Sign in

Senior Microsoft 365 Architect

Whippany, NJ
June 08, 2021

Contact this candidate


Benjamin Varela

Senior Microsoft *** Architect




Microsoft 365 and Azure cloud engineer with 23 years of experience on the IT Industry.

Extensive experience on cloud transformations and migrations

Expertise with Azure cloud services

Expert on email migrations and file migrations to cloud services

Experience on planning, deploying, and managing Exchange servers.

Experience on planning, deploying, and managing Skype for Business servers and Teams migration.

Well versed on deploying and managing Microsoft 365 and Azure tenants

Hands On experience deploying High Availability, High Redundancy and Disaster Recovery on Exchange Servers

Led multiple projects on planning, deploying, and managing Windows Servers from 2000 to Windows Server 2019.

Knowledge on security best practices.

Experience managing Windows client operating systems.

Skilled on PowerShell and command line tools.

Knowledge on Microsoft Hyper-V and server virtualization.

Expertise on deployment and maintenance of AD DS, AD FS and AD CS on multi-forest environments

Knowledge on BitLocker, MS ATP, Microsoft CAS and Windows Defender

Experience on Azure AD configuration and security

Experience deploying Microsoft Intune, Conditional Access and Compliance policies

Deploying and managing MobileIron, creating policies, enrolling users and troubleshooting

Experience on M&A operations for AD and email migrations

Performed data migration and file migrations from On Premises file systems to SharePoint and OneDrive.

Bachelor of Science in Data Processing – Major in Computer Science

Visayan Data Computer

College - Philippines


Microsoft 365 Fundamentals

Azure Fundamentals

MCP – Systems Engineer


Novell Certified Netware Engineer



Technical Skills

Microsoft 365 / Office 365

Azure Cloud Services

Azure Networking, Storage and Computing

Windows Servers (2000, 2003, 2008, 2012, 2012 R2, 2016, 2019)

Active Directory and ADMT for directory migrations

Microsoft Endpoint Configuration Manager, System Center Configuration Manager

Microsoft Intune, MDM and MAM

Windows Autopilot

PowerShell scripting and advance management tasks

Exchange Server (2000, 2003, 2007, 2010, 2013, 2016, 2019)

Exchange Online

Exchange Hybrid

SharePoint Online

Office Communicator Server

Lync Server 2007, 2010

Skype for Business Server 2015, 2019

Skype for Business Online

Microsoft Teams

Microsoft Teams Phone Systems, A/V Conferences and Live Events

Windows OS (95, 98, 2000, XP, Vista, 7, 8, Windows 10 Pro, Windows 10 Enterprise)

Email Security (EOP, IronPort, ProofPoint and Mimecast)

Email security frameworks (SPF, DKIM and DMARC)

MS 365 Security and Compliance (Data Loss Prevention, Retention, Data Governance, Data Classification, eDiscovery)

Mobile Device Management and Mobile Application Management

Microsoft Intune

Compliance policies and Client App policies

Virtualization Technologies (Hyper-V, VMWare)

Azure Information Protection and Data Classification

Azure AD Identity Protection

Privileged Identity Management, Microsoft Identity Management

Conditional Access Policies and Multi Factor Authentication

Azure AD Connect (Password Hash Synchronization and Pass-Through Authentication)

Active Directory Federation Services (AD FS)

ADFS Single Sign-On, Azure AD Seamless Single Sign-On and OKTA

OAuth 2.0, OpenID Connect and SAML

Azure AD, B2B and B2C

Enterprise Apps and App Registration

Bitlocker drive encryption

Microsoft Cloud App Security

Azure Advance Threat Protection and Microsoft 365 Advance Threat Protection

Power Platform (Power Apps, Power Automate and Power BI)

Microsoft Dataverse


BitTitan Migrationwiz

Canvas App and Model-driven App

Power Apps Portals

Power Virtual Agents

Change Management and Ticketing Systems (Remedy, ServiceNow, CA Service Desk)

Hardware: PCs, Laptops, Telephony Systems, Printers, Routers, Modems, Mobile devices

Networking: LAN & VPN/Remote Connectivity, TCP/IP • Platforms: Windows, NetWare Servers, Citrix


Jan 2019 - Current

Microsoft 365 Architect Consultant - MetLife - Whippany, NJ

Scope of the Project: Design, test and deploy Microsoft 365 and Azure AD policies to meet security and compliance regulations. Improve the process for license assignments, on boarding and off boarding of users and governance of Microsoft 365 Groups, Shared Mailboxes and Distribution Groups.

