M365 Engineer

The CompanySTACK INFRASTRUCTURE (STACK) provides digital infrastructure to scale the world’s most innovative companies. We are an award-winning industry leader in building, owning, and operating highly efficient, cost-effective wholesale, colocation, and cloud data centers. Each of our national facilities meets or exceeds the highest industry standards in all operational categories of availability, security, connectivity, and physical resilience.STACK offers the scale and geographic reach that rapidly growing hyperscale and enterprise companies need. The world runs on data. Data runs on STACK.The PositionWe are seeking a highly skilled and experienced Microsoft 365 Engineer/Administrator to own and operate our enterprise M365 platform across a global, multi-region environment. This role is responsible for the full lifecycle management of Exchange Online, Microsoft Teams, SharePoint Online, Azure Active Directory (Entra ID), Microsoft Intune, and related cloud services. The ideal candidate brings deep technical expertise across the M365 ecosystem alongside a strong operational mindset focused on security, compliance, automation, and end-user experience.ResponsibilitiesThis position will partner closely with Security, Compliance, Infrastructure, Application, and End User Computing teams to deliver a secure, well-governed, and modern digital workplace. The Senior M365 Engineer will drive platform optimization, lead governance initiatives, and serve as the subject matter expert for all M365-related technologies, tooling, and integrations. Responsibilities include, but are not limited to:Microsoft 365 Platform AdministrationServe as the primary administrator for the Microsoft 365 tenant, managing Exchange Online, SharePoint Online, Microsoft Teams, OneDrive for Business, and the broader M365 suite across global operations (Americas, EMEA, APAC).Configure, maintain, and optimize Azure Active Directory (Entra ID), including user lifecycle management, conditional access policies, authentication methods, and role-based access controls.Design and implement M365 governance frameworks encompassing sensitivity labels, Data Loss Prevention (DLP) policies, retention policies, and Microsoft Purview compliance controls.Manage Microsoft Teams administration, including policies, voice/telephony configurations, guest access, and Teams app governance.Administer SharePoint Online site collections, hub sites, permissions architecture, and storage management; diagnose and remediate unique permissions threshold issues.Security, Compliance, and Email ProtectionManage email security stack including Exchange Online Protection (EOP), Microsoft Defender for Office 365, anti-phishing/anti-spam policies, DKIM, DMARC, and SPF configurations.Administer and enforce DLP, information barriers, eDiscovery, and audit logging in alignment with regulatory and corporate compliance requirements.Support IT SOX compliance controls, COBIT 2019, and NIST SP 800-53 frameworks as they relate to M365 platform security and data protection.Monitor, investigate, and respond to security incidents and alerts within the M365 Defender portal and Azure Security Center.Implement and manage Conditional Access policies and Zero Trust security principles across the M365 ecosystem.Endpoint Management and End User Computing (EUC)Administer Microsoft Intune for Mobile Application Management (MAM) and Mobile Device Management (MDM) across Windows, macOS, iOS, and Android platforms.Design, deploy, and maintain Windows Autopilot and Kandji (macOS) enrollment profiles, compliance policies, and configuration profiles for global end-user device fleets.Manage Patch My PC integration with Intune for automated third-party application patching across Windows endpoints.Support end-to-end End User Computing (EUC) lifecycle, including device provisioning, image management, application packaging, and hardware refresh planning for both Mac and Windows environments.Implement and manage temporary local admin elevation solutions (e.g., Admin by Request) integrated with Entra ID and ITSM workflows.Identity, SSO, and Directory ServicesDesign and manage enterprise Single Sign-On (SSO) integrations with SaaS and on-premises applications via Entra ID Enterprise Applications and SAML/OIDC protocols.Implement and maintain SCIM (System for Cross-domain Identity Management) provisioning for automated user lifecycle management across connected applications.Administer on-premises Active Directory, Azure AD Connect / Cloud Sync, and hybrid identity configurations.Manage DNS, domain registration, and domain administration across corporate domains tied to the M365 tenant.Maintain and optimize Entra ID governance features including access reviews, Privileged