Active Directory and Entra Specialist

Purpose of the Role The Active Directory/Entra Specialist is the technical authority for the customer''s hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on-premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity life cycle automation across all in-scope business programmes.Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post-holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Requirements 2.3 Key Technical Responsibilities Hybrid Active Directory Operations Administer multi-forest on-premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker/WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on Legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan ..... full job details .....