Microsoft 365 L2 Support Engineer
CrimsonLogic
Job Description
JOB DESCRIPTION
Job Title
NOC – Microsoft 365 L2 Support Engineer
Job Purpose
The purpose of the role is to provide Level 2 technical support for Microsoft 365 and Azure cloud services within a global enterprise managed-services environment. The engineer resolves escalated incidents and service requests that exceed Level 1 capability, executes standard operating procedures for high-volume identity and mailbox administration tasks, and supports the 24×7 service desk by covering rotational night and weekend shifts from India as part of a 24x7 delivery model.
Key Accountabilities
The L2 Support Engineer is the primary technical responder for Microsoft 365 and Azure incidents and service requests escalated from Level 1 or raised directly by end users and business units. The role is responsible for resolving the full range of standard SOP-driven tasks — mailbox administration, MFA management, identity and group provisioning, and licence operations — as well as performing first-level technical troubleshooting for more complex Exchange Online, Entra ID, and Azure issues before escalating to SMEs. The role operates within agreed SLAs in a structured ServiceNow environment and is accountable for ticket quality, resolution accuracy, and shift-handover completeness.
Job Responsibilities & Duties
- Mailbox & Exchange Online Administration
- Create, configure, and manage shared mailboxes, user mailboxes, room/resource mailboxes, and distribution lists in Exchange Online Admin Centre.
- Grant and revoke mailbox delegation (Full Access, Send As, Send on Behalf); manage non-owner mailbox access per approved requests.
- Perform basic mail-flow troubleshooting using Message Trace; interpret delivery reports, NDRs, and quarantine notifications.
- Manage mail-enabled groups, dynamic distribution groups, and contact objects in Exchange Online.
- Identity, MFA & Access Management
- Perform MFA re-registration and reset for users locked out of the Microsoft Authenticator app or SSPR; manage MFA methods per approved procedures.
- Administer user lifecycle in Entra ID: account creation, attribute updates, licence assignment/removal, account enable/disable, and offboarding.
- Manage security group and Microsoft 365 group membership; execute client-specific group provisioning workflows per documented SOPs.
- Process guest/external identity access requests and removals per the approved guest-access policy.
- Incident & Service Request Handling
- Respond to and own all assigned ServiceNow issue and SR tickets within contractual SLA response windows
- Triage and prioritise inbound requests; validate caller identity and authorisation; apply correct priority based on user-impact assessment.
- Troubleshoot Microsoft 365 service issues across Exchange Online, Teams, SharePoint Online, OneDrive, and Entra ID; resolve or escalate with a complete diagnostic context.
- Write clear, accurate closure notes on every resolved ticket; maintain the standard required for closure.
- Escalation & Major Incident Support
- Escalate complex issues to L2.5 SMEs or L3 with a structured problem statement (symptoms, steps taken, user impact, reproduction steps) — no bare escalations.
- Assist on P1/P2 major-incident bridges during the night shift: execute SME-directed remediation steps, post stakeholder updates at the agreed cadence, and document actions taken.
- Escalate confirmed cybersecurity incidents immediately to the Lead and follow the designated SOC containment/remediation instructions precisely.
- Queue Health & Shift Handover
- Monitor queue ageing throughout the shift; proactively chase pending-customer tickets to prevent SLA breach.
- Produce a written shift-handover note before every logout: open P1/P2 items, tickets at risk of breaching SLA, pending changes, and anything the incoming shift must know.
- Knowledge, SOPs & Continuous Improvement
- Follow approved SOPs and runbooks; raise SOP amendment requests to the Shift Lead when a runbook is incomplete or has undocumented edge cases.
- Contribute to the knowledge base by documenting novel resolutions and client-specific workflows discovered during ticket handling.
- Identify repetitive manual steps (e.g. MFA resets, group provisioning patterns) as candidates for Power Automate or scripted automation; flag to the Shift Lead.
- Security Incident Remediation (SOP-based)
- Execute approved security remediation SOPs for common threat scenarios - compromised accounts, suspicious sign-in activity, phishing reports, and malware alerts — strictly following the steps defined in the runbook without deviation.
- Respond to compromised-account alerts: disable the account in Entra ID, revoke all active sessions and refresh tokens, reset credentials and MFA methods, and document every action taken with timestamps in the incident ticket.
- Process end-user phishing reports: submit the reported message to Microsoft Defender for Office 365 for analysis, release or purge quarantined messages per policy, block sender domains/addresses as directed, and notify the user of the outcome.
