Position Description – Senior Microsoft Modern Workplace & Azure Engineer
This senior, hands‑on engineering role is responsible for the architecture, implementation, uplift, and operational ownership of modern Microsoft environments across Microsoft 365, Azure, Entra ID, and enterprise networking.
As a senior engineer at Tickbox, you will be a technical authority across our Modern Workplace and Azure stack — leading complex customer environments end‑to‑end. This role is a blend of deep technical capability, design leadership, and high‑level troubleshooting across identity, endpoint, cloud, and network layers.
You will operate as a final escalation point, influence engineering standards, lead migrations and security uplift projects, and mentor junior engineers — all while remaining actively hands‑on in the delivery of high‑quality, secure, and reliable solutions.
Tickbox places strong emphasis on team culture, collaboration, and engineering excellence, and this role plays a key part in uplifting capability across the practice.
Core Responsibilities
Microsoft 365 & Modern Workplace Engineering
As a Senior Modern Workplace Engineer at Tickbox, you will own the architecture, automation, integration, and operational excellence of Microsoft 365 environments. This is a deeply technical role requiring strong engineering discipline, security focus, and the ability to design at scale.
Microsoft 365 Architecture & Operations
Architect, implement, and operate modern, secure Microsoft 365 environments across large and complex tenants, including:
Exchange Online: hybrid mail flow, transport rules, compliance, migrations, security hardening.
SharePoint Online & OneDrive: site architecture, lifecycle governance, DLP-driven access controls, B2B/B2C collaboration patterns.
Microsoft Teams: enterprise voice/telephony (Direct Routing/SIP), meeting policies, retention, performance optimisation, and application governance.
Microsoft 365 Apps for Enterprise lifecycle management, update channels, and automation of rollout rings.
Intune, Autopilot & Endpoint Engineering
Lead the full engineering lifecycle for modern endpoint management:
Windows Autopilot (HaaS workflows, white‑glove, hybrid join, zero‑touch onboarding).
Advanced configuration baselines (security baselines, ASR rules, CIS/Microsoft benchmarks).
Application packaging & deployment automation (Win32, LOB apps, dependencies, detection scripts).
Compliance frameworks aligned to Essential Eight, with automated remediation where possible.
Build and maintain device compliance dashboards, remediation scripts, telemetry pipelines, and governance standards ensuring fleet-wide health and security.
Entra ID (Azure AD) Identity Engineering
Own identity architecture across:
Conditional Access strategy (contextual access, step-up auth, session policies).
Authentication standards (MFA, FIDO2, device-bound passkeys, password less rollout).
Privileged Access Management (PIM), Just-In-Time access, break-glass governance.
Identity lifecycle automation using SCIM, Entra ID Governance components, and API‑driven provisioning.
Microsoft 365 Copilot & AI‑Driven Workplace Enablement
You will play a key technical role in enabling and governing Microsoft 365 Copilot, including:
Designing Copilot readiness strategy across:
MIP sensitivity labels
Purview data governance
SharePoint permissions hygiene
Semantic index preparation
Ensuring tenants meet Copilot privacy, security, and data architecture requirements.
Supporting the rollout of Copilot for M365, including:
Plugin/connector integrations
Prompt governance
Security boundaries & access controls
Working with customers to identify workflow automation and productivity uplift opportunities powered by Copilot + Power Platform.
Automation & Engineering Excellence
Automation is a core requirement of this role. You will:
Build and maintain advanced PowerShell tooling for:
Bulk tenant operations
Intune configuration as code
Identity lifecycle automation
Audit, compliance, and reporting
Exchange/SharePoint/Teams administration
Develop automation pipelines using:
PowerShell modules (Graph API, MSOnline, Exchange Online PowerShell v3, Teams PowerShell)
Graph API & Graph SDK
Azure Functions (serverless automation)
DevOps repositories for version-controlled configuration
Implement Configuration-as-Code approaches for:
Intune JSON policies
Conditional Access templates
Entra ID Role/Baseline templates
Automation scripts for security & compliance tasks
Define and maintain engineering playbooks, runbooks, and orchestration patterns for consistent service delivery.
Power Platform (Power Automate / Power Apps / Power BI)
Develop workflow automations that reduce manual handling across:
User onboarding/offboarding
License assignment
Access approvals & governance
Notifications & compliance workflows
Support Copilot Studio and generative AI automation opportunities.
