Microsoft Entra ID Active Directory

Role & responsibilities:

Active Directory Migration Tool (ADMT): Expert-level, hands-on experience with ADMT, including the configuration of the Password Export Server (PES) and understanding the nuances of SID History migration.

PowerShell Scripting: Advanced proficiency in PowerShell for Active Directory automation, including discovery, reporting, and performing bulk object moves.

Active Directory Infrastructure: Deep knowledge of Active Directory, DNS, and GPO architecture. The candidate must be able to design and troubleshoot forest trusts, conditional forwarders, and Group Policy application logic.

Network and Application Remediation: Experience in identifying and remediating application dependencies (Exchange, SharePoint, application systems, MFA, SSO, etc..) after a domain migration, including re-pointing hard-coded references and updating service accounts.

Kerberos and Authentication: A solid understanding of Kerberos authentication, service principal names (SPNs), and how they are affected during a domain consolidation.

Application Protocol: Confirm the SSO protocol supported by the application (e.g., SAML 2.0, OAuth 2.0, or OpenID Connect (OIDC))

Determine if automated user provisioning (SCIM) is required to create, update, and de provision user accounts in the application automatically User Groups & Access: Identify the specific security groups in Microsoft Entra ID that will be used to grant users access to the application.

Pilot Access Package: o Create Catalogs: Create a new catalog in Entra ID to contain all SharePoint related resources and access packages. This provides a clear administrative boundary. o Configure Connected Organizations: If external employees need access, the contractor must configure connected organizations to represent those partners. o Create Access Packages: Create an access package for each SharePoint site or set of sites. Each package will include:

Resources: The SharePoint site as a resource. Resource Roles: The specific permission level (e.g., "Members" or "Visitors").

Policies: The access rules, including approval workflow, expiration settings, and allowed users. o Configure Request and Approval Policies: For each access package, configure policies that define who can request access, who must approve the request (e.g., a manager or a site owner), and the duration of access

Preferred candidate profile:

Microsoft Entra ID Expertise: Extensive, hands-on experience with Microsoft Entra ID, specifically with entitlement management, governance, and access reviews.

PowerShell Scripting: Proficiency in PowerShell for managing Entra ID resources, automating tasks, and reporting on access package assignments.

SharePoint and Microsoft 365: A solid understanding of SharePoint Online permission models (groups, roles, and classic permissions).

Conditional Access Policies: Familiarity with Conditional Access Policies to enforce security requirements such as multi-factor authentication (MFA) for access package requests.

API and Graph API: Familiarity with the Microsoft Graph API for advanced configurations, data retrieval, and automation.