- Act on Defender for Office 365 alerts (safe-links detonation, anti-phishing policy hits, malware detections) by following the corresponding runbook step-by-step; escalate immediately to L2.5/SOC if the runbook does not cover the observed behaviour.
- Carry out Entra ID risky-user and risky-sign-in remediation as directed by the SOC or Shift Lead: confirm risk, dismiss false positives, or force password reset and re-registration per the approved procedure.
- Execute basic Microsoft Purview / Compliance Centre actions per SOP: place a mailbox on litigation hold, run a content search, or export results when instructed by the SOC or compliance team — no independent judgement on scope.
- Contain email-based threats by creating or modifying Exchange Online transport rules, blocked-sender lists, or anti-spam policies as specified in the remediation instruction; revert changes once the threat is cleared.
- Log all remediation actions in the security incident ticket with exact timestamps, commands/UI steps executed, and outcome; hand over open security incidents at shift end with a full action trail.
- Never exceed the approved remediation scope: if an instruction requires admin rights beyond the L2 GDAP (Granular Delegated Admin Privilege) role, pause and escalate rather than request elevation independently.
- Compliance & Security
- Operate strictly within the GDAP delegated-admin scope granted for L2; never perform actions outside the authorised role set.
- Adhere to client data-handling, acceptable-use, and confidentiality requirements for all tenant data accessed during support.
- Complete mandatory security and compliance training within deadlines set by the Service Delivery Manager.
- Support periodic compliance-review activities (as directed): extract admin login trails, access reports, and audit evidence for upload to designated SharePoint repositories.
Minimum Education / Qualifications
Diploma or Bachelor's degree in Information Technology, Computer Science, Engineering, or a related field; or equivalent hands-on experience.
Minimum Years of Experience
- At least 2 to 4 years of hands-on IT support experience in a Microsoft 365, cloud-support, or managed-service environment.
- Demonstrated experience handling a structured ticket queue (ServiceNow or equivalent) with defined SLA targets.
- Prior exposure to night-shift or rotational 24×7 support operations is an advantage.
Skills Required
- Microsoft 365 — core administration: Exchange Online Admin Centre, Entra ID (user/group/MFA/licence), Microsoft 365 Admin Centre, Exchange message trace, shared-mailbox and distribution-group management.
- Identity & access: Entra ID user lifecycle, MFA re-registration and reset (Authenticator app, SSPR), security group and M365 group membership, guest/external identity management, basic Conditional Access awareness.
- ITSM & ticket discipline: ServiceNow or equivalent — priority classification, SLA-clock awareness, escalation protocols, and closure-note standards.
- Troubleshooting: Mail-flow (NDR reading, message trace, basic EOP), Teams sign-in and meeting issues, OneDrive/SharePoint access, Entra ID sign-in logs, basic Azure portal navigation.
- Written communication: Professional, clear written English for client-facing ticket updates, closure notes, and shift-handover notes — tone and accuracy are CSAT drivers.
- Shift readiness: Able and willing to work a rotational schedule including night shifts (approx. 17:30–05:30 IST) and weekends as part of a 24×7 delivery model.
- Certifications:
- Microsoft 365 Administrator (MS-102) —desirable;
- ITIL 4 Foundation — desirable; internal training available.
- Microsoft 365 Fundamentals (MS-900) – good to have.
- Security remediation (SOP execution): Ability to follow security runbooks precisely and completely — compromised account containment (disable, revoke sessions, reset credentials/MFA in Entra ID), phishing report submission and quarantine management in Microsoft Defender for Office 365, risky-user/sign-in remediation, basic Exchange Online transport-rule and blocked-sender management, and Purview content-search execution. No prior security-specialist background required — discipline in following SOPs and accurate incident documentation are the critical skills.
- Security tool awareness: Familiarity with the Microsoft Defender portal (Defender for Office 365 alerts, quarantine, submissions), Entra ID Identity Protection (risky users / risky sign-ins), and Microsoft Purview Compliance portal at a basic operational level — sufficient to execute documented remediation steps under SOC or Shift Lead direction.
- Good to have:
- Basic PowerShell or Power Automate scripting for M365 tasks (licence exports, group reports).
- Exposure to Microsoft Intune / Endpoint Manager for device compliance queries.
- SharePoint Online or OneDrive administration.
Required Skills
Similar Jobs
View all →
ServiceNow Lead/Architect
RSCP
SharePoint Administrator
CGI
CrowdStrike Engineer
JUARA IT SOLUTIONS
Microsoft Power Platform Tech Support Specialist
Luxoft India
Infrastructure Engineer, VP
NatWest Group
Share
Quick Apply
Upload your resume to apply for this position