DESCRIPTION **Systems Administrator (M365 \+ Infrastructure \+ Virtualization with partners) \- Corporativo Vincci Hoteles** ------------------------------------------------------------------------------------------------------------ **What you will do (Scope) — M365 priority** * **Microsoft 365 (tenant level):** Entra ID (**MFA/CA/PIM**), Exchange Online, SharePoint/OneDrive/Teams, **Intune**, **Defender (MDE/MDO)** and **Purview/DLP** **\+ preparation/implementation of Copilot for M365** (permission hygiene, **sensitivity labeling**, secure grounding and governance). * **On-premises systems:** Windows Server 2016–2022, AD DS/DNS/DHCP, **GPO**, file/print services. **Automation with PowerShell**. * **Virtualization (with partners):** VMware/Hyper\-V/**VMware Horizon**/AVD. **Intermediate knowledge (not expert)** of vCenter, snapshots, templates/golden image and **FSLogix (profiles/ODFC/App Masking)**, dependencies and performance, **to define requirements, review partner's HLD/LLD, interpret basic metrics and lead change windows**. **No** daily platform operations. * **VDI & EUC (with partners):** **Horizon/AVD/Citrix**. **Functional/intermediate knowledge** of protocols (Blast/RDP/HDX), brokering, profiles, **logon tuning**, GPU/vGPU, redirections and **printing (Universal Print/UPD)** **to agree objectives with the partner and validate deliverables**. * **Application virtualization:** **Intermediate level** in **MSIX/MSIX App Attach**, Intune Win32, App\-V (legacy) and **FSLogix App Masking**, **to choose strategy** (base image vs. layer vs. masking) and **coordinate with the partner** packaging and deployment rings. * **Backups & BCDR:** Veeam or others; **restoration testing** and **evidence gathering**. **Your responsibilities — focus on M365, Copilot and automation** * **End-to-end M365 governance:** identity, mail, collaboration, endpoint, security and compliance (**GDPR**). * **Entra ID:** **Adaptive MFA**, **Conditional Access**, **PIM**, **B2B** for guests. * **Exchange Online:** **DMARC/DKIM/SPF**, anti\-phish/impersonation, transport rules, shared mailboxes, **retention/journaling**. * **SharePoint/Teams/OneDrive:** site governance and **sharing** (internal/external), **sensitivity/retention**, lifecycle and guest access. * **Intune/Endpoint:** baseline for **compliance/hardening**, Windows Update for Business, app catalog (**Win32/MSIX**), **Autopilot**. * **Defender (MDE/MDO):** EDR (ASR and remediation), Safe Links/Attachments, VIP protection. * **Purview/DLP & Labeling:** TIPs (ID number/IBAN), contextual policies, **sensitivity labels**, **audit evidence**. * **Copilot for Microsoft 365 (implementation and governance):** * **Data and permission readiness:** cleanup of **oversharing**, clear owners, naming/expiry, archiving. * **Labeling and protection:** **Purview** (sensitivity, **auto\-labeling**), **Adaptive Protection** and DLP aligned to AI. * **Search scope/grounding:** **Restricted SharePoint Search**, control of **Graph/Semantic Index** by scope. * **Access and security:** **CA** specific to Copilot (device/location), control of **B2B/Guests** prior to rollout. * **Adoption and value:** pilots by rings, eligibility criteria, usage/MAU, use case reporting. * **Associated automation:** group-based licensing, inventory of untagged sites/no owner, exposure reports. * **Automation (PowerShell/Graph/Power Automate):** * **JML** (onboarding/offboarding/movements) with group-based licensing. * Deployment of apps and configurations (Intune/EXO/SharePoint PnP). * **Reporting** (security, external sharing, DLP, labeling, Copilot adoption). * **Recurring tasks**: archiving, rotations, FSLogix cleanup, GPO backups. * **Greenfield M365 implementations with partner:** landing zone, domains, hybrid/cloud-only identity, **CA/MFA/PIM**; Exchange/Intune/Teams/SharePoint; **HLD/LLD**, pilots, validation and handover to operations. * **VDI/EUC with partners (Horizon/AVD/Citrix):** capacity requirements (CPU/RAM/IOPS/GPU), hardened **golden image**, **FSLogix (profiles/ODFC)**, **logon** targets, session policies and **digital experience**; review of change plans and **evidence collection**. * **App virtualization:** standardize packaging (MSIX \+ App Attach), decide **App Masking vs. layer vs. base image**, release testing with rings. * **On-premises operations:** AD/GPO, DNS/DHCP, file/print, WSUS/patching, **hardening** baseline. * **Change and capacity management:** patching, obsolescence, business communication; **post\-mortems** with action items. * **Documentation:** as\-built, **runbooks**, diagrams; **mentoring L1/L2**. **L2 Support (supporting L1 team)** * L2 support in **M365/Intune/Defender/Purview/AD/GPO/FSLogix**. * **Copilot/M365 L2:** cases like "Copilot sees inappropriate content" (inherited permissions, unlabeled sites, RSS/external sharing) — **quick fixes** and, if needed, **escalation**. * **VDI/App\-virt L2 (intermediate):** initial diagnosis (FSLogix, App Attach, session policies, universal printing, Blast/RDP/HDX latencies) and **escalation to partner with evidence**. * **Runbooks and scripts** for L1 self-service (reset container, reprocess MSIX, reprovision Autopilot, etc.). * Rotating P1/P2 on-call duties; **escalation to partner** per procedure. **Requirements (must\-have)** * **3–5\+ years** administering Windows/AD and **M365 tenant** (Entra, Exchange, SharePoint/Teams, Intune, Defender, Purview). * **From-scratch M365 implementations** (tenant, identity/CA/MFA, Exchange/Intune/Teams/SharePoint, governance and handover to operations). * **Advanced PowerShell** (Entra/Graph/EXO/Intune), JSON/CSV, **basic Git**. * Design/operation of **CA/MFA/PIM** and governance. * **DLP/retention/labels** and **evidence collection** for compliance. * **Tenant preparation for Copilot for M365**: Purview labeling, permission hygiene, **Restricted SharePoint Search**, AI-aligned DLP, ring-based adoption and reporting. * Interaction with **VMware/Hyper\-V/Horizon/AVD** partners at **intermediate level** (clusters, HA/DRS, templates, **FSLogix**): **understand HLD/LLD, request adjustments and validate results**, without operating independently. * **Basic networking** (DNS/DHCP/VPN/Firewall) for low\-risk changes and troubleshooting. REQUIREMENTS **What we offer?** ------------------- * **An incredible work environment**: You'll be part of a dynamic and passionate team, where every day is a new opportunity to learn and grow. * **Flexible hours**: Two hours flexibility on start and end times, plus reduced working hours on Fridays and during summer months. * **Remote work** two days a week. * **Competitive benefits**: We offer an attractive salary package and additional benefits that make you feel valued and motivated. * **A place to innovate**: We value your ideas and contributions, enabling you to actively shape our company’s evolution.