Created a PowerShell script to audit ShareMailboxes and Distribution Groups membership

Planned, tested and deployed MS 365 Group-Based licensing, and troubleshoot license assignment issues.

Created multiple Conditional Access policies to enforce MFA, App Protection policies and block untrusted locations.

Deployed Azure MFA and deployed Microsoft Authenticator App on mobile devices.

Created End-user training material for MFA use.

Deployed Azure AD Identity Protection policies, User Risks policies and Sign-in Risk policies, and enforced the policies using Conditional Access.

Performed monthly Assignment Reviews for privileged accounts, using Privilege Identity Management

Enabled Just in Time access for administrative roles using Privilege Identity Management

Applied Retention policies to Exchange Online, SharePoint sites, Teams and OneDrive

Performed eDiscovery searches for legal investigations and exported results.

Created MS Intune policies for corporate mobile devices and BYOD.

Enrolled Android, iOS and Windows 10 devices on Intune

Used Azure Hybrid Joined device management for Intune Automatic enrollment

Created device compliance policies for Intune enrolled devices.

Created Security Baseline profiles and Antivirus profiles for Endpoint Management.

Deployed Azure AD Connect for Pass-Through Authentication, enabled Seamless SSO.

Created GPOs for OneDrive to enforce Document and Desktop synchronization, and Outlook GPO to enforce Exchange Cache.

Deployed Data Loss Prevention policies to meet compliance requirements for Financial Information and HIPPA

Created and deployed sensitivity classification labels using Azure Information Protection

Maintained Email Security Gateway policies on ProofPoint, adding and removing senders from Trusted list, as well as managing the quarantine.

Jun 2017 – Dec 2018

Office 365 Engineer – Carolina's Healthcare System - Charlotte, NC

Scope of the Project: Email migration from Exchange 2013/Exchange 2016 to Exchange Online

Planned and deployed Exchange 2016 in a DAG environment

Managed Exchange environment 2016 and 2013 in coexistence and migrate 50% of mailboxes to Exchange 2016.

Created the Office 365 and Azure tenant and added custom domains.

Installed Exchange Hybrid Configuration Wizard on Exchange servers and configured the Hybrid Environment.

Planned the deployment for Directory Synchronization, cleaning Active Directory using IDFix

Used PowerShell to perform environment discovery and obtain mailbox statistics and delegation information.

Planned the migration process, creating daily batches and using PowerShell to perform the migrations.

Tested pilot migration and troubleshoot post migration issues.

Migrated Transport rules and Retention policies from Exchange 2016 to Exchange Online

Created PowerShell script for Office 365 E3 license assignment.

Assessment – Responsible for Discovery & Analysis, Planning, and Detailed Design (Exchange Hybrid, Azure AD Connect).

Worked with Help Desk for remediation and provided L3 escalation for hyper support.

Deployed of 2 Windows Server 2012 R2 for HCW and AADC.

Created DLP policies for sensitive information shared inside and outside of the organization.

Created malware filtering policies.

Created SPAM Filtering policies

Created IP and Domain Filtering Policies

Created Mail Flow Rules to Route Mail

Created MDM Policies for mobiles devices with ActiveSync.

Jan 2016 – May 2017

Office 365 Migration Engineer – WEC Energy - Milwaukee, WI

Scope of the Project: I managed the implementation of Office 365 with Exchange 2013 on premises coexistence.

Readied on premise deployment for hybrid by analyzing the state of AD, Exchange, and the corporate network.

Began the planning of the hybrid implementation of Exchange 2013 and Office 365 to create federation of services and coexistence.

Planned the migration of the user databases.

Architected a new messaging environment to include a dual DAG for high availability and failover scenarios.

Architected and led implementation of an archival system using Symantec Enterprise Vault to digest local PST’s and allow for eDiscovery and DLP protection.

Recovered PST files for multiple user archive mailboxes.

Created daily automated reports using System Center Orchestrator (SCORCH) to monitor the behavior for 12 Exchange mailbox servers and over 100 mailbox databases.

Defined and documented a process to enable direct mailbox provisioning in Office 365 with MS FIM, for future use in case mail system is fully migrated to cloud.

Developed a solution for dynamic distribution group lists on Office 365.

Identified bandwidth needs and worked with network team to establish proper communication circuits.

