Position Description – Senior Microsoft Modern Workplace & Azure Engineer This senior, hands‑on engineering role is responsible for the architecture, implementation, uplift, and operational ownership of modern Microsoft environments across Microsoft 365, Azure, Entra ID, and enterprise networking. As a senior engineer at Tickbox, you will be a technical authority across our Modern Workplace and Azure stack — leading complex customer environments end‑to‑end. This role is a blend of deep technical capability, design leadership, and high‑level troubleshooting across identity, endpoint, cloud, and network layers. You will operate as a final escalation point, influence engineering standards, lead migrations and security uplift projects, and mentor junior engineers — all while remaining actively hands‑on in the delivery of high‑quality, secure, and reliable solutions. Tickbox places strong emphasis on team culture, collaboration, and engineering excellence, and this role plays a key part in uplifting capability across the practice. Core Responsibilities Microsoft 365 & Modern Workplace Engineering As a Senior Modern Workplace Engineer at Tickbox, you will own the architecture, automation, integration, and operational excellence of Microsoft 365 environments. This is a deeply technical role requiring strong engineering discipline, security focus, and the ability to design at scale. Microsoft 365 Architecture & Operations Architect, implement, and operate modern, secure Microsoft 365 environments across large and complex tenants, including: Exchange Online : hybrid mail flow, transport rules, compliance, migrations, security hardening. SharePoint Online & OneDrive : site architecture, lifecycle governance, DLP-driven access controls, B2B/B2C collaboration patterns. Microsoft Teams : enterprise voice/telephony (Direct Routing/SIP), meeting policies, retention, performance optimisation, and application governance. Microsoft 365 Apps for Enterprise lifecycle management, update channels, and automation of rollout rings. Intune, Autopilot & Endpoint Engineering Lead the full engineering lifecycle for modern endpoint management: Windows Autopilot (HaaS workflows, white‑glove, hybrid join, zero‑touch onboarding). Advanced configuration baselines (security baselines, ASR rules, CIS/Microsoft benchmarks). Application packaging & deployment automation (Win32, LOB apps, dependencies, detection scripts). Compliance frameworks aligned to Essential Eight, with automated remediation where possible. Build and maintain device compliance dashboards, remediation scripts, telemetry pipelines, and governance standards ensuring fleet-wide health and security. Entra ID (Azure AD) Identity Engineering Own identity architecture across: Conditional Access strategy (contextual access, step-up auth, session policies). Authentication standards (MFA, FIDO2, device-bound passkeys, password less rollout). Privileged Access Management (PIM), Just-In-Time access, break-glass governance. Identity lifecycle automation using SCIM, Entra ID Governance components, and API‑driven provisioning. Microsoft 365 Copilot & AI‑Driven Workplace Enablement You will play a key technical role in enabling and governing Microsoft 365 Copilot, including: Designing Copilot readiness strategy across: MIP sensitivity labels Purview data governance SharePoint permissions hygiene Semantic index preparation Ensuring tenants meet Copilot privacy, security, and data architecture requirements. Supporting the rollout of Copilot for M365, including: Plugin/connector integrations Prompt governance Security boundaries & access controls Working with customers to identify workflow automation and productivity uplift opportunities powered by Copilot Power Platform. Automation & Engineering Excellence Automation is a core requirement of this role. You will: Build and maintain advanced PowerShell tooling for: Bulk tenant operations Intune configuration as code Identity lifecycle automation Audit, compliance, and reporting Exchange/SharePoint/Teams administration Develop automation pipelines using: PowerShell modules (Graph API, MSOnline, Exchange Online PowerShell v3, Teams PowerShell) Graph API & Graph SDK Azure Functions (serverless automation) DevOps repositories for version-controlled configuration Implement Configuration-as-Code approaches for: Intune JSON policies Conditional Access templates Entra ID Role/Baseline templates Automation scripts for security & compliance tasks Define and maintain engineering playbooks, runbooks, and orchestration patterns for consistent service delivery. Power Platform (Power Automate / Power Apps / Power BI) Develop workflow automations that reduce manual handling across: User onboarding/offboarding License assignment