Azure Active Directory Consultant

We are looking for an

Azure Active Directory (Microsoft Entra ID) Consultant

to assess, design, implement, and optimize identity solutions across cloud and hybrid environments. You will help modernize authentication, strengthen security posture (Zero Trust), enable seamless access (SSO), and implement identity governance controls—while improving user experience and operational efficiency. This role requires strong hands-on expertise with

Entra ID ,

Conditional Access ,

MFA/passwordless ,

hybrid identity , and enterprise application integrations, along with solid troubleshooting and stakeholder communication skills. Key Responsibilities Identity Architecture & Strategy Assess current identity and authentication landscape (cloud and on-prem) and produce a

target-state identity architecture . Design secure and scalable identity patterns aligned with

Zero Trust , least privilege, and compliance requirements. Create and maintain IAM standards: naming conventions, tenant governance, role assignment strategy, and operational runbooks. Entra ID (Azure AD) Implementation & Operations Configure and optimize: Conditional Access

policies (risk-based, device-based, location-based, app-based) MFA / Passwordless

(FIDO2, Microsoft Authenticator, Windows Hello for Business) Self-Service Password Reset (SSPR) Identity Protection

(user risk/sign-in risk policies) Implement

Privileged Identity Management (PIM) , including just-in-time role activation, approval flows, and access reviews. Establish secure tenant administration practices (break-glass accounts, admin restrictions, privileged access workflows). Hybrid Identity & Directory Integration Plan, deploy, and support hybrid identity solutions: Entra Connect (Azure AD Connect)

and/or

Cloud Sync Authentication methods:

Password Hash Sync ,

Pass-through Authentication , federation support as needed Support device identity scenarios: Entra ID Join / Hybrid Entra ID Join Integration considerations with

Intune

and compliance-based access SSO & Enterprise Application Integrations Onboard SaaS and custom apps into Entra ID: SSO using

SAML 2.0, OAuth 2.0, OpenID Connect User provisioning using

SCIM App registrations, API permissions, consent governance, claims mapping, certificate management Troubleshoot authentication/authorization issues (token/claims, CA policy evaluation, provisioning failures). Identity Governance & Lifecycle Management Implement identity lifecycle controls: Joiner/Mover/Leaver processes Group-based licensing and dynamic groups Access Reviews , Entitlement Management (where applicable) Support external collaboration: B2B guest access , cross-tenant access settings, collaboration controls Monitoring, Security, and Continuous Improvement Configure and leverage Entra logs: Sign-in logs, audit logs, provisioning logs Integrate with monitoring/SIEM platforms (e.g.,

Microsoft Sentinel , Log Analytics) where applicable. Recommend and implement improvements to reduce risk, improve usability, and streamline operations. Documentation & Knowledge Transfer Produce high-quality deliverables: Architecture diagrams, policy matrix, migration plans, configuration baselines, runbooks Train IT teams and helpdesk on operational procedures and troubleshooting. Required Qualifications 6+ years of hands-on experience with

Microsoft Entra ID (Azure AD)

in production environments. Strong experience with

Conditional Access ,

MFA ,

SSPR , and secure access design. Experience integrating applications using

SAML/OIDC/OAuth

and provisioning (SCIM). Hybrid identity experience with

Entra Connect / Cloud Sync

and understanding of on-prem AD concepts. Strong troubleshooting skills across authentication flows, token claims, device compliance access, and SSO failures. Working knowledge of security principles (least privilege, Zero Trust, risk-based access, identity governance). Technical Skills (Hands-on) Microsoft Entra ID / Azure AD tenant configuration and governance Conditional Access policy design & rollout strategy (pilot → phased rollout → enforcement) PIM, RBAC, administrative units, privileged role hardening Identity logs and reporting (Entra logs, Log Analytics) Scripting/automation: PowerShell Microsoft Graph API

(and Graph PowerShell modules) Microsoft 365 identity integration (Exchange Online, SharePoint, Teams) and Azure subscription access patterns