Microsoft Entra ID SME

About the Role

The Microsoft Entra SME is responsible for designing, implementing, and governing enterprise identity and access management (IAM) solutions using Microsoft Entra ID (Azure AD). The role ensures secure, scalable, and compliant identity services, supporting both human and non‑human identities across cloud and hybrid environments.

Responsibilities

Identity & Access Management

• Design and manage Microsoft Entra ID architecture
• User lifecycle (Joiner–Mover–Leaver)
• Group management (static, dynamic, role-assignable)
• Role-based access control (RBAC)

Authentication & Security

• Multi-Factor Authentication (MFA)
• Conditional Access policies
• Passwordless solutions (FIDO2, Windows Hello)
• Enforce Zero Trust principles
• Monitor and respond to identity-related incidents

Application & Agent Management

• Enterprise Applications
• App registrations (Service Principals)
• Review and control: API permissions
• Admin consent processes

Identity Governance & Compliance

• Access Packages (Entitlement Management)
• Access Reviews
• Privileged Identity Management (PIM)
• Ensure compliance with: CIS, ISO 27001, NIST, internal security policies
• Conduct periodic access and role reviews

Automation & Integration (Good to Have)

• Design and implement automation using: Azure Logic Apps, Power Automate, Microsoft Graph API

Certificate & PKI Integration (Good to Have)

• AD CS (Certificate Authority)
• NDES / SCEP

Operations & Support

• Provide support for identity-related issues: Authentication failures, Sync issues, Group/role assignment issues
• Define and maintain: Operational runbooks, Incident and problem management processes
• Define identity standards and enforce best practices

Qualifications

• Strong hands-on experience with: Microsoft Entra ID (Azure AD), Active Directory (AD DS), Hybrid identity (Entra Connect / Cloud Sync)

Required Skills

• Experience with: Conditional Access, PIM & Access Reviews, App registrations & Enterprise Apps
• Scripting: PowerShell, Microsoft Graph API
• Security & Compliance
• Knowledge of: Zero Trust architecture, Identity security best practices

Preferred Skills

• Strong stakeholder communication (technical & leadership)
• Analytical and problem-solving mindset

Certifications (Preferred)

• Microsoft: SC-300 – Identity and Access Administrator
• AZ-500 – Azure Security Engineer
• Other: IAM / security certifications (CISSP, CISM – optional)