Microsoft Network Architect (M365 / EntraID)

Overview

On Site
Depends on Experience
Contract - W2
Contract - 1 Month(s)

Skills

Microsoft 365
M365
EntraID
Multi-Geo licensing
Azure MFA
Entra ID

Job Details

Network Architect needed for a 1+ Month Contract position working ONSITE in Foxboro, MA!
Client will be moving all data in the current tenant, as well as moving the users out of the client's Active Directory environment and into EntraID only. Consultant will deploy and leverage ForenzIT for the profile separation from the Domain to the new IFP-CMPC domain. Currently Client uses Citrix for all users targeted here to access the Ceitrade application, that will not change as they will be required to use their AD domain accounts as it stands today. However, the Consultant will be sure to scan the local machine at separation time and move any local data to the new IFP-CMPC domain profile. Consultant will also deploy BitTitan as the M365 data move tool from the M365 tenant to the new IFP-CMPC M365 tenant. That Tenant will reside in the US EAST M365 environment, but the six (6) non-US users will leverage Microsoft Multi-Geo licensing to move their data into the designated region, to meet GDPR requirements. Consultant is also recommending that this tenant be secured with the same tooling that Client currently uses for an Email Security Gateway solution, just a separate instance of that Client will be responsible for the setup of this but will work with consultant to integrate the solutions. The consultant will also set up Azure MFA and Single Sign-on for these users in the new M365 and EntraID Cloud only tenant. There will not be a formal traditional Active Directory. Backup for this solution will at first leverage the Microsoft Office365 native backup but when Client changes platforms as part of the DR 2.0 project, that backup tool selected there will be extended via its own instance to cover this new tenant as well.

Services

Phase 1 - Separation Kickoff Discovery -
Project Overview Work Session - An initial session will be held with the stakeholders of this project to discuss the following:

  • Methodology and approach
  • Project goals, success criteria, technical and business requirements gathering.
  • Introduction to the team with a review of roles and responsibilities
  • Tools that will be used during the discovery.
  • Requirements for infrastructure access and individuals that will be needed for data collection for the various locations.
  • Points of contact for each device and/or per location for access to devices
  • Review of final deliverables that will be provided at the end of the project.
  • The findings will also be delivered in a formal written report.
  • Acquisition of ForenzIT and BitTitan licensing

Phase 2 Design - During this part of the separation project, Consultant will work to design this landing zone and the migration strategy. The following tasks will be completed in this phase:

  • Tenant Design
  • Security Design review (CIS Standards)
  • Design of EntraID and EntraID Domain Services
  • Setup of Intune to support EntraID enrollment
  • Design Office365 Backup retention policies.
  • Setup Test Accounts for Separation
  • Work on scheduling of what accounts will move when
  • Prepare for the user accounts for migration testing
  • Implementation of Multi-Geo licensing for EU users (Sweden)

Phase 3 Build -
During this part of the separation project, Consultant will work to ensure all the necessary prerequisites for the pilot have been met and configured appropriately. This foundation and setup will ensure the pilot environment is prepared and working as expected for the pilot. The following tasks will be completed in this phase:

  • Tenant Build
  • Security hardening (CIS Standards)
  • Setup BitTitan MigrationWiz Pro
  • Setup of ForenzIT for profile migration
  • Prepare both M365 tenants for the separation and ensure licensing is available.
  • Setup of EntraID and EntraID Domain Services
  • Setup Office365 Backup retention policies
  • Setup of Email Security Gateway Solution
  • Execute Test migration.
  • Work on scheduling and end user notification for the pilot.
  • Microsoft365 org to org federation

Phase 4 Users Data/Profile and Device Migration -
Consultant will work with client to perform the separation and setup for IFP-CMPC. This will be a cooperative effort where the consultant will be leading the effort, the project and client's IT will be communicating with the end users at IFP-CMPC.

  • Document users and devices to migrate and setup Separation Schedule
  • Setup and assign Multi-Geo License to the six Sweden based users.
  • Cutover all DNS records for mail delivery from client to IFP-CMPC DNS provider
  • Check backup and confirm success.
  • Update existing client documentation set.

Communicate Separation schedule to end users and client team.
coordinate the move of M365 and Domain services, along with profiles in a White Glove 1 to 1 solution:

  • Create user process/scripts for changes on the end user computers.
  • Create user process/scripts for the changes to mobile devices such as phones and tablets.
  • Create post separation and automation scripts, including Outlook profile backup and creation.
  • Create attribute stamp with PowerShell.
  • Perform initial mailbox synchronization.
  • Perform mailbox cutovers.

Phase 5 Day 2 Support -
Consultant will provide Day 2 Support and issue remediation post the completion of the white glove end user separation work.
Phase 6 - Final Phase Work-Post separation completion and cutover-
Hold Training session with client Team and review project and as built documentation for transition of services.

  • Project Closure and Acceptance
  • Project Retrospective and Feedback loop meeting