

• 6+ years of hands-on experience with

  Microsoft Entra ID (Azure AD)

  in production environments.
• Strong experience with

  Conditional Access

  ,

  MFA

  ,

  SSPR

  , and secure access design.
• Experience integrating applications using

  SAML/OIDC/OAuth

  and provisioning (SCIM).
• Hybrid identity experience with

  Entra Connect / Cloud Sync

  and understanding of on-prem AD concepts.
• Strong troubleshooting skills across authentication flows, token claims, device compliance access, and SSO failures.
• Working knowledge of security principles (least privilege, Zero Trust, risk-based access, identity governance).

Technical Skills (Hands-on)

• Microsoft Entra ID / Azure AD tenant configuration and governance
• Conditional Access policy design & rollout strategy (pilot → phased rollout → enforcement)
• PIM, RBAC, administrative units, privileged role hardening
• Identity logs and reporting (Entra logs, Log Analytics)
• Scripting/automation:

• PowerShell

• Microsoft Graph API

  (and Graph PowerShell modules)
• Microsoft 365 identity integration (Exchange Online, SharePoint, Teams) and Azure subscription access patterns