About the Role
You will support a sophisticated Microsoft 365 ecosystem for one of our US-based clients, covering tenant-wide
administration of Entra ID, Exchange Online, Microsoft Teams, SharePoint Online, OneDrive, Azure Virtual
Desktop (AVD), and Intune — alongside identity governance, email infrastructure, and security operations across
multiple business domains.
You will partner closely with the client's IT leadership and the Parentheses Labs embedded delivery team,
contributing to both day-to-day operations and strategic initiatives within a fortnightly Scrum cadence and
quarterly Program Increment planning model.
At a Glance
Role Microsoft 365 Engineer
Function IT Infrastructure & Cloud Services
Engagement Full-time
Location Kolkata, WB (Hybrid / On-site — to be confirmed)
Working Hours Significant overlap with US Eastern / Central time zones
Reports To IT Infrastructure Lead, Parentheses Labs (dotted-line to client IT
leadership)
Compensation ₹7,00,000 – ₹10,00,000 per annum (commensurate with experience)
Reference PL-M365-ENG-01
What You'll Do
Microsoft 365 Tenant Administration
• Administer the M365 tenant — license assignment, user and group lifecycle, Microsoft 365 Groups,
Distribution Lists, and Shared Mailboxes.
• Operate Exchange Online — mailbox management, mail-flow rules, message trace, quarantine, anti-spam
and anti-phishing policies.
• Administer SharePoint Online and OneDrive — governance, sharing controls, retention policies, and
storage management.
• Configure Microsoft Teams — meeting policies, voice and calling, app management, and tenant-wide
settings.
Identity & Access Management (Entra ID)
• Manage Entra ID users, groups, app registrations, service principals, and enterprise applications.
• Design and maintain Conditional Access, Multi-Factor Authentication, and Identity Protection policies.
• Administer Privileged Identity Management (PIM) and role-based access control.
• Audit and remediate over-permissioned service principals (e.g. Mail.Send, Sites.ReadWrite.All) and apply
least-privilege principles to application scopes.
• Support hybrid identity, Active Directory, and Entra Connect / cloud-sync configurations where applicable.
Azure Virtual Desktop (AVD)
• Operate and maintain a multi-pool AVD estate supporting 50+ concurrent users across Production and
Customer Service Representative (CSR) host pools.
• Manage gold image lifecycle on a monthly cadence, including application packaging and FSLogix profile
containers.
• Troubleshoot session-host performance, login issues, and end-user experience problems.
• Coordinate application deployments and rollouts on session hosts with infrastructure and application
teams.
Intune & Endpoint Management
• Administer Intune for Windows, iOS, and iPadOS devices.
• Build and maintain configuration profiles, compliance policies, and Conditional Access integrations.
• Manage Windows Autopilot enrollment, application deployment, and PowerShell script deployments.
• Support BYOD and corporate-owned enrollment scenarios, remote actions, lost-device handling, and
BitLocker key recovery.
Email Infrastructure & DNS
• Manage SPF, DKIM, and DMARC records across multiple business domains.
• Coordinate DNS changes through external registrars (e.g. easyDNS, Cloudflare, GoDaddy) under defined
governance procedures.
• Investigate mail-flow issues, sender authentication failures, and email security incidents.
• Support domain onboarding, mailbox migrations, and tenant changes.
Security & Compliance
• Operate Microsoft Defender for Office 365 (and Defender for Endpoint where in scope).
• Review sign-in logs, audit logs, and unified audit data for incident investigation.
• Implement and tune Data Loss Prevention (DLP), retention, and information-protection policies.
• Partner with security and governance stakeholders on risk remediation and audit readiness.
Automation, Documentation & Support
• Build and maintain PowerShell and Microsoft Graph automations for routine administrative tasks.
• Maintain runbooks, configuration baselines, and change documentation.
• Support ITSM workflows in tools such as SolarWinds, ServiceNow, or equivalent.
• Participate in fortnightly sprint cadence, quarterly PI planning, and monthly reporting cycles.
What We're Looking For
Required
• 4–6 years of hands-on Microsoft 365 administration in a mid-to-large enterprise environment, ideally
serving a US client.
• Strong working knowledge of Entra ID — Conditional Access, MFA, app registrations, service principals,
and Privileged Identity Management.
• Proven Exchange Online experience — mail flow, message trace, and email authentication (SPF, DKIM,
DMARC).
• Hands-on Azure Virtual Desktop experience — host pools, session hosts, image management, and FSLogix.
• Working knowledge of Intune for Windows, iOS, and iPadOS — Autopilot, compliance, configuration
profiles, and application deployment.
• Practical SharePoint Online, OneDrive, and Microsoft Teams administration.
• Proficiency in PowerShell for M365 administration and the Microsoft Graph API.
• Familiarity with DNS administration, including external DNS providers.
• Fluent written and spoken English; comfortable engaging directly with US-based stakeholders.
• Willingness to work hours that significantly overlap with US Eastern and Central time zones.
Nice to Have
• Microsoft certifications: MS-102 (Microsoft 365 Administrator Expert), AZ-104 (Azure Administrator), AZ-
500 (Azure Security Engineer), or AZ-140 (AVD Specialty).
• Experience with Microsoft Defender for Office 365 and Defender for Cloud Apps.
• Exposure to contact-centre platforms (8x8, Five9, Genesys) or field-service platforms such as ServiceTitan.
• Hybrid identity, Active Directory, and Entra Connect experience.
• M365 backup and disaster-recovery tooling (Veeam, AvePoint, or similar).
• Experience working in Agile / Scrum delivery models with quarterly PI planning.
What We Offer
• Compensation: ₹7,00,000 – ₹10,00,000 per annum, commensurate with experience and certifications.
• Direct exposure to a live US enterprise M365 estate — Entra ID, AVD, Intune, and Defender at production
scale.
• Structured Agile delivery with fortnightly Scrum and quarterly PI planning — clear cadence, predictable
rhythm.
• Hybrid working model out of Kolkata, with overlap to US Eastern / Central hours.
• Certification support for Microsoft role-based credentials (MS-102, AZ-104, AZ-500, AZ-140).
• Embedded delivery team model — work alongside client IT leadership, not at arm's length