MS365 Consultant/Solution Architect

Client: SME, IT service provider:

• Setup and configuration of an M365 tenant on a hybrid basis, SSO integration for existing app infrastructure like Mattermost, Huhu, etc.
• License consulting, Entra ID basic configuration, MFA, Conditional Access, Privileged Identity Management.
• Intune: basic configuration, Windows 11 Autopilot, iPhone AES.

Client: regional, mid-sized manufacturing company:

• Took over the tenant and prepared a security audit, rolled out iPhones with AES (formerly DEP) on COPE (Corporate Owned, Personally Enabled).
• Connected external customers with enhanced security via Conditional Access.
• Consulting on “cloud-first” strategy and migration to “cloud-only” business.
• Connected various apps via SSO/SCIM (e.g., Atlassian, Personio, Adobe).
• On-premises AD: security audit and project management: decommissioning local AD (migration: file servers, Navision 2016, user clients to Entra ID joined).
• Copilot rollout with connections to external data sources (Atlassian) and Intune configuration.

Client: international, mid-sized automotive supplier:

• Support in preparation for TISAX and ISO27001 certifications.
• Entra ID: security audit, switched per-user MFA to Conditional Access, upgraded MFA to “phishing resistant.”
• Intune: setup and management of Intune – integrating Windows and Apple clients, switched web enrollment to AES (formerly DEP), introduced Autopilot, took over app management, integrated Microsoft Defender on company clients, built a baseline for Windows (COBO) and iOS/Android (BYOD) devices.
• Teams/SPO: expanded and enhanced access model and integrated SPO sites into Teams.
• Maintenance and backup of Entra ID and Intune tenants (drift management).
• M365 backup with Veeam.

Client: international, mid-sized manufacturing company:

• Extended existing Conditional Access policies, designed and implemented PIM including hardware tokens for admins (YubiKey), on-premises admin tier concept.
• NCD project: revised existing GPOs for structure, security, and compliance.
• Project management: security audit and hardening of on-premises AD and cloud tenant, SAML VPN, PIM introduction.
• Supported HR by implementing a booking portal and supported the System Engineering department in general administration, security, compliance, and innovation (Copilot).

Client: SME, staffing services:

• Security audit and hardening of cloud tenant, introduced Conditional Access and passwordless MFA for all users, supported BSI security audit according to DIN SPEC 2707.
• Introduced platform SSO and Defender for macOS and iOS devices, expanded and monitored macOS devices with Intune, ensured compliance requirements.
• Introduced and configured Code2 signatures. M365 backup with Veeam.

Client: SME, development, medical:

• Introduced and set up compliance and security policies for Windows 11 devices including Autopilot and WUfB.
• Security audit and hardening of cloud tenant, introduced Conditional Access and passwordless MFA for all users.
• Expanded and monitored macOS devices with Intune, ensured compliance requirements.

• Goal: ensure smooth operation of the IT system and manage IT infrastructure focusing on security, quality, service, and availability.
• Core tasks: plan, implement, and oversee global IT infrastructure: DC/servers, networks, unified communication, workplace incl. Microsoft 365, MS Cloud, mobile device management, IT security, data protection, and backup (Veeam).
• Execute strategic direction on new infrastructure technologies like hybrid cloud and drive necessary transformation initiatives.
• Ensure IT security and implement suitable security measures.
• Identify modern ICT opportunities for the company and drive innovation.
• Support and monitor adoption of new technologies.
• IT infrastructure: AD, security, network and patching (client/server), virtualization with VMware ESXi in clustered mode, user and device management.
• MS365 & cloud: configured our company tenant, Entra ID (formerly Azure AD), Office 365 (Teams, SharePoint, OneDrive), Intune device management (Windows 10, iOS, Android Enterprise), Autopilot, Conditional Access and MFA with YubiKeys, compliance and security.
• General: patch management of client devices, employee onboarding/offboarding, internal firewall maintenance and configuration, user support, backup assurance with Veeam.
• TISAX certification: created and edited ISMS, security guidelines, and corresponding risk analyses.
• Responsibility: consulting and supporting departments and IT communication of various innovations, and implementing efficiency measures.

• Kofax 10.2.x server/client migration (replacing Kofax 9.2.x).
• Client transformation to Windows 7 across various departments, about 250 clients during live operation.
• Introduced remote control software and new whiteboard hardware including all phases.
• Technical rollout and management of multifunction devices.
• Project & rollout planning, technical planning and organization, execution of technical and organizational tasks, requirements and client management, ITIL process management, time management.

• CA – IT Client Manager (packaging software).
• Testlink test management portal.
• Mantis project portal.
• Remote control software.
• Mindmapping (FreeMind).

• Project: mobile client desktop virtualization with XenDesktop for Allianz AG.

• Project: client transformation for Thomas Cook AG (4,000 clients, international project).
• Tech: Active Directory, GPOs, Windows 7, SCCM 2007.

• Project: user training and product rollout of ZKSWin for Wacker Chemie AG.
• Role: IT consultant for access and time recording.

• Project: integration and rollout management for Siemens AG (international, 30,000 clients).
• Employed via staffing provider Hofmann.
• Tech: Siemens‐modded XP, Server 2000, Active Directory, VPN security & certificates, MS Outlook & Exchange.

• Temporary assignment via DIS AG.