Service areas.
Six focus areas where I do most of my engagements. Hands-on engineering rather than advisory: I write the scripts, run the migrations, and stay on the line through cutover.
Intune deployment and management
Endpoint enrolment, configuration profiles, compliance policies, and app deployment across Windows, macOS, iOS, and Android. From greenfield rollout to fixing the policy stack on a tenant that has accumulated technical debt.
Entra ID and Conditional Access
Identity hardening for hybrid and cloud-only environments. Conditional Access policy design, MFA rollout, named locations, sign-in risk policies, and access reviews. Includes break-glass account setup and Privileged Identity Management.
Exchange Online migrations
Tenant-to-tenant, on-premises-to-cloud, and Google Workspace migrations. Mailbox sizing, batch planning, MX cutover, retention parity, and post-migration validation. End-to-end ownership including the Outlook profile rebuilds.
Windows LAPS
Local administrator password rotation across the fleet via Microsoft Intune. Policy design, Automatic Account Management for Windows 11 24H2, escrow verification, and remediation of the silent failure modes that block hybrid devices from backing up their passwords.
PowerShell automation
Microsoft Graph and Exchange Online PowerShell automation for fleet-scale operations: bulk mailbox cleanup, fleet audits, policy reporting, and Entra device hygiene. Sanitised, version-controlled scripts that can be handed to internal teams.
Hybrid Entra environments
Diagnose and repair the messy edge cases of hybrid identity: Entra Connect sync issues, broken device registration, missing alternativeSecurityIds, dsregcmd remediation, and AD-to-Entra object reconciliation.