Identity Management (PIM), and entitlement management.Azure and Cloud InfrastructureSupport Azure cloud infrastructure components that underpin or integrate with the M365 platform, including Azure Virtual Networks, Azure App Services, and Azure Storage.Collaborate with architecture teams on Azure-based solutions such as AI Search, Azure AI Foundry, Cosmos DB, and Databricks integrations as needed.Manage Azure subscriptions, resource groups, cost management, and tagging strategies relevant to M365-adjacent workloads.Implement and maintain Azure Monitor, Log Analytics, and alerting for M365 and Azure service health.Automation, ITSM, and Operational ExcellenceDevelop and maintain PowerShell scripts and automation workflows using PnP. PowerShell, Microsoft Graph API, Exchange Online Management, and Azure PowerShell modules.Partner with the ITSM team to integrate M365 services with FreshService (or equivalent ITSM platform) for change management, incident management, and service catalog workflows.Create and maintain technical documentation, runbooks, SOPs, and knowledge base articles for M365 administration and support procedures.Provide Tier 2/Tier 3 support for M365-related incidents and service requests, collaborating with global support teams and Microsoft Premier Support.Participate in Change Advisory Board (CAB) processes for M365 platform changes, including pre-approved, standard, and emergency change types.Monitor M365 service health, plan for capacity, and lead platform upgrades, feature rollouts, and license optimization initiatives.The DetailsLocation: Denver, COTravel: Up to 30%Benefits: Healthcare, Dental Care, Vision Insurance, Life Insurance, Paid Time Off, and Paid Leave ProgramsMust be eligible to work in the United StatesMust pass comprehensive background and drug screeningMust-have QualificationsBachelor’s degree in Information Technology, Computer Science, or a related field; or equivalent professional experience.7+ years of progressive experience in Microsoft 365 administration and enterprise IT, with at least 3 years in a senior or lead capacity.Deep expertise across Exchange Online, SharePoint Online, Microsoft Teams, Intune, Entra ID (Azure AD), and Microsoft Purview.Strong proficiency with PowerShell scripting for M365 automation (PnP, PowerShell, Microsoft Graph, EXO module).Hands-on experience with Intune MDM/MAM, Windows Autopilot, macOS management (Kandji or JAMF), and Patch My PC.Demonstrated experience implementing enterprise SSO (SAML/OIDC), SCIM provisioning, and hybrid identity architectures.Solid understanding of email security (EOP, Defender for O365, DKIM/DMARC/SPF) and Zero Trust security frameworks.Experience with Azure cloud services (subscriptions, networking, monitoring) and familiarity with Azure AI/data services are a plus.Knowledge of ITSM frameworks (ITIL) and experience with tools such as FreshService, ServiceNow, or equivalent.Excellent communication skills with the ability to produce executive-ready documentation and present to senior leadershipCompensation Range$128,260.00 - $144,933.80This Might Be Right For You IfYou are a strong communicator, you are persuasive and clear, blending analytics with experience in decision-making.You do not get flustered easily. You can juggle multiple priorities while balancing urgent requests with shifting timelines and deliverables.You are a team builder. You take the time to understand and develop the strengths of your resources while formulating long-term plans for the growth and success of the team.You are naturally curious and driven toward continual improvement. While you celebrate your successes, you take time to review and analyze campaigns for future learning.WHY STACK?We offer a competitive compensation package with strong benefits, including medical, dental, and vision insurance, a 401K program, flexible spending accounts – even a cell phone subsidy.We foster a culture of appreciation, including peer-to-peer recognition and rewards programs.Fun is part of our DNA, with events, game nights, happy hours, and barbecues.We’re growing – this is a great time to join and make an impact!STACK is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity and expression, age, national origin, mental or physical disability, genetic information, veteran status, or any other status protected by federal, state, or local law Note to external agencies: We are not accepting any blind submissions or resumes/cvs from recruitment agencies. Any candidates sent to STACK Infrastructure, Inc. will not be accepted or considered as a submission without a signed agreement in place. Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired; such resumes will be deemed the sole property of STACK Infrastructure, Inc.