CV/Mission AZURE freelance

Résumé des emplois de Georges,
freelance AZURE résidant dans la Haute-Savoie (74)

• Position: IT Infrastructure Manager (Cloud-oriented projects)

  _m3 Group, Geneva, CH - Final Client (100%)
  Jan 2021 - aujourd'hui

  Main Activities: I'm involved in many interesting challenges at m3 Group. Existing Infrastructure needed to be
  modernized and we decided to go with a hybrid Cloud approach (IaaS, PaaS) and SaaS with Microsoft 365
  services. I'm leading the architecture, design, integration and projects coordination with our different internal
  teams and external partners to make our IT projects a success.
  1/ Modernize existing Infrastructure
  - VMware vSphere 6 infrastructure
  - Citrix XenDesktop/XenApp & Citrix ADC (Netscaler) for LoadBalancing and Publishing
  - Fortigate Firewalling and MFA FortiToken
  - Follow me Printing Solution: Ysoft
  - Microsoft-Oriented infrastructure (AD, DNS, DFS, DHCP, Filer...)
  - Windows 11 Automatic Deployment with WDS/MDT
  - Active Directory Hardening with GPO (Baseline, LAPS...)
  - Messaging and Unified Communication: Skype for Business & Exchange 2016 services
  - Setup new Public Key Infrastructure (PKI)

  AZURE SECURITY & MS 365 COMPLIANCE AZ-500 SC-400 MS-700 AZ-104 SC-300 AZ-140 AZ-700 SC-200 MS-720 AZ-304/303 SC-100 MS-500

• Microsoft 365 & Azure Cloud Identity Security Architect/Engineer 2/7

  aujourd'hui

  2/ Identity and Access Management (IAM) modernization:
  - Consolidation of all m3 companies into a new single m3 group domain with Active Directory (AD) using AD
  Migration Tool (ADMT), MIM (Microsoft Identity Manager).
  - Implementation of AAD conditional Access
  - Implementation of Self-Service Password Reset (SSPR) for hybrid identity
  - Integration of applications to Azure AD and Implement SSO with federation approach (SAML, oAuth2, OIDC)
  - Hybrid Identity: Synchronization of identity to Azure AD with Azure AD Connect v2 using custom Sync Rules,
  Password Hash Sync (PHS) with Seamless SSO, Hybrid Azure AD Join with PRT), SAML JIT, SCIM (Automatic
  Identity Provisioning)
  - Implement Password Less approach (Windows Hello for Business with Cloud Trust, Fido2, Ms Authenticator
  password less sign in, Phone sign in)
  - Implement Intune MDM and MAM Solution to secure BYOD (Android, iOS, MacOS)
  3/ Hybrid cloud Infrastructure approach:
  I acted as Azure Architect and was in charge of Architecture, Design and Integration phases.
  - Azure and Microsoft 365 Subscription and Licences (Cost Optimization, PAYG, CSP, Enterprise Agreement)
  - Azure Governance (Naming Convention, Management Group, RBAC, Azure Policy, Azure KeyVault, Managed
  Identity, Storage Account, Azure Monitor, Azure Private Link/Private Endpoint)
  - Azure Network Security (Reserve Proxy Azure Application Gateway, Azure Firewall, Azure Bastion, Azure
  Security Center Just-In-Time VM Access, VNET/subnet, VNET Peering, ASG/NSG, UDR, Azure VPN, Cisco Meraki
  VMx Site-to-Site VPN, Cisco Umbrella DNS, P2S VPN with Azure VPN)
  - Azure IaaS reserved Instances
  - Azure Migration from tenant to another Tenant and Subscription to another subscription
  - Veeam Backup & Replication, Veeam Backup for M365/For Azure
  4/ Microsoft 365 Migration:
  I’m leading the Governance, Plan, build, Coordination, Implementation, Test, Documentation.
  - Migration of On-Exchange to Exchange Online
  - Migration of On-prem filer to OneDrive for Business and SharePoint Online
  - Migration of Skype for Business to MS Teams with PSTN
  - Migration of On-prem to Cloud-managed Phone System
  - Microsoft 365 Compliance and Security (MS Purview Information Protection, MS Defender)
  May 2021 – March 2022 (11 m) Employer: SoftwareONE, Morges CH
  - Delegation 40% at ICRC (International Committee of the Red Cross), Geneva (Switzerland)
  - Consulting 60% for various customers on Microsoft Cloud Technologies (Architecture / Design / Identity /
  Security / Compliance / Endpoint Manager / M365)
  Position: Senior Azure Cloud Architect & IAM Specialist
  Main Activities: Architecture, Design, Project Management, Integration, Support and Pre-Sales activities
  • IAM Project Manager / Technical Tech Lead: IAM program (Modern Identity, Zero Trust, PasswordLess
  (W10 Signin with Fido2, MS auth), B2B, B2C, Self-Service...). Continuity of my previous job at ICRC
  (International Committee of the Red Cross), CH
  • Microsoft 365 Compliance: Information Governance & Record Management at VITOL, CH
  • Microsoft 365/Azure AD Security Audit: Assessment on Azure AD, Microsoft Endpoint Manager,
  SharePoint Online, MS Teams, Exchange Online, M365 Compliance and Security (Microsoft Defender for
  Endpoint and Offiice365) at Covantis, CH
  • Azure AD & File System, Exchange Migration: Azure AD Security, Migration of MS Exchange/File System
  on-Prem to MS Exchange/SharePoint Online using Bittitan and ShareGate for Mirabaud Services
  Limited, UK
  • Azure Migration/Readiness Assessment: HyperV Azure readiness Assessment to Azure at SD Plus, CH
  • Azure Virtual Desktop (AVD + FSLogix) & Windows 365: Advisory, Network-Security Architecture,
  deployment Azure Virtual Desktop with Azure AD DS/Azure AD Join with FSLogix, Windows 365

