IAM Consultant _ Remote (Passwordless & WHfB)
Datum Technologies Group, Alpharetta, Georgia, United States, 30239
The IAM Engineer–
Passwordless & WHfB
will lead the design and implementation of modern authentication solutions across the enterprise. This role focuses on assessing the current identity landscape, architecting Windows Hello for Business and passwordless strategies, integrating with Microsoft Entra ID and Intune, and guiding large‑scale rollout and operational readiness. The architect will ensure security, compliance, and user experience are optimized while providing clear documentation, technical leadership, and cross‑team enablement. Assess current identity and authentication posture (password policies, MFA, PKI, hybrid join, device management). Recommend the appropriate Windows Hello for Business (WHfB) trust model (Cloud Kerberos, Hybrid Key, Hybrid Certificate) and define migration paths. Design integrations with Microsoft Entra ID, Active Directory, Intune, Conditional Access, Identity Protection, and Defender for Endpoint. Define device provisioning and compliance requirements (Autopilot, VDI, TPM, HSTI) and establish backup/recovery strategies. Implementation & Rollout
Configure WHfB policies (Intune/GPO), Authentication Methods, and Conditional Access for passwordless authentication. Implement or integrate PKI components, certificate templates, CRLs/AIA, and support smart card migration/ADFS deprecation where needed. Run pilots, evaluate results, and manage phased rollouts across regions and device types. Validate SSO/Kerberos flows to on‑prem resources and establish monitoring via Entra logs, Intune reporting, and Log Analytics. Troubleshooting & Operations
Build runbooks, break‑glass steps, and tiered support workflows. Diagnose WHfB issues (TPM/attestation, PIN reset, dsregcmd, trust model anomalies). Optimize user experience, authentication performance, and fallback MFA posture. Security & Compliance
Align solutions with NIST 800‑63/800‑53, ISO 27001, and phishing‑resistant authentication best practices. Ensure IAM policies meet governance, audit, and risk‑mitigation requirements. Documentation & Enablement
Produce HLD/LLD documentation, migration plans, test/UAT guides, and support FAQs. Deliver training and communication materials for admins, helpdesk teams, and end users.
#J-18808-Ljbffr
Passwordless & WHfB
will lead the design and implementation of modern authentication solutions across the enterprise. This role focuses on assessing the current identity landscape, architecting Windows Hello for Business and passwordless strategies, integrating with Microsoft Entra ID and Intune, and guiding large‑scale rollout and operational readiness. The architect will ensure security, compliance, and user experience are optimized while providing clear documentation, technical leadership, and cross‑team enablement. Assess current identity and authentication posture (password policies, MFA, PKI, hybrid join, device management). Recommend the appropriate Windows Hello for Business (WHfB) trust model (Cloud Kerberos, Hybrid Key, Hybrid Certificate) and define migration paths. Design integrations with Microsoft Entra ID, Active Directory, Intune, Conditional Access, Identity Protection, and Defender for Endpoint. Define device provisioning and compliance requirements (Autopilot, VDI, TPM, HSTI) and establish backup/recovery strategies. Implementation & Rollout
Configure WHfB policies (Intune/GPO), Authentication Methods, and Conditional Access for passwordless authentication. Implement or integrate PKI components, certificate templates, CRLs/AIA, and support smart card migration/ADFS deprecation where needed. Run pilots, evaluate results, and manage phased rollouts across regions and device types. Validate SSO/Kerberos flows to on‑prem resources and establish monitoring via Entra logs, Intune reporting, and Log Analytics. Troubleshooting & Operations
Build runbooks, break‑glass steps, and tiered support workflows. Diagnose WHfB issues (TPM/attestation, PIN reset, dsregcmd, trust model anomalies). Optimize user experience, authentication performance, and fallback MFA posture. Security & Compliance
Align solutions with NIST 800‑63/800‑53, ISO 27001, and phishing‑resistant authentication best practices. Ensure IAM policies meet governance, audit, and risk‑mitigation requirements. Documentation & Enablement
Produce HLD/LLD documentation, migration plans, test/UAT guides, and support FAQs. Deliver training and communication materials for admins, helpdesk teams, and end users.
#J-18808-Ljbffr