Build lightweight business process applications for customers when aligned to Modern Workplace scope.
Advanced AI, Automation & Digital Productivity Skills
Expertise enabling AI-driven productivity (Microsoft 365 Copilot, Copilot Studio, Graph connectors).
Build custom copilots leveraging internal datasets, Graph APIs, and Microsoft Fabric integrations.
Create enterprise automation workflows using:
Power Automate cloud flows
PowerShell automation modules
Graph API orchestrations
Azure automation/Functions
Design data governance models that ensure Copilot safety, privacy, and access control integrity.
Evaluate new AI capabilities, develop patterns and guardrails, and collaborate with customers on adoption strategies.
Azure Administration & Cloud Integration
Administer and support core Azure services including:
Virtual Networks, NSGs, routing & VPN
Virtual Machines, storage & monitoring
Log Analytics, Sentinel/Defender integrations
Design and troubleshoot secure connectivity across on‑prem, Azure, and SaaS environments.
Contribute to Tickbox's Azure landing zone standards, security posture, and cost optimisation practices.
Networking & Connectivity (Senior Level)
Provide senior‑level engineering support for enterprise networking:
Switching, routing, VLAN design
Wireless infrastructure
Firewall rule design and security hardening
Hands‑on experience expected with: Cisco Meraki and Ubiquiti
Diagnose and resolve complex issues across:
LAN / WAN
Site‑to‑site & client VPN
Cloud‑integrated network paths
Engage with carriers and vendors to manage link performance, outages, escalations, and improvements.
Security & Compliance
Design environments aligned with Essential Eight maturity targets and Microsoft security best practices.
Implement and manage:
Defender for Endpoint, Office 365, Identity
Zero Trust and least‑privilege frameworks
Identify security weaknesses, lead remediation initiatives, and drive continuous security uplift.
Automation & Engineering Maturity
Develop and maintain PowerShell automation for:
Tenant configuration
User/device lifecycle
Compliance/reporting
Drive engineering standardisation and create repeatable, scalable, and maintainable workflows.
Identify process and technology improvements to enhance reliability and reduce operational overhead.
Escalations, Leadership & Delivery
Operate as the final escalation point for Modern Workplace, Azure, identity, and network incidents.
Lead major incident RCA and drive preventative engineering improvements.
Provide clear, confident guidance to customers and internal stakeholders.
Mentor junior engineers, contribute to documentation and engineering playbooks, and uplift team capability.
Essential
5+ years hands‑on Microsoft 365 engineering experience (enterprise or MSP).
Deep expertise with:
Intune & Autopilot
Entra ID
Exchange Online
Microsoft Teams
Strong Azure administration experience with focus on identity, networking, and security.
Solid enterprise networking experience across firewalls, routing, VPN, wireless.
Proven track record delivering complex cloud/hybrid projects end‑to‑end.
High‑level troubleshooting capability across identity, endpoint, cloud, and network layers.
Ability to operate independently in high‑pressure, customer‑facing environments.
Desirable
MSP/multi‑tenant experience.
Exposure to security platforms such as:
Microsoft Defender XDR
Mimecast / Proofpoint
Rapid7
Automation & IaC experience:
PowerShell
Power Automate
Experience contributing to architecture standards or governance frameworks.
Qualifications & Certifications
Preferred (not required but highly regarded):
Microsoft 365 Administrator Expert
Azure Administrator Associate
Identity & Access Administrator Associate
Security‑focused certifications (e.g., SC‑200/300/400)
Real‑world experience is valued highly and can substitute for formal certifications.
Key Attributes
Calm, senior‑level problem solver with a structured approach.
Strong communicator able to simplify complex technical issues.
Ownership mindset — sees issues through to resolution.
Team‑oriented and mentor‑focused.
High standard of documentation and engineering discipline.
Committed to quality engineering, security, and continuous improvement.
Why This Role
Senior engineering position with meaningful impact and influence.
Deep, hands‑on ownership of Microsoft Modern Workplace and Azure environments.
Exposure across Modern Workplace, Azure, networking, and security.
A supportive, collaborative team culture that values learning, professionalism, and engineering excellence.
Work on challenging, high‑value technical problems rather than ticket churn.