• Microsoft 365 & Azure Cloud Identity Security Architect/Engineer 3/7

  Enterprise, Setup IPsec Site to Site VPN with Azure , VNET Peering, Support on Intune and Microsoft Defender for Endpoint at MKS,CH
  aujourd'hui

  • Google Workspace to M365 Migration: Advisory, Governance, Security. Migration Google Workspace to
  Exchange Online & OneDrive for Business. Integration Google Cloud Platform with Azure AD (SSO/SCIM
  provisioning) at Metaco, CH
  • Teams Adoption: Advisory. Hybrid Full Classic Exchange Deployment (Free/Busy). MS Teams governance
  and adoption for VITOL, CH
  • Teams Adoption: Advisory, MS Teams governance and Security for Mirabaud Services Limited, UK
  March 2018 – May 2021 (3yrs 2m) Employer: Talents Connection, Lausanne CH
  - Delegation 100% at ICRC (International Committee of the Red Cross), Geneva (Switzerland)
  Position: Identity & Access Management (IAM) Platform Responsible
  • Technical Team Lead/Manager: I’m Responsible of IAM Strategy and vision, Integration, Architecture &
  Design. I coordinate and manage a Team of 4 IAM consultants/Architects at L3 Platform.
  • Technical lead on IAM projects: I’m a Security and Identity Architect with strong skills on Microsoft
  products (Active Directory /Microsoft Identity Manager / ADFS / Azure AD). I designed the future of IAM
  of ICRC proposing a vision and a strategy based on a Program with different projects to enhance userexperience & Security maturity.
  • Projects Integration: I’m in charge of integrating any IT solutions into IAM/CIAM Systems, maintain and
  provide evolutions to IAM Services Catalog
  • Architecture, Design & Governance: I’m in charge to review and propose new architecture based on IAM
  & Cloud Strategy.
  • Support & Knowledge Transfer: I’m in charge of the knowledge transfer to L2/L1 Support Teams. Writing
  all technical documentation (User guide / Technical procedure / Installation & Architecture)
  Technical Skills:
  • Azure Active Directory Premium P1/P2
  - Azure AD Connect (Hybrid Identity)
  - Azure AD B2B / External Identities
  - Azure AD Application Proxy (On-prem Kerberos/SAML app publication) + F5 BigIP APM
  - Azure AD Identity Governance (Access reviews, Entitlement management, Privileged Identity
  Management (PIM) in Hybrid Mode)
  - Azure AD Conditional Access : Zero Trust Approach
  - Azure MFA (SMS/phone/Microsoft Auth, Passwordless with Yubikey Fido2 & WHFB)
  - Azure AD Identity Protection & Password Protection (Artificial Intelligence)
  - Azure AD Self-service portals (MyStaff, MyApps, MyGroups, Access Package, PIM…)
  - Azure AD SSO Integration 3rd Party Apps for SSO with SAML and OIDC/oAuth2
  - Azure AD SCIM (Automatic Provisioning)
  - Azure Monitor/Log Analytics
  • ADFS (Active Directory Federation Service)
  - Installation / Configuration / Migration ADFS 2012 to 2016
  - Create and Manage 30 SAMLv2 Trusts (CTP/RPT): SAMLv2/WS-FED
  - ADFS Trusts Migration to Azure AD
  • Active Directory: 300 sites RWDC/RODC worldwide, 15000 users.
  - Migration AD2016
  - Design / Architecture/Troubleshooting
  - Security and Hardening
  - GPO/AGPM/DNS/DHCP/DFS
  - Authentication methods supported Kerberos/LDAPs
  - Automation "AD as a Service" via Ansible/AWX
  - Manage Certificates from PKI (AD CS)
  • Microsoft Identity Management (MIM):
  - Design / Integration / Troubleshooting

• Microsoft 365 & Azure Cloud Identity Security Architect/Engineer 4/7

  aujourd'hui

  - Migration FIM 2010R2 to MIM 2016 SP1/SP2
  - MIM Sync: 160 connectors (HR SAP-SuccessFactor/HR Strategic/AD/SQL Server/PowerShell)
  - Working with MS Exchange & MS Skype for Business Connectors
  - MIM Portal: (SSPR/Group Management/Workflows) & Custom IAM Application
  • CIAM (Customer Identity Access Management): API Approach
  - Beneficiary IAM platform based on WSo2 Identity Server 5.10
  - CIAM published services (signup/sign-in/sign-out/SSPR/Update Profile/MFA) based on API Approach
  with WSo2 API Management 3.2
  - Mobile App security: oAuth2 Authorization Code with PKCE
  - Azure AD B2C (POC & Demo)
  Training: Wso2 Identity Server Fundamentals 5.10 & API Manager Developer 3.2
  • Microsoft 365 & Modern Workplace
  - MS SharePoint: POC Azure AIP and DKE (Double Key Encryption). Integration with Azure AD using
  SAML and Azure CP (Identity Provisioning)
  - MS Teams: Good Knowledge & Support/Troubleshooting (WAM/ADAL Authentication)
  - Microsoft 365 Apps Automatic License Management
  - Microsoft Endpoint Manager (Intune MDM/MAM / AutoPilot) (Training & Workshop)
  • Azure Governance, Network & Security (Training & Workshop)
  - Azure Policy/initiatives, Azure Blueprint, Azure ARC
  - Azure Subscriptions / Managem...