Nick Castelluzzi

Cloud identity & security • Microsoft 365 • Endpoint & email security

I work for a Managed Service Provider helping organizations secure identity, email, and endpoints with practical, scalable controls and consistent deployment standards.

Email: nick@castelluzzi.com LinkedIn

Open to connecting with peers and teams working on cloud security, identity, and modern endpoint management.

Experience Highlights

Identity & Access Management

Administer Microsoft Entra ID and Microsoft 365 environments across multiple client tenants, supporting secure access, MFA, RBAC, SSO integrations, and identity-related troubleshooting.

Privileged Access & Zero Trust

Designed and implemented a secure delegated administration framework using Microsoft GDAP, Microsoft Lighthouse, Entra ID security groups, and Privileged Identity Management to enforce least-privilege access and reduce shared administrative account usage.

Microsoft 365 Tenant Migrations

Supported tenant-to-tenant migration projects involving identity planning, DNS cutovers, authentication validation, and continuity of access for users and services.

Endpoint Security & Compliance

Lead Microsoft Intune deployments focused on device hardening, compliance enforcement, Conditional Access integration, and secure endpoint management.

Projects

Secure Multi-Tenant Administration Framework

Designed and implemented a delegated administration model utilizing GDAP, Microsoft Lighthouse, Entra ID security groups, and Privileged Identity Management (PIM) to strengthen privileged access controls across multiple Microsoft 365 tenants.

  • Replaced legacy delegated administration approaches with GDAP.
  • Implemented role-based access using Entra ID security groups.
  • Configured PIM eligible access workflows supporting Zero Trust principles.
  • Enabled phishing-resistant MFA protections for privileged accounts.
  • Created repeatable processes and documentation for ongoing operations.

Technologies: Entra ID, GDAP, Lighthouse, PIM, RBAC, MFA

Automated Endpoint Deployment Platform

Designed and implemented a Windows Deployment Services (WDS) environment supporting PXE boot imaging and client-specific MDT task sequences to automate workstation provisioning across multiple customer environments.

  • Built centralized PXE deployment infrastructure.
  • Developed client-specific deployment workflows.
  • Automated operating system and application deployment.
  • Reduced technician setup time and improved consistency.

Technologies: WDS, MDT, PXE Boot, Windows Imaging

Zero Trust Endpoint Management Framework

Designed and implemented a Microsoft Intune and Entra ID security framework to support secure access from both managed and personally owned devices.

  • Configured MAM-WE App Protection Policies for BYOD scenarios.
  • Implemented Conditional Access policies requiring compliant devices for resource access.
  • Developed Intune security baselines for Windows, Edge, and Microsoft 365 applications.
  • Enforced BitLocker encryption and device compliance standards.
  • Configured Windows Autopilot for modern endpoint provisioning.
  • Managed application deployments and legal disclaimer policies.

Technologies: Microsoft Intune, Entra ID, Conditional Access, MAM-WE, Autopilot, BitLocker

Certifications

  • Microsoft Certified: Identity and Access Administrator Associate (SC-300)
  • Microsoft Certified: Azure Administrator Associate (AZ-104)
  • Microsoft Certified: Endpoint Administrator Associate (MD-102)
  • Cisco Certified Network Associate (CCNA)
  • CompTIA Security+
  • Microsoft Certified: Microsoft 365 Fundamentals (MS-900)

    • Current Focus

    I am currently specializing in identity security, Zero Trust architecture, Microsoft Entra ID, Conditional Access, privileged access management, and governance-focused security practices. Long term, I am interested in bridging hands-on security engineering with governance, risk, and compliance initiatives.