Accomplishments

Led the full rollout of Microsoft Teams Phone for Sales, Recruiting and Staffing, and front-desk teams across U.S., offshore, and nearshore offices, modernizing inbound communication infrastructure:

• Replaced legacy telephony with Microsoft Teams Phone across 3 countries
• Configured auto attendants and call queues for routing and responsiveness
• Enabled centralized visibility into inbound communication volume and patterns
• Coordinated rollout across distributed teams with minimal operational disruption

Result: improved call routing efficiency, responsiveness, and leadership visibility into inbound communication while eliminating legacy telephony overhead and reducing per-seat communication costs.

Designed and deployed an end-to-end cloud printing architecture to eliminate manual print driver installs that had persisted as a hands-on dependency even after Intune streamlined the rest of device provisioning:

• Implemented Microsoft Universal Print as the company’s first cloud-managed printing platform
• Built secure hybrid connectivity using an Azure-hosted Windows Server VM running the Universal Print connector, linked to Ohio HQ via site-to-site IPsec VPN
• Registered and published the HQ printer through Universal Print with proper access controls
• Deployed the printer automatically to all Intune-managed laptops via Intune Printer Provisioning policies, eliminating manual driver installs entirely
• Authored full operational documentation for both IT administrators and end users

Result: printing is now fully integrated into the Intune device lifecycle. New and reprovisioned laptops receive the corporate printer automatically, with no onsite configuration or IT involvement required.

Enabled Microsoft Purview Message Encryption and Information Rights Management tenant-wide, giving Finance, HR, and the broader organization a controlled way to send sensitive communications:

• Diagnosed tenant-level failures preventing encryption workflows from running
• Repaired the Exchange Online IRM to Azure RMS binding so the licensor certificate, templates, and service endpoints loaded correctly
• Ran and validated IRM self-tests and end-to-end encryption workflows
• Coordinated with Microsoft Support to finalize activation after tenant remediation

Result: encrypted email and Do Not Forward protections are live for all users, giving Finance and HR a controlled, auditable way to protect sensitive communications from unauthorized sharing.

Deployed CodeTwo as the company-wide email signature automation platform, standardizing branding and centralizing signature management across every Outlook surface:

• Enabled consistent signatures across Outlook desktop, web, mobile, and external clients
• Configured Combo Mode for client-side previews plus server-side fallback (no duplicates, guaranteed delivery)
• Integrated with Entra ID so name, title, department, and contact data populate automatically
• Documented end-user and admin workflows to support long-term maintenance

Result: consistent, professional, centrally managed branding, with the ability to push org-wide signature, legal, or marketing updates instantly, at a fraction of the cost of traditional branding tools.

Designed and deployed Microsoft Intune as the company’s centralized endpoint management platform, bringing every Windows device under a scalable, policy-driven lifecycle:

• Built tenant configuration, enrollment, and automated provisioning to eliminate manual rebuilds
• Enforced security baselines: BitLocker, firewall, AV, LAPS, update compliance, location services
• Automated M365 app delivery, OneDrive auto sign-in with storage redirection, and Company Portal for approved software
• Authored enrollment and reprovisioning runbooks and trained IT staff on ongoing administration

Result: a scalable, repeatable device lifecycle with consistent security enforcement, corporate credential sign-in, and no reliance on third-party reinstalls.

Investigated a pattern of unexpected account disablements that didn’t match the modernized Conditional Access policies, and led the remediation end-to-end:

• Traced disablement events through Entra sign-in logs and tenant audit history
• Identified a legacy MSP-installed security tool as the source of the account manipulations
• Worked with the MSP to confirm the tool had been superseded during their transition to a newer ITDR platform
• Removed the integration and coordinated the full retirement of the legacy tooling

Result: a clean identity governance surface under Conditional Access, with only approved platforms managing account enforcement.

Replaced ad hoc remote access with a structured, secure architecture:

• Deployed Tailscale for zero-trust network access across distributed engineering and IT teams
• Established IPsec tunnels between Azure infrastructure and HQ to protect development systems
• Enabled compliant access for remote and offshore teams without exposing internal systems to the public internet

Result: internal systems are protected behind authenticated, encrypted access paths, with no more open firewall rules or VPN exceptions.

Automated department and all-company messaging on top of standardized Entra attributes, giving HR and leadership always-accurate distribution without any manual list upkeep:

• Built dynamic security groups driven by department and employment status
• Established department distribution lists that update automatically on hire, transfer, and departure
• Implemented an accurate all-company distribution group for org-wide communications
• Enabled HR and leadership to send and schedule announcements with no manual recipient work

Result: always-up-to-date distribution lists, zero manual list maintenance, and scalable communication as the organization grows.

Established an organization-wide self-service and documentation enablement program to reduce person-dependent IT support and scale operations without adding headcount:

• Launched a centralized internal knowledge hub for IT processes, onboarding guides, and operational procedures
• Documented critical repeatable workflows — device provisioning, Universal Print, Intune enrollment, automated signatures — to shift resolution away from ad-hoc support
• Trained additional administrators to ensure operational continuity and reduce single-point-of-failure risk
• Built on portable markdown so content stays migration-friendly and isn’t locked in proprietary tooling

Result: a scalable IT support model with faster onboarding execution, reduced ticket volume for routine requests, and a documented foundation that grows with the organization.

