Job Description
Job Description L3 / M365 Architect (Exchange / Identity / Security & Governance)
Role Overview
The M365 Architect is responsible for end-to-end design, ownership, and optimization of Microsoft 365 services, including:
- Exchange Online & Exchange On-Prem (Hybrid)
- Microsoft Teams, SharePoint Online, OneDrive
- Azure AD / Entra ID (Identity & Access)
- M365 Security & Compliance (Defender, Conditional Access, DLP)
This role acts as the highest technical authority (L3/L4), driving hybrid architecture, security posture, governance, and platform stability across the enterprise.
Key Responsibilities
M365 Architecture & Strategy
- Define and own M365 architecture across:
- Exchange (Online + Hybrid)
- Identity (Entra ID)
- Collaboration (Teams, SharePoint, OneDrive)
- Drive cloud-first and hybrid optimization strategies
- Design scalable, secure, and resilient solutions
Exchange Hybrid Architecture (Core)
- Design and manage:
- Hybrid Exchange architecture (on-prem Exchange Online)
- Mail flow design (connectors, routing, failover)
- Lead:
- Mailbox migrations (on-prem to cloud)
- Decommissioning of legacy Exchange (where applicable)
- Ensure high availability and seamless coexistence
Mail Flow & Advanced Troubleshooting
- Architect and troubleshoot:
- Complex mail flow scenarios
- SMTP relay configurations
- Transport rules and connectors
- Handle critical issues:
- Mail delays/outages
- NDR patterns
- Work with Microsoft support for deep-level issues
Identity & Access Architecture (Entra ID)
- Design and implement:
- Identity models (hybrid, cloud-only)
- Azure AD Connect / Entra Connect sync
- Manage:
- Conditional Access policies
- MFA strategies
- SSO integrations
- Ensure secure identity lifecycle management
Security & Compliance (Critical Area)
- Design and enforce:
- Microsoft Defender for Office 365 (email security)
- Data Loss Prevention (DLP)
- Retention and compliance policies
- Align M365 environment with:
- Security standards
- Audit and regulatory requirements
- Handle advanced threat scenarios (phishing, spoofing, etc.)
Collaboration Platform Architecture
- Optimize:
- Microsoft Teams (meetings, calling, policies)
- SharePoint Online & OneDrive (data governance, sharing controls)
- Define governance for:
- External sharing
- Data access and lifecycle
Automation & Engineering
- Lead automation using:
- PowerShell (mandatory)
- Graph API (strong advantage)
- Automate:
- User lifecycle management
- Mailbox provisioning
- Reporting and compliance checks
- Reduce manual operations significantly
Monitoring, Reporting & Optimization
- Define KPIs for:
- Mail flow performance
- Identity security posture
- Service availability
- Build dashboards and reports
- Identify and eliminate recurring issues
Incident Leadership & Escalation
- Act as final escalation point (L3/L4) for:
- Mail flow outages
- Identity/authentication failures
- Security incidents
- Lead Major Incident calls (MIM)
- Provide structured RCA and preventive actions
Governance & Compliance
- Define governance frameworks for:
- M365 usage
- Security policies
- Data protection
- Ensure audit readiness at all times
- Support internal/external audits
Stakeholder & Client Management
- Act as technical SME for M365 discussions with client
- Present:
- Architecture designs
- Security posture
- Improvement roadmap
- Translate technical risks into business impact
Required Skills & Qualifications
Technical Expertise (Non-Negotiable)
- Deep hands-on experience in:
- Exchange Online & Exchange Hybrid architecture
- Azure AD / Entra ID (identity & access management)
- Strong expertise in:
- Mail flow design and troubleshooting
- Teams, SharePoint Online, OneDrive
Security & Compliance
- Strong experience in:
- Microsoft Defender for Office 365
- Conditional Access & MFA
- DLP, retention, and compliance policies
Automation & Tools
- Strong scripting:
- PowerShell (mandatory)
- Graph API (preferred)
- Experience with:
- M365 admin tools and reporting
Process & Governance
- Strong ITIL knowledge:
- Incident, Problem, Change Management
- Experience in:
- CAB discussions
- RCA reviews
- Security governance
Leadership Skills
- Strong decision-making during critical incidents
- Ability to lead technical discussions confidently
- Mentoring L1/L2 teams
- Ability to challenge and improve architecture
Experience & Education
- 812+ years of experience in M365 / Exchange / Identity
- 35 years in L3 / Architect role
- Bachelor's degree in IT or related field
- Certifications (strong advantage):
- Microsoft 365 Administrator (MS-102)
- Azure Administrator (AZ-104)
- Security certifications (SC-200 / SC-300)
Qualifications
Graduation
Range Of Year Experience-Min Year
8
Range Of Year Experience-Max Year
12
