SUMMARY:

• Over 16 years of IT experiences ranging from Network SupportActive Directory / System Administration, Microsoft Office 365 Integrator, MDM Architect, Server Virtualization.
• Designed networking for Azure IaaS Step through the design process to create an optimal Azure virtual network (VNet) for hosting server - based IT workloads, including subnets, address spaces, routing, DNS, load balancing, and connectivity to your on-premises network, other VNets, and the Internet.
• Azure AD Premium (AAD). Configure single sign-on to other SaaS apps in your environment. Configure Azure AD conditional access to configure rules for access to applications. Created access policies that evaluate the context of a user's login to make real-time decisions about which applications they should be allowed to access. Use Azure AD access and usage reports and Audit Events. Audit all account actions and use Azure AD reports to identify potential fraudulent activities. Use Azure AD Audit Events to identify privileged actions. Automate monitoring by consuming the security audit feed. Office 365 includes basic reports. Azure Active Directory Premium includes advanced reports. Configure Azure RMS logs to identify potential leaks or account theft. For example, identify if an account is used to access data from two different geographic locations within the same timeframe. Or, detect a spike in the use of RMS-protected data at an unexpected time. Implement Azure AD Connect Health to Monitor and gain insights into your on-premises identity infrastructure with the Azure AD Connect tool used with Office 365.
• Mobile Device Management (MDM) Configured MDM to allow or deny access to secure resources based on device health attestation. The Health Attestation Service is a trusted cloud service operated by Microsoft that reports what security features are enabled on the device.
• Intune / SCCM hybrid. Responsible for Implementation the use of Intune to protect data on mobile devices, desktop computers, and in applications.Design / Architect device policy compliance using configurable conditional access policies for Office 365 to apply to Exchange Online, SharePoint Online, OneDrive for Business, and Skype for Business. Configure secure access with s, Wi-Fi, VPN and email profiles. Configure management of applications on mobile devices regardless of whether the devices are enrolled for mobile device management. Deploy apps, including LOB apps. Restrict actions like copy, cut, paste, and save as, to only apps managed by Intune. Enable secure web browsing using the Intune Managed Browser App. Enforce PIN and encryption requirements, offline access time, and other policy settings. Configured Intune App Wrapping Tool to apply policies to line-of-business (LOB) applications
• Azure Information Protection (AIP). Architect Data Protection using encryption, authentication, rights for internal and external users on any device. Implementation Use of Azure Rights Management (RMS) with Office 365 to protect data from unauthorized access. Configure encryption, identity, and authorization policies. Configure templates to make it easy for users to apply policies. Configured RMS, so that through the web document owners can track activities such as recipients who open files, unauthorized users who are denied access, and the latest state of files. Configured ability view the geographical locations where files were accessed, and revoke access to a shared file.
• OFFICE 365 Architecting. - Plan and design identity management requirements. Design integration of on-premises identities with Office 365. Ensure network capacity and availability through firewalls, proxy servers, gateways, and across WAN links by performing a network assessment or by contracting with a partner to do the assessment. Acquire third-party SSL s to provide enterprise-security for Office 365 service offerings. Plan and design how much feature integration with on-premises and online versions of Skype for Business, Exchange, and SharePoint is desired. Determine which proxy server device will be used for requests from Office 365. Plan and implement internal and external DNS records and routing. Configure your proxy or firewall for Office 365 IP address and URL requirements. Plan for server hardware, including virtualization. Design integration of on-premise Windows Server Active Directory and DNS. Configure Office encryption settings controlling the way data is encrypted when Office applications are used: Access, Excel, OneNote, PowerPoint, Project, and Word. Configure Data Loss Prevention (DLP) across Office 365 services and applications. Enforce policies and analyze how users adhere. Use built-in templates and customizable policies. Policies include transport rules, actions, and exceptions that you create. Inform mail senders that they are about to violate a policy. Set up policies for SharePoint Online and OneDrive for Business that automatically apply to Word, Excel, and PowerPoint 2016 applications.
• Advanced Security Management (ASM). Design and implement Office 365 ASM policies to send alert about anomalous and suspicious activity. Configure ASM to allow administrators to disable an account directly from an alert, and configure alerts to automatically disable an account. Customized Built-in alerts configuration to scan user activities and evaluate risk against over 70 different indicators, including sign-in failures, administrator activity and inactive accounts.
• Exchange Online. Configured password policies for Outlook Web Access (OWA). Enable self-service password reset in Azure Active Directory with on-premises write-back. Configure Multi-Factor Authentication (MFA). Configure Mobile Device Management (MDM) features in Office 365 to allow access to corporate email and documents only from devices that are managed and compliant. Configure conditional device wipe without affecting personal data. Configured how e-mail attachment handling in Outlook Web App, Set policies that determine how attachments are handled. For example, restrict access to documents from public networks. Or, block attachments from being synchronized to mobile devices. Configured Exchange Online Advanced Threat Protection for your organization to protect environment against advanced threats, including malicious links, unsafe attachments, and malware campaigns. Configure Exchange Online auditing capabilities to Audit administrator, user, application, and external user access. Determine who has accessed mailboxes and what they have done. Detect non-owner mailbox access, privileged Administrator changes, and regularly review configuration changes. Configure Message records management (MRM) in Exchange Online to manage email lifecycle and reduce legal risk. Configure MRM to Keep messages needed to comply with company policy, government regulations, or legal needs, and remove content that has no legal or business value. Configure security restrictions in Exchange Online to protect messages require encryption, digitally sign messages, and monitor or restrict forwarding. Conduct eDiscovery in Office 365 to Identify, preserve, search, analyze, and export email, documents, messages, and other types of content to investigate and meet legal obligations.
• ExpressRoute for Microsoft cloud connectivity. Architected private, dedicated, high-throughput network connection to Microsoft's cloud. Designed Traffic path based on predictable throughput and latency, based on your service provider's connection, to Office 365, Azure, and Dynamics 365 services.
• Implemented via PowerShell and Microsoft azure portal ExpressRoute connection supporting three Border Gateway Protocol (BGP) peering relationships to different parts of the Microsoft cloud. Configured BGP peering to establish trust exchange routing information. 3 BGP Peering configured listed below:
• Microsoft peering - network link configuration from router in DMZ to public addresses of Office 365 and Dynamics 365. Configure bidirectional initiated communication.
• Public peering - network link configuration from router in DMZ to public IP addresses in Azure services. Configured unidirectional initiated communication from on-premisses systems only.
• Private peering - Network link configuration from router to the edge of network to the private IP addresses assigned to Azure VNets. Configured bidirectional initiated communication. Extended internal network to the Microsoft cloud, complete with internally-consistent addressing and routing.

