Job Description
Job Description L2 Endpoint Engineer (SCCM / Intune / MDM)
Role Overview
The L2 Endpoint Engineer is responsible for end-to-end management and support of endpoint management platforms, primarily Microsoft Endpoint Configuration Manager (SCCM) and Microsoft Intune (MEM).
This role covers device lifecycle management, patching, application packaging & deployment, policy enforcement, and troubleshooting. The engineer is expected to resolve complex endpoint issues, ensure compliance, and maintain platform health across enterprise environments.
Key Responsibilities
Endpoint Platform Support (SCCM & Intune)
- Administer and support:
- SCCM (ConfigMgr) infrastructure
- Microsoft Intune (MDM/MAM)
- Co-management (SCCM + Intune integration)
- Monitor platform health (site servers, distribution points, connectors, sync status)
- Troubleshoot client-side and server-side issues
Patch Management (Critical Responsibility)
- Plan, deploy, and monitor monthly patching cycles (Windows updates via SCCM/Intune)
- Ensure compliance with defined SLAs and patch baselines
- Troubleshoot patch failures and deployment issues
- Generate patch compliance and audit reports
- Coordinate with application and business teams for patch validation
Application Packaging & Deployment
- Package applications using:
- MSI / EXE / Intune Win32 formats
- Deploy applications via SCCM and Intune
- Handle:
- Application testing and validation
- Version upgrades and rollback strategies
- Troubleshoot deployment failures and detection logic issues
Device Management & Policy Enforcement
- Manage device configurations using:
- Group Policy (GPO)
- Intune configuration profiles
- Compliance policies and conditional access
- Enroll and manage devices (Windows, mobile devices if applicable)
- Ensure endpoint compliance with security standards
Incident & Problem Management
- Act as L2 resolver group for endpoint-related incidents
- Troubleshoot issues such as:
- Software deployment failures
- Patch compliance gaps
- Device enrollment issues
- Policy conflicts (GPO vs Intune)
- Identify recurring issues and support Problem Management
Automation & Optimization
- Use PowerShell for:
- Automation of deployment tasks
- Reporting and remediation scripts
- Improve deployment efficiency and reduce manual effort
- Optimize collections, deployments, and update rings
Collaboration & Escalation
- Work with L1 teams for ticket triage improvements
- Escalate complex issues to L3/OEM with proper logs and diagnostics
- Collaborate with security, network, and infrastructure teams
Compliance, Reporting & Documentation
- Generate reports for:
- Patch compliance
- Application deployment success
- Device health and compliance
- Maintain documentation, SOPs, and runbooks
- Ensure audit readiness (especially for patching & compliance)
Required Skills & Qualifications
Technical Skills (Core)
- Strong hands-on experience in:
- SCCM (ConfigMgr