Full-time Pay Range: $95,700.00/Yr. - $140,239.00/Yr. Shift Days: , Shift Time: Benefits on Day 1 Health/Rx Dental Vision Flexible and health spending accounts (FSA/HSA) Supplemental life insurance 401(k) Paid time off Paid sick time Short term & long term disability coverage (STD/LTD) Employee stock ownership (ESOP) Holiday pay for company designated holidays Overview Primary Responsibilities KeHE is seeking a highly skilled Microsoft 365 Engineer to lead the design, administration, security, and continuous improvement of our Microsoft 365 environment. In this role, you will help drive secure collaboration, modern identity management, platform governance, and AI-powered productivity across SharePoint Online, Microsoft Teams, Entra ID, and Microsoft Copilot. The ideal candidate is a forward-thinking technology professional with deep Microsoft 365 expertise, strong solution design and governance experience, and a security-first mindset. Hands-on experience implementing and managing emerging technologies, including Copilot and its agents, is strongly preferred. As with all positions at KeHE Distributors, we expect that all actions will be consistent with KeHE’s Mission, Vision, and Values. Essential Functions DUTIES, TASKS AND RESPONSIBILITIES: Microsoft 365 Administration Administer the Microsoft 365 tenant including configuration, licensing, subscriptions, service health, and RBAC. Automate tenant operations using PowerShell, Microsoft Graph, and administrative APIs. Enforce tenant-wide policies for security, compliance, governance, external sharing, and lifecycle management. Evaluate and validate roadmap and preview features before production rollout; conduct tenant health assessments and drive continuous improvements to performance, security, and adoption. Identity & Access Management Administer Microsoft Entra ID including Conditional Access, MFA, passwordless authentication, SSO, PIM, B2B/B2C Integrations and identity governance. Manage hybrid identity with Active Directory and Entra Connect. Implement and support Zero Trust controls across Microsoft 365. Monitor identity security posture, remediate risks using Microsoft Defender for Identity, and support identity, access, and governance compliance initiatives. Configure and maintain sensitivity labels, retention policies, and information protection policies in Microsoft Purview. SharePoint & Collaboration Design, deploy, and maintain SharePoint Online architecture and governance standards. Configure and manage SharePoint Online, OneDrive, and Teams integrations to support intranet, document management, and collaboration solutions. Execute and support content migrations and information architecture improvements. Implement site lifecycle management, provisioning standards, external sharing controls, and governance policies. Microsoft Copilot & AI Enablement: Deploy and configure Microsoft Copilot for Microsoft 365 including readiness assessments, phased rollout, and adoption programs. Implement and support Copilot Studio agent lifecycle from proof-of-concept through production, enforcing least-privilege access and change management procedures. Assist in developing governance standards and data classification requirements for Copilot and its agents in partnership with Security and the AI committee. Partner with business stakeholders to identify AI-driven productivity opportunities and translate them into governed solutions. Monitor Copilot adoption, effectiveness, and security impacts; report outcomes to IT leadership. Security Maintain secure configurations across all M365 platforms aligned with NIST and CIS frameworks; drive Secure Score improvements, Compliance Manager remediations, and tenant hardening initiatives. Support security audits, regulatory requirements, and policy compliance across the M365 environment. Support and Operations: Provide Level 2/3 support, troubleshooting, and root cause analysis for Microsoft 365 services. Create and update documentation, architecture diagrams, FAQs, and knowledge base articles. Support auditing, reporting, and operational monitoring across Microsoft 365; participate in after-hours or on-call support as needed. Technology Evaluation and Collaboration: Evaluate emerging Microsoft 365 capabilities, conduct proof-of-concepts, and track the Microsoft 365 roadmap; communicate the impact of upcoming changes and provide recommendations to IT leadership. Serve as a subject matter expert for M365 platforms, promoting best practices and contributing to architectural discussions. SKILLS, KNOWLEDGE AND ABILITIES: Deep knowledge of Microsoft 365 tenant management, governance, security, licensing, and compliance in complex or hybrid enterprise environments. Proficiency with PowerShell scripting and automation. Strong knowledge of Zero Trust architecture and Microsoft security best practices. Strong project management and organizational skills; able to manage timelines, resources, risk, and stakeholder communication on assigned projects. Excellent communication skills with the ability to translate technical concepts into business-friendly language. Strong analytical thinking and problem-solving with a proactive, continuous improvement mindset. Collaborative and customer-focused mindset with the ability to influence and inspire peers. Minimum Requirements, Qualifications, Additional Skills, Aptitude EDUCATION AND EXPERIENCE: Bachelor’s degree in Computer Science, Information Technology, or equivalent experience 5+ years of hands-on Microsoft 365 administration experience in an enterprise environment. Microsoft certifications preferred: MS-102 (M365 Administrator Expert), MS-721 (Collaboration Communications), or SC-400 (Information Protection). PHYSICAL REQUIREMENTS: These physical demands are representative of the physical requirements necessary for an employee to successfully perform the essential functions of the job. Requisition ID2026-29390