Access approvals & governance Notifications & compliance workflows Support Copilot Studio and generative AI automation opportunities. Build lightweight business process applications for customers when aligned to Modern Workplace scope. Advanced AI, Automation & Digital Productivity Skills Expertise enabling AI-driven productivity (Microsoft 365 Copilot, Copilot Studio, Graph connectors). Build custom copilots leveraging internal datasets, Graph APIs, and Microsoft Fabric integrations. Create enterprise automation workflows using: Power Automate cloud flows PowerShell automation modules Graph API orchestrations Azure automation/Functions Design data governance models that ensure Copilot safety, privacy, and access control integrity. Evaluate new AI capabilities, develop patterns and guardrails, and collaborate with customers on adoption strategies. Azure Administration & Cloud Integration Administer and support core Azure services including: Virtual Networks, NSGs, routing & VPN Virtual Machines, storage & monitoring Log Analytics, Sentinel/Defender integrations Design and troubleshoot secure connectivity across on‑prem, Azure, and SaaS environments. Contribute to Tickbox’s Azure landing zone standards, security posture, and cost optimisation practices. Networking & Connectivity (Senior Level) Provide senior‑level engineering support for enterprise networking: Switching, routing, VLAN design Wireless infrastructure Firewall rule design and security hardening Hands‑on experience expected with: Cisco Meraki and Ubiquiti Diagnose and resolve complex issues across: LAN / WAN Site‑to‑site & client VPN Cloud‑integrated network paths Engage with carriers and vendors to manage link performance, outages, escalations, and improvements. Security & Compliance Design environments aligned with Essential Eight maturity targets and Microsoft security best practices. Implement and manage: Defender for Endpoint, Office 365, Identity Zero Trust and least‑privilege frameworks Identify security weaknesses, lead remediation initiatives, and drive continuous security uplift. Automation & Engineering Maturity Develop and maintain PowerShell automation for: Tenant configuration User/device lifecycle Compliance/reporting Drive engineering standardisation and create repeatable, scalable, and maintainable workflows. Identify process and technology improvements to enhance reliability and reduce operational overhead. Escalations, Leadership & Delivery Operate as the final escalation point for Modern Workplace, Azure, identity, and network incidents. Lead major incident RCA and drive preventative engineering improvements. Provide clear, confident guidance to customers and internal stakeholders. Mentor junior engineers, contribute to documentation and engineering playbooks, and uplift team capability. Essential 5 years hands‑on Microsoft 365 engineering experience (enterprise or MSP). Deep expertise with: Intune & Autopilot Entra ID Exchange Online Microsoft Teams Strong Azure administration experience with focus on identity, networking, and security. Solid enterprise networking experience across firewalls, routing, VPN, wireless. Proven track record delivering complex cloud/hybrid projects end‑to‑end. High‑level troubleshooting capability across identity, endpoint, cloud, and network layers. Ability to operate independently in high‑pressure, customer‑facing environments. Desirable MSP/multi‑tenant experience. Exposure to security platforms such as: Microsoft Defender XDR Mimecast / Proofpoint Rapid7 Automation & IaC experience: PowerShell Power Automate Experience contributing to architecture standards or governance frameworks. Qualifications & Certifications Preferred (not required but highly regarded): Microsoft 365 Administrator Expert Azure Administrator Associate Identity & Access Administrator Associate Security‑focused certifications (e.g., SC‑200/300/400) Real‑world experience is valued highly and can substitute for formal certifications. Key Attributes Calm, senior‑level problem solver with a structured approach. Strong communicator able to simplify complex technical issues. Ownership mindset — sees issues through to resolution. Team‑oriented and mentor‑focused. High standard of documentation and engineering discipline. Committed to quality engineering, security, and continuous improvement. Why This Role Senior engineering position with meaningful impact and influence. Deep, hands‑on ownership of Microsoft Modern Workplace and Azure environments. Exposure across Modern Workplace, Azure, networking, and security. A supportive, collaborative team culture that values learning, professionalism, and engineering excellence. Work on challenging, high‑value technical problems rather than ticket churn.