PROFESSIONAL EXPERIENCE:

Microsoft Office 365 Integration Consultant

Confidential

Responsibilities:

• Responsible for architecting and engineering Office 365: Exchange Online, Skype for Business Online, OneDrive for Business, SharePoint Online.
• Architected Intune w/SCCM Integration for IOS, Android, Windows phone, MAC, and Windows 10
• Active Directory Federation Services (ADFS 2.0, ADFS 3.0)
• Azure AD Connect
• FIM | Microsoft Identity Manager
• NetIQ
• Practical knowledge on architecting and engineering Exchange Server - 2007, 2010, 2013
• Practical knowledge on architecting and engineering Skype for Business (S4B), Voice PBX and conferencing.
• Experience with previous AD migrations, cross-forest migrations and interoperability scenarios
• Implement the deployment plan for all necessary Office 365 components including Exchange Online, Skype for Business Online, and Office 365 Professional Plus
• Work experience with Exchange and Microsoft platform products, including the Windows Server 2003, 2008, and 2012 operating systems.
• Working experience of Active Directory and Federated Identity, and advanced knowledge of Azure AD.
• Working experience extending on premise active directory to the cloud on Azure. Familiar with Azure express route, Microsoft peering, private peering and public peering. Configuration of Vnet-Vnet, site-to-site, and Point-to-site VPN on MS Azure IAAS.
• Familiar with Office 365 Enterprise Mobility + Security configuration and management. Rights Management Services (RMS) and Advance Security Management (ASM) configuration.
• Implementation of Microsoft Intune, subscription base end vulnerability monitoring.
• Practical knowledge and experience on automating migrations using PowerShell

System Engineer

Confidential

Responsibilities:

