About the Role

We are seeking a highly skilled and detail-oriented Senior Microsoft Intune Engineer to join our endpoint management and security team. In this role, you will be responsible for the architecture, deployment, configuration, and ongoing management of Microsoft Intune across a complex enterprise environment spanning Windows, macOS, iOS, and Android devices.

You will collaborate closely with security teams, helpdesk engineers, and business stakeholders to ensure all managed endpoints comply with organizational security policies, regulatory requirements, and Zero Trust principles. This is a hands-on, high-impact role for someone who thrives in a dynamic environment and has a deep passion for modern device management and cloud-native endpoint security.

Key Responsibilities

Intune Platform Architecture & Administration

Design, implement, and maintain the Microsoft Intune tenant configuration including organizational hierarchy, RBAC, and enrollment strategies

Architect device enrollment solutions (BYOD, corporate-owned, shared devices) across all supported platforms

Manage Autopilot profiles, deployment rings, and hybrid Azure AD join configurations

Configure and maintain Enrollment Status Pages (ESP), OOBE experiences, and provisioning packages

Administer Intune connector integrations with Configuration Manager (Co-management / CMC)

Policy & Configuration Management

Create and manage device compliance policies, configuration profiles, and administrative templates (ADMX) for all device platforms

Develop and enforce endpoint security policies including Defender for Endpoint integration, BitLocker management, and attack surface reduction rules

Manage App Protection Policies (MAM) for BYOD and corporate scenarios on iOS and Android

Build and maintain conditional access policies in Azure AD aligned with Zero Trust architecture

Implement and manage Windows Update for Business (WUfB), driver update policies, and Feature Update rings

Application Lifecycle Management

Package, publish, and maintain Win32 applications, LOB apps, Microsoft Store apps, and web apps via Intune

Build and manage PowerShell scripts, Proactive Remediations, and custom compliance policies

Oversee application supersedence, dependency chains, and assignment group targeting strategies

Coordinate with software vendors and internal stakeholders on app deployment timelines and packaging standards

Security & Compliance

Integrate Intune with Microsoft Defender for Endpoint for risk-based device compliance

Monitor and remediate security findings via Endpoint Security dashboards and Microsoft Secure Score

Ensure compliance with industry standards including CIS Benchmarks, NIST SP 800-124, and ISO 27001 endpoint controls

Conduct regular vulnerability assessments and audit non-compliant devices using Intune reports and Microsoft Defender Vulnerability Management

Implement certificate-based authentication (SCEP/PKCS) for Wi-Fi, VPN, and email profiles

Monitoring, Reporting & Automation

Build operational dashboards and automated reports using Intune Data Warehouse, Power BI, and Microsoft Graph API

Develop and maintain automation scripts using PowerShell and Microsoft Graph for bulk operations, reporting, and remediation workflows

Configure and manage Intune diagnostic settings with Log Analytics Workspace for advanced telemetry

Establish alerting mechanisms for enrollment failures, policy conflicts, compliance drift, and device health issues

Cross-Functional Collaboration & Support

Serve as the SME for Microsoft Intune and related technologies across the IT organization

Provide Level 3 escalation support for complex Intune and endpoint management issues

Collaborate with identity, networking, and security teams on integrated solutions

Document all configurations, processes, runbooks, and architecture decisions in the IT knowledge base

Mentor junior engineers and conduct knowledge-transfer sessions on Intune best practices

Experience

5+ years of experience managing enterprise endpoint environments

3+ years of hands-on Microsoft Intune administration in production enterprise environments

Proven experience managing 1,000+ devices across multiple platforms (Windows, macOS, iOS, Android)

Experience with hybrid Entra ID join, Autopilot, and co-management with MECM/SCCM

Demonstrated experience writing PowerShell scripts for automation and endpoint management tasks

Technical Skills

Technology / Skill

Level Required

Proficiency

Microsoft Intune (MEM)

Expert

Azure Active Directory / Entra ID

Expert

PowerShell Scripting

Advanced

Windows Autopilot

Advanced

MECM / SCCM

Intermediate

Microsoft Graph API

Intermediate

Conditional Access & Zero Trust

Expert

macOS / iOS / Android MDM

Advanced

Power BI / Log Analytics

Intermediate