// what I do
Service areas.
Six focus areas where I do most of my engagements. Hands-on engineering rather than advisory: I write the scripts, run the migrations, and stay on the line through cutover.
// endpoint management
Intune Deployment and Management
- Device compliance policies for Windows, iOS, Android, macOS
- App protection policies for managed and unmanaged devices
- Autopilot enrollment and zero-touch provisioning
- Windows Update for Business rings and patch management
- Defender for Endpoint integration and baseline policies
// identity and access
Entra ID and Conditional Access
- Conditional Access policy design and implementation
- MFA enforcement and authentication strength policies
- Privileged Identity Management and role assignments
- External identities, guest access, and B2B collaboration
- Break-glass account configuration and monitoring
// email and collaboration
Exchange Online and Email Security
- SPF, DKIM, DMARC configuration and verification
- Anti-phishing, anti-spam, and safe links policies
- Shared mailbox governance and licence optimization
- Mailbox migration from on-premises Exchange
- External forwarding controls and audit logging
// endpoint security
Windows LAPS
- LAPS policy deployment via Intune
- Entra ID LAPS escrow configuration
- Hybrid Entra registration troubleshooting
- Account name compatibility across OS versions
- Post-deployment escrow verification via Graph
// automation
PowerShell and Graph API Automation
- Microsoft Graph PowerShell automation scripts
- Tenant health audit and reporting scripts
- Mailbox storage and quota reporting
- Bulk user and licence management
- Scheduled automation via Azure Automation or Logic Apps
// hybrid infrastructure
Hybrid Entra Environments
- Entra Connect installation and configuration
- Hybrid Entra join troubleshooting and remediation
- Password hash sync and seamless SSO setup
- Staged rollout planning for cloud-only migration
- AD Connect health monitoring and alerting