Profile picture of Manu

Hi, I'm Manu – Cloud Engineer

Designing scalable, secure, and automated cloud solutions.

Microsoft Entra ID Expertise

Tap into focused topics below to explore specific areas of my work in Microsoft Entra .

Microsoft Entra ID (Azure AD)

Securing access, enabling identity governance, and powering cloud authentication with Microsoft Entra ID.

  • Extensive experience managing Microsoft Entra ID (Azure AD) for identity and access management across Azure and Microsoft 365.
  • Configured users, groups, enterprise applications, and RBAC for centralized identity governance.
  • Implemented Single Sign-On (SSO) using SAML, OAuth, and OIDC protocols for Azure, Microsoft 365, and third-party apps.
  • Enforced Multi-Factor Authentication (MFA) and Conditional Access Policies to strengthen organizational security posture.
  • Integrated with on-premises Active Directory using Azure AD Connect for hybrid identity scenarios.
  • Enabled Privileged Identity Management (PIM) for just-in-time admin access and granular control.
  • Automated identity workflows with PowerShell, Microsoft Graph API, and Lifecycle Workflows (where applicable).
  • Ensured compliance via identity governance, access reviews, audit logging, and Microsoft Defender for Identity integration.

Role-Based Access Control (RBAC)

Securing Azure environments through precise, policy-aligned access controls and automation.

  • Implemented RBAC across Azure to enforce least-privilege access and secure cloud resources.
  • Assigned built-in and custom roles to users, groups, and service principals for targeted access control.
  • Managed permissions at subscription, resource group, and resource levels based on organizational policies.
  • Integrated with Microsoft Entra ID for centralized identity and access governance.
  • Used Terraform to automate RBAC assignments in CI/CD pipelines and infrastructure deployments.
  • Audited and refined permissions to eliminate over-provisioning and reduce the attack surface.
  • Monitored access patterns using Azure Activity Logs and conducted regular Access Reviews.
  • Enabled Privileged Identity Management (PIM) for just-in-time role elevation and time-bound admin access.

Conditional Access Policies

Enforcing intelligent, risk-based access decisions across Microsoft cloud services with Conditional Access.

  • Designed and implemented Conditional Access Policies in Microsoft Entra ID for adaptive, risk-aware access control.
  • Applied policies based on user location, device compliance, sign-in risk, and app sensitivity.
  • Enforced Multi-Factor Authentication (MFA) for high-risk sign-ins and privileged role access.
  • Configured granular controls for Microsoft 365, Azure portal, Exchange Online, and Azure Virtual Desktop (AVD).
  • Integrated with Microsoft Defender for Cloud Apps for session control and real-time monitoring.
  • Defined policy exclusions and break-glass accounts to ensure secure fallback access.
  • Reviewed sign-in logs, policy impacts, and access trends to refine and optimize enforcement.
  • Aligned with Zero Trust principles by requiring compliant or hybrid Azure AD-joined devices.

Microsoft Intune (Endpoint Management)

Modern endpoint management across platforms using Microsoft Intune for secure, compliant, and streamlined device operations.

  • Implemented Microsoft Intune for device management across Windows, iOS, Android, and macOS.
  • Used Entra ID Join, AutoPilot, and Company Portal for seamless device enrollment and provisioning.
  • Created and deployed configuration profiles, compliance policies, and security baselines to enforce IT standards.
  • Managed app lifecycle by deploying, updating, and removing Win32, MSIX, LOB, and Store apps across enrolled devices.
  • Integrated with Microsoft Defender for Endpoint for real-time threat detection and automatic remediation.
  • Applied Conditional Access policies based on device compliance to control access to sensitive resources.
  • Enabled security features like BitLocker encryption, Windows Hello for Business, and remote wipe capabilities.
  • Monitored device health, user activity, and compliance using Intune reporting and analytics dashboards.

Multi-Factor Authentication (MFA)

Enhancing security posture by enforcing modern authentication across users, apps, and endpoints.

  • Implemented Microsoft Entra ID MFA across Azure, Microsoft 365, and third-party applications.
  • Enforced MFA via Conditional Access based on risk level, user location, device compliance, and role sensitivity.
  • Configured per-user MFA, security defaults, and baseline protections for privileged and high-risk accounts.
  • Integrated MFA with Azure VPN, Azure Virtual Desktop (AVD), and other remote access solutions.
  • Supported passwordless methods including Windows Hello for Business, FIDO2 security keys, and the Microsoft Authenticator app.
  • Created end-user guidance and training documentation to ensure successful adoption and rollout.
  • Monitored MFA usage and anomalies through sign-in logs, Azure AD audit logs, and Defender for Identity alerts.
  • Maintained break-glass accounts and tested fallback access plans for resilience and business continuity.