• Managed Enterprise Active Directory in various agriculture domains.
• Architected and Migration from Office 365 MDM to Intune w/SCCM Integration for IOS, Android, Windows phone, MAC, and Windows 10.
• Performed routine Back - ups and restores, using Net-BackUp/CommVault
• Performed routine and specialized SMS/SCCM/Tivoli reports for auditing and security purposes.
• Assessed threats, risks, and vulnerabilities from emerging security issues.
• Assisted with the Development scripts to maintain and backup key security systems.
• Supported end user with network issues; File access, VPN access, Folder rights, LAN connectivity, Citrix issues, Mobiles device services, DCHP/DNS, etc.
• Assisted with testing of installed systems to ensure protection strategies are properly implemented and working as intended.
• Detail knowledge of scripting (VB, Windows host, batch files) was applied to new server deployments and Active Directory OU changes.
• Resolved Tickets using Remedy Ticketing System.
• Managed Citrix/XenApp Console to assist users with Application/Desktop issues.
• Tested new software (VDI, Windows 7/8 Enterprise, and Thin Clients) for security vulnerabilities and deployment production readiness.
• Supported integration of new hardware; iPhone, iPad, and security approved Android devices, into network. (Exchange integration (Mobile Iron), VPN and Mobile kiosk system)
• Manage, Administer, Implement VMWare Virtual servers/machines using Vsphere 4/5 ESx platform
• Built, Deployed, & Managed; MS Server 2003, MS Server 2008 R & x64 and MS Server ; For Domain controllers, file servers, print servers and Hyper-V Hosts & Client servers for a wide range of Application needs.

Systems Engineer

Confidential, Alexandria VA

Responsibilities:

• Installed and configure Hyper - V Server 2008, Installed, configured Windows Server 2008 VM s
• Installed and configure SharePoint 2010 server in a farm environment. Managed SharePoint sites, configure permissions and manage access.
• Implemented Microsoft Intune MDM for IOS, Android, Windows phone, MAC, and Windows 10.Support NEC VoIP system, configure phones, mailboxes, ringing priority, ect.
• Maintain SONICWALL 2400, assign and create VLAN, DMZ and network monitoring.
• Support and Maintain inventory of all electronic peripherals including: laptops, desktops, video conferencing, Servers, UPS, Plasma TV, IP Phones, ect.
• Installed and configured VMware ESXi 5.0 host, Created Virtual Servers, Virtual networks and manage snapshot for disaster recovery.
• Helpdesk support for windows 7 Operating System, Windows Server R2, Office 365 suite including Lync, SharePoint online, Exchange Online.
• Manage Mobile Device via Office 365 Exchange services.

Technical Analyst

Confidential, Herndon VA

Responsibilities:

• Main point of contact for adding and remove VoIP endpoints on Cisco Unified Call Manager (CUCM) troubleshooting VoIP issues, subscriber issues, translation pattern issues, etc.
• Coordinated campus projects such as: CCTV Install project, Network General Sniffer s4100 installation, Fog server installation.
• Responsible to troubleshooting and root cause analysis of Telepresence, codecs, video endpoints, CUCM, Movi, QoS, MCUs, H323 and SIP.
• Manage Network infrastructure, Data center, File servers and NOC, and operating systems
• Maintain and manage active directory accounts using Windows 2003 and 2008 Server; creating, deleting, setting up permissions and resetting password.
• Responsible for VPN connectivity issues; connection speed troubleshooting and softoken sync issues.
• Responsible for securing data on laptops and desktop using PGP, PointSec.
• Responsible for patching in IDF/BDF and NOC.
• Responsible for Cisco Telepresence maintenance; camera adjustments, and codec configurations.
• Assist Network team with WAN upgrade; Helping installing preconfigured Cisco Catalyst 6500 series switch, preconfigured Cisco Aironet 1200 Series Access Point, and preconfigured DS - 3.
• Responsible for Performing after hour Network change management; replacing devices such as: redundant power supply for Cisco Catalyst 6500 series switch, redundant supervisor blade on Cisco router 6501 and Cisco AP 1200. Responsible for documenting campus network configuration and design using Visio.
• Maintains high level of customer support through teamwork and communication of technical/procedural issues; balances multiple shifting priorities; relies on experience to plan and accomplish goals.

Associate Network Support Engineer.

Confidential, Woburn, MA

Responsibilities:

• Provide technical support in activities associated with the identification, prioritization and resolution of reported problems. Activities include recognition, research, isolation, resolution, and follow - up. Lead Support for custom software applications laptops and desktops.
• Design, install, configure and document small business voice and data networked. Troubleshoots, and repairs network systems in a remote environment.
• Serve as a liaison coordinating outside vendor to perform hardware recall onsite.
• Trained staff and customers in computer-system setup and operations.
• Performed pre and post-sales, consultation, recommendation, and implementation.

Production graphic design specialist/Hardware Technician

Confidential, Lexington, MA

Responsibilities:

• Created weather graphics using photo editing software such as Adobe Photoshop, Adobe Illustrator, Adobe streamline, Macromedia freehand and others.
• Uploaded to internet server. Wrote batch files to resize graphics, Photoshop script automation.
• Loaded new graphics software applications and upgraded MACs and PCs.
• Troubleshoot software and hardware problems for PC and MAC platform.
• Setup, installed, and configured new systems.
• Provided systems hardware and software packages upgrades.