Scale-out existing infrastructure for hybrid and AD FS and provided inputs for Azure ExpressRoute bandwidth requirements.

Provided detailed planning for all phases including end-user communications and migration schedules\tool configurations.

Secured Exchange by implementing online protection in Exchange online for Spam filtering, Antivirus and threat management.

Troubleshot federation services between on premise and Office 365 cloud.

Implemented rich coexistence by enabling calendar sharing between tenant and on premises.

Implemented DR failover procedures using PowerShell scripting.

Utilized PowerShell and other scripting skills to automate messaging processes and reporting.

Created batches using PowerShell scripting for mailbox database moves to Office 365.

Nested 1,500+ Distribution and Security Groups within members using PowerShell.

Migrated over 500 Active Directory accounts between Domains using ADMT.

Tested on premise connections to cloud services with the help of security and networking teams to ensure proper routing, authentication, communication.

Responsible for testing and validation of various custom codes and templates for compatibility with the Office 365 and Office 2016 Pro Plus deployments.

Configured ADFS/ADFS Proxy servers on premise for Single Sign On services for users.

Jun 2013 – Dec 2015

Unified Communication Engineer – Vivint Smart Home, Inc. – Provo, UT

Scope of the Project: Provided Unified communication solution integrating Exchange and Lync servers, managing users and providing high availability and disaster recovery.

Implemented and administered Exchange 2013 on premises: single forest, 24 servers, with over 1500 user mailboxes.

Deployed Lync front-end servers in a pool configuration for hosted services and Edge servers for external communications, allowing unified communications services both internally and for remote users.

Managed and supported Lync 2010 & Lync 2013 Unified Communications Enterprise environment consisting of sixteen servers, a load balancer, and several media gateways, providing voice and video over IP, instant messaging, presence, web conferencing, video integration and Unified Messaging for users across six global locations.

Implemented and tested new MS Exchange 2013 Server along with Archiving systems,

Verified network and server configurations, tested virtual implementation, and readied servers for application deployment.

Implemented DAG for Exchange 2013 and add additional server node.

Performance tuned and optimized Exchange 2013 Server for maximum performance and continued operation.

Managed servers using PowerShell scripting, and Active Directory tools.

Implemented the following roles in a Microsoft Exchange environment: Edge Transport, Mailbox, CAS Array, Hub Transport and Unified Messenger.

Active Directory support through site build outs, group policy implementation and design support.

Reported on AD sync issues, errors, and conducted manual syncs as required.

User administration via Active Directory Users and Computers, ADSIEdit. •

Utilized Active Directory to administer users, computers, sites and services.

Performed active directory backups and restore and carried out installation of new Windows 2012 servers.

Troubleshot failed mailbox migrations, monitored migration statistics, reported to management on progression, and adjusted plans as deemed necessary.

Created workflow processes and automation infrastructure.

Mobile Device Management experience with iPhone, Android, and Blackberry devices.

Performed daily monitoring of Exchange software through native tools and SCOM.

Managed Exchange messaging system created legacy namespace, and assisted users with connectivity issues.

Managed Microsoft Exchange 2013 enterprise environment over 5 Active Directory networks in a VMware 5.0 virtual environment.

Responsible for document control, including build docs, server diagrams, architecture, user issues and change requests.

Performed daily monitoring of Exchange software through native tools and SCOM.

Administrated Blackberry Server, Good for Enterprise, McAfee Spam Servers.

Implemented group policies and various strategies to improve existing systems.

Ran reporting on users licensing, policy enforcement, and account statuses.

Jan 2011 – Jun 2013

Senior Exchange Engineer – The Kroger Company - Cincinnati, OH

Scope of the Project: Exchange and Active Directory administration, daily maintenance tasks, backups and health checks.

Maintained clustering configuration for Exchange 2010 server high availability through the clustering manager to monitor and maintain services and configuration.

Troubleshot issues with mail blockage, spam, and slow performance, providing both on site and remote diagnosis and resolution.

Handled requests related to mail quotas, delegation, rights management and individual mail restores.

User management, creating and modifying accounts, file systems, network rights and access to file systems and directories.

Assisted in building and managing lab environments with complex settings, configurations, topologies and equipment including servers and various network elements.

Proactively monitor systems health by physically inspecting environment and utilizing provided tools such as SCOM.

Lead effort to verify and decommission Exchange 2007 servers and provided status reports.