View full project →

Led a Microsoft 365 cleanup and governance initiative to consolidate collaboration workspaces and establish lifecycle standards across Teams and SharePoint:

• Audited and consolidated active departmental workspaces, retiring unused and duplicate sites
• Restricted Microsoft 365 Group creation via PowerShell to an approved admin security group
• Established baseline governance standards for group and site lifecycle
• Laid the groundwork for sustainable collaboration management going forward

Result: a clearer collaboration structure, tighter permission hygiene, and safeguards in place to prevent future sprawl.

Drove a company-wide initiative to standardize Entra ID user attributes (department, manager, hire date, employee type, etc.) across the tenant, building the identity foundation needed for downstream automation:

• Defined the attribute set required for automation, reporting, and governance
• Partnered with leadership on a structured data collection process using standardized templates
• Standardized attributes across nearly all active accounts, including external partner users operating in the tenant
• Established expectations for maintaining accurate identity data going forward

Result: a complete, automation-ready directory that directly enabled dynamic distribution lists, automated security groups, org charts (including exports for banking requirements), CodeTwo signature automation and more.

Established a standardized functional mailbox model for departmental email, moving shared workflows into properly governed Microsoft 365 shared mailboxes with delegated access:

• Migrated departmental access into properly managed shared mailboxes with delegated permissions instead of shared credentials
• Built out structured Finance inboxes for AP, AR, taxes, and expenses
• Stood up dedicated mailboxes for HR, Recruiting, Marketing, PMO, and general info routing
• Reduced license consumption on non-user accounts while improving auditability

Result: a secure, cost-effective, role-based approach to departmental email, with clear ownership, proper access governance, and clean offboarding.

Implemented strict tenant-wide controls over third-party application consent to close a long-standing governance gap that had allowed any employee to authorize external OAuth integrations without review:

• Disabled open user consent to prevent unauthorized third-party application connections to the tenant
• Restricted application approval authority to system administrators, ensuring all integrations are intentional and vetted
• Identified, blocked, and remediated high-risk AI applications posing significant data leakage exposure
• Audited the existing application inventory and began remediation of rogue integrations accumulated over years of unchecked consent

Result: significantly reduced exposure to unauthorized third-party access, with centralized oversight over OAuth permissions and a defensible posture around tenant-wide data protection going forward.

Deployed Bitwarden as the enterprise password management platform, building on prior successful experience introducing it at a previous employer, to give teams secure, governed credential storage beyond what SSO can cover:

• Rolled out to Advanced Analytics as the primary delivery team, with staged expansion across other departments
• Secured with Entra ID SSO so vault access follows the employee lifecycle
• Established administrative recovery controls to preserve continuity on non-SSO external systems
• Enabled stronger password hygiene and integrated MFA that reduces reliance on personal devices

Result: secure vault-based credential storage, cleaner offboarding for non-SSO apps, and a scalable foundation for broader rollout across Finance, HR, and the rest of the org.

Implemented organization-wide MFA enforcement and self-service recovery tools to address the absence of identity security guardrails and reduce reliance on limited IT staff for routine access issues:

• Enforced Multi-Factor Authentication across all user accounts to eliminate password-only access and reduce account takeover risk
• Established Conditional Access policies and baseline authentication controls aligned with modern security standards
• Converted shared licensed functional mailboxes (e.g., HR@, Finance@) to properly secured accounts, eliminating high-value soft targets
• Enabled Self-Service Password Reset so employees can securely recover credentials without IT intervention

Result: significantly stronger protection against phishing and credential-based attacks, with centralized identity security enforcement and reduced IT dependency for routine access recovery.

Drove a cross-departmental initiative to bring Strategic Systems shadow applications under centralized identity governance, replacing disconnected, manually-managed access with Entra-driven SSO, SCIM, and Just-in-Time (JIT) provisioning:

• Inventoried and assessed shadow applications in active use across multiple departments and divisions
• Integrated applications into Entra ID with SSO to tie access directly to the employee identity lifecycle
• Implemented SCIM provisioning where supported to automate account creation, attribute sync, and deprovisioning
• Enabled JIT provisioning for applications without SCIM support, ensuring access is granted on-demand and revoked automatically
• Standardized onboarding, offboarding, and role-change flows so access grants and revocations happen consistently across the full tool stack

Result: a centralized, Entra-governed access model across Strategic Systems tooling that eliminates orphaned accounts, reduces manual offboarding risk, and ensures employees have the right access at every stage of their lifecycle.

At Navitus Health Solutions, inherited a largely manual reporting environment and rebuilt it on a reliable, automated foundation:

• Designed and automated Informatica ETL pipelines that powered 90% of reporting and audit readiness
• Implemented PHI/PII encryption in collaboration with the security team to meet HIPAA, CMS, and financial compliance requirements
• Developed API-driven pipelines to load CMS exports directly into the enterprise warehouse
• Improved SQL and ETL workflow performance, reducing processing times and improving reliability

Result: audit teams went from manual data pulls to automated, compliance-ready reporting pipelines.