{bc}
linkedin

Microsoft 365 & Azure Administrator (L2)

Gargash Group
Dubai, UAE
Fulltime
Mid-Senior
1 months ago
Office ManagementSchedulingCommunicationData EntryFiling SystemsMicrosoft Office Suite (Word
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

Office ManagementSchedulingCommunication
Smart Apply

Full Job Posting

Job Overview

This is a hands-on technical role within Gargash Group Technology (GGT), responsible for the day-to-day administration, operational stability, and security posture of the Group’s Microsoft 365 tenant and Microsoft Azure environment

.The Group’s productivity, collaboration, and an increasing share of its application estate run on Microsoft cloud services.

This role exists to ensure the tenant and cloud environment are administered to a professional standard — secure by default, licensed correctly, fully documented, and aligned with Group security and compliance requirements

.The role holder sits within the Technology Service Delivery pillar and works closely with Cybersecurity, Risk & Governance, Applications, and Enterprise Architecture.

This is a second-line (L2) role: the holder owns operational administration, configuration changes, and incident resolution beyond what the service desk handles, and works with the Enterprise Architect and pillar lead on architectural and strategic decisions

.

Microsoft 365 Administration

  • Administer the Microsoft 365 tenant on a day-to-day basis, including Exchange Online (mailboxes, distribution lists, mail flow, transport rules), SharePoint and OneDrive (sites, sharing policies, retention), and Microsoft Teams (teams, channels, policies, voice configuration where applicable)
  • Manage Intune / Endpoint Manager configuration: device enrolment, compliance policies, configuration profiles, application deployment, and conditional access integration.
  • Operate Microsoft Purview controls in coordination with Cybersecurity and Risk & Governance — data loss prevention, retention labels, sensitivity labels, eDiscovery requests.
  • Maintain tenant hygiene: unused mailboxes, shared mailbox sprawl, orphaned guest accounts, stale Teams and SharePoint site.

Identity & Access Management

  • Administer Entra ID (Azure AD): user lifecycle, group management, application registrations, enterprise applications, service principals.
  • Implement and maintain Conditional Access policies, MFA enforcement, sign-in risk policies, and named locations in line with the Group security baseline.
  • Operate Privileged Identity Management (PIM) for just-in-time elevation of administrative roles; conduct periodic access reviews.
  • Support the migration from on-premises Active Directory to a cloud-native Entra ID environment, including hybrid identity synchronisation and the phased decommissioning of legacy domain controllers.
  • Partner with the Cybersecurity and Applications teams on identity and access management, maintaining identity hygiene across the esta

Azure Administration

  • Administer Azure subscriptions, resource groups, and management groups under the Group’s tenant governance model.
  • Provision, configure, and maintain Azure IaaS (virtual machines, storage, networking) and PaaS services in line with architectural standards set with the Enterprise Architect.
  • Operate Azure Key Vault — secret, key, and certificate lifecycle management, access policies, and integration with application teams.
  • Configure and monitor Azure Backup, Site Recovery, and disaster-recovery components for in-scope workloads, sharing the backup and recovery support load with the Cybersecurity, Applications, and Infrastructure teams.
  • Use Azure Monitor, Log Analytics, and cost-management tooling to track resource health, utilisation, and spend

Licensing & Cost Control

  • Administer licence assignment across the Microsoft 365 / Azure estate, including group-based licensing where appropriate
  • Maintain an accurate, evergreen view of licence consumption versus entitlement under the EA and any CSP arrangements; flag over- and under-utilisation
  • Track Azure consumption against budget and reservation commitments; raise variances to the Head of Technology Service Delivery and Enterprise Architect.
  • Support the annual EA true-up and renewal cycle with data, reconciliation, and recommendations

Security & Compliance Operations

  • Operate Microsoft Defender (Endpoint, Identity, Office 365, Cloud) consoles in coordination with the Cybersecurity team; action alerts within agreed L2 scope and escalate as required.
  • Support the Cybersecurity function with tenant-side configuration changes required by ISMS, audit, or incident-response activity.
  • Maintain hardening baselines for tenant configuration in line with Microsoft Secure Score and CIS benchmarks; track drift and remediation.
  • Participate in vulnerability remediation, patching, and configuration-change activity affecting Microsoft cloud workloads

Service Operations & Incident Response

  • Act as second-line escalation for service desk tickets relating to Microsoft 365 and Azure services; resolve incidents within agreed SLAs
  • Participate in problem management — root-cause analysis for recurring incidents, with documented remediation
  • Execute changes through the Group change-management process; produce implementation, test, and rollback plans.
  • Contribute to major incident response on-call rotation as agreed with the Head of Technology Service Delivery.

Documentation & Knowledge

  • Maintain accurate, current documentation of tenant configuration, Azure architecture, runbooks, and standard operating procedures.
  • Produce knowledge-base articles and self-service guidance to deflect repeat L1 tickets.
  • Support audit and assurance activity (internal audit, ISMS, OEM and regulatory reviews) with evidence packs on demand.

Cross-Functional Collaboration

  • Work closely with the Cybersecurity, Risk & Governance, Applications, and Enterprise Architecture functions to ensure tenant and cloud changes are reviewed, approved, and aligned to Group standards.
  • Engage directly with Microsoft (account team, FastTrack, support) and the Group’s licensing reseller to maximise value from existing agreements
  • Coordinate with business units’ technology liaisons on tenant-affecting changes and major rollouts (Teams Phone, new SharePoint estates, and similar).

Essential Requirements

  • Minimum 5 years of hands-on experience administering Microsoft 365 and Microsoft Azure in a production enterprise environment.
  • Deep practical knowledge of Entra ID (Azure AD), Exchange Online, SharePoint Online, Teams, OneDrive, and Intune / Endpoint Manager.
  • Demonstrable Azure administration experience covering IaaS, PaaS, virtual networking, storage, Key Vault, Backup, and Monitor.
  • Hands-on experience migrating on-premises Active Directory to a cloud-native Entra ID environment, including hybrid identity synchronisation.
  • Strong working knowledge of Conditional Access, MFA, PIM, and identity hygiene practices.Proficient in PowerShell for tenant and Azure automation (Microsoft Graph PowerShell, Az module, Exchange Online Management).
  • Practical understanding of Microsoft licensing under EA and CSP, including licence assignment, true-up cycles, and reservation / savings-plan basics.
  • Experience operating Microsoft Defender, Secure Score remediation, and at least one SIEM (Sentinel preferred).
  • Solid change, incident, and problem-management discipline; comfortable working to an ITIL-style operating model.
  • Excellent written documentation skills; able to produce runbooks, change records, and audit evidence to a professional standard.
  • **Desirable Requirements:**
  • Microsoft certifications: MS-102 (Microsoft 365 Administrator Expert), AZ-104 (Azure Administrator Associate), SC-300 (Identity & Access Administrator), MS-700 (Teams Administrator), AZ-500 (Azure Security Engineer) — or equivalent.
  • Experience operating in a hybrid identity environment (on-premises Active Directory with Entra Connect / Cloud Sync).
  • Familiarity with non-Microsoft security tooling such as CrowdStrike, Darktrace, ThreatLocker, Mimecast, and Netskope.
  • Exposure to FinOps practices and Azure cost optimisation.
  • Experience supporting tenant separation, migration, or M&A-driven identity work.
  • UAE / GCC experience and awareness of local data-residency and telecom-compliance considerations.

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at Gargash Group