Acted as point of contact and communicated with end users on mailbox moves and changes to functionality.

Assisted with management of the operational support and system account lifecycle applicable to all non-human Ids.

Administer multiple disjoint Active Directory Forests, Domains, DHCP, DNS and various other Infrastructure services.

Trust relationships setup, dcpromo and decommission of Active Directory.

Updates, patching and software installations via group policies (GPO).

Created distribution groups, shared mailboxes, and room mailboxes for company use.

Troubleshot external and internal connection to Exchange server mailboxes and resources.

Responsible to applying patches and updates to Exchange servers and testing after application.

Utilized PowerShell and other scripting skills to automate messaging processes and reporting.

Utilized PowerShell and replication and systems monitoring tools.

Active Directory support through site build outs, group policy implementation and design support.

Active Directory migration between different domains and forest using ADMT tool.

Reported on AD sync issues, errors, and conducted manual syncs.

Managed the desktop environment using Group Policies in a Microsoft Windows Active Directory Environment. (Windows Server 2008/2012)

Managing user accounts within Active Directory, modifying permissions for access to pertinent network.

User administration via Active Directory Users and Computers, ADSIEdit.

Performed active directory backups and restore and carried out installation of new Windows 2012 servers.

Managed Active Directory users and computers and Exchange Server.

Worked with Active Directory (domain, User accounts, groups).

Oct 2007 – Dec 2010

Exchange and AD Engineer – PNC Financial Services - Pittsburgh, PA

Performed the documentation and implementation of migrating users from Exchange 2003 to Exchange 2007

Executed the transition of legacy Microsoft Exchange 2003 servers to Exchange 2007 ending with the final decommissioning of the legacy servers.

Assisted in building a complex architecture which included several Edge Transport servers on the perimeter network to provide added security to Hub Transport/Mailbox role servers.

Administered and supported Blackberry Enterprise Server 4.1 to provide Tier 3 support for Blackberry users.

Built test lab environments, creating virtual machines using Microsoft Hyper-V.

Documented current Active Directory/Exchange infrastructure and organizational policies.

Managed DNS, DHCP, AD, FTP, IIS, DFS and Print Servers.

Implemented and managed VMware ESX 4 servers.

Monitored Microsoft Exchange events in SCOM 2007 and any migration-related issues.

Provided troubleshooting support for client issues with Outlook and BlackBerry devices

PowerShell scripting employed to automate repetitive administrative tasks.

Design new applications to be used on manufacturing floor.

Lead a group of programmers on the construction of innovative programs for different departments on the company and then install them successfully on the organization on .NET.

Oracle databases management PL/SQL.

SQL server 2005 databases management.

Responsible for SharePoint software.

Responsible for the equipment on floor like PDA, wireless access points and network.

Microsoft Windows Server administration using Virtual Desktop.

Use the Citrix to access various programs in the network.

Sep 2001 – Sep 2007

Senior System Engineer - Credit Suisse – New York, NY

Work on the Disaster Recovery (DR) Plan / BCP for the company’s offsite Helpdesk.

Primary Technical Support on the DR sites in New Jersey.

East coast branches’ remote support for desktop and networking systems. Handle sites in Jersey City-NJ, Raleigh-NC, Atlanta-GA, and Baltimore-MD, among others.

Provide periodic Power down planning and support on branch sites such as Jersey City, Atlanta, Baltimore, and Princeton.

1st & 2nd level desktop support analyst for FA&O users by performing all functions pertaining to problem escalation and user administration support for the Helpdesk using remote tools such as SMS, Remedy, and Altiris desktop support applications.

Provide lead support on IT area renovation in Princeton site for both preparation and actual move of about 150 users from one floor to another.

Handle Operations floor support and performs installs, moves, adds, & changes (IMAC) activities.

Provides off-hours support and on-site visits for the East coast branches,

Prepares periodic and ad-hoc reports requested by manager providing status reports, ticket resolution summary and team updates.

Jan 1998 – Aug 2001

Senior Infrastructure and Network Consultant - Moody’s Investors Service – New York, NY

Managed Moody’s Global Messaging environment by administering all MS Exchange servers with mailbox, X400 connectors to international sites, Internet Mail and Site/Replication connectors.

Performed version & site upgrades and the deployment of MS Exchange servers.

Performed mailbox recovery situations.

Provide third-level resolutions for support on Exchange and Outlook clients, and Internet mail issues.

Contact this candidate