Job Title

We are looking for an Azure Active Directory (Microsoft Entra ID) Consultant to assess, design, implement, and optimize identity solutions across cloud and hybrid environments. You will help modernize authentication, strengthen security posture (Zero Trust), enable seamless access (SSO), and implement identity governance controls—while improving user experience and operational efficiency.This role requires strong hands-on expertise with Entra ID, Conditional Access, MFA/passwordless, hybrid identity, and enterprise application integrations, along with solid troubleshooting and stakeholder communication skills.Key ResponsibilitiesIdentity Architecture & StrategyAssess current identity and authentication landscape (cloud and on-prem) and produce a target-state identity architecture.Design secure and scalable identity patterns aligned with Zero Trust, least privilege, and compliance requirements.Create and maintain IAM standards: naming conventions, tenant governance, role assignment strategy, and operational runbooks.Entra ID (Azure AD) Implementation & OperationsConfigure and optimize:Conditional Access policies (risk-based, device-based, location-based, app-based)MFA / Passwordless (FIDO2, Microsoft Authenticator, Windows Hello for Business)Self-Service Password Reset (SSPR)Identity Protection (user risk/sign-in risk policies)Implement Privileged Identity Management (PIM), including just-in-time role activation, approval flows, and access reviews.Establish secure tenant administration practices (break-glass accounts, admin restrictions, privileged access workflows).Hybrid Identity & Directory IntegrationPlan, deploy, and support hybrid identity solutions:Entra Connect (Azure AD Connect) and/or Cloud SyncAuthentication methods: Password Hash Sync, Pass-through Authentication, federation support as neededSupport device identity scenarios:Entra ID Join / Hybrid Entra ID JoinIntegration considerations with Intune and compliance-based accessSSO & Enterprise Application IntegrationsOnboard SaaS and custom apps into Entra ID:SSO using SAML 2.0, OAuth 2.0, OpenID ConnectUser provisioning using SCIMApp registrations, API permissions, consent governance, claims mapping, certificate managementTroubleshoot authentication/authorization issues (token/claims, CA policy evaluation, provisioning failures).Identity Governance & Lifecycle ManagementImplement identity lifecycle controls:Joiner/Mover/Leaver processesGroup-based licensing and dynamic groupsAccess Reviews, Entitlement Management (where applicable)Support external collaboration:B2B guest access, cross-tenant access settings, collaboration controlsMonitoring, Security, and Continuous ImprovementConfigure and leverage Entra logs:Sign-in logs, audit logs, provisioning logsIntegrate with monitoring/SIEM platforms (e.g., Microsoft Sentinel, Log Analytics) where applicable.Recommend and implement improvements to reduce risk, improve usability, and streamline operations.Documentation & Knowledge TransferProduce high-quality deliverables:Architecture diagrams, policy matrix, migration plans, configuration baselines, runbooksTrain IT teams and helpdesk on operational procedures and troubleshooting.Required Qualifications6+ years of hands-on experience with Microsoft Entra ID (Azure AD) in production environments.Strong experience with Conditional Access, MFA, SSPR, and secure access design.Experience integrating applications using SAML/OIDC/OAuth and provisioning (SCIM).Hybrid identity experience with Entra Connect / Cloud Sync and understanding of on-prem AD concepts.Strong troubleshooting skills across authentication flows, token claims, device compliance access, and SSO failures.Working knowledge of security principles (least privilege, Zero Trust, risk-based access, identity governance).Technical Skills (Hands-on)Microsoft Entra ID / Azure AD tenant configuration and governanceConditional Access policy design & rollout strategy (pilot → phased rollout → enforcement)PIM, RBAC, administrative units, privileged role hardeningIdentity logs and reporting (Entra logs, Log Analytics)Scripting/automation:PowerShellMicrosoft Graph API (and Graph PowerShell modules)Microsoft 365 identity integration (Exchange Online, SharePoint, Teams) and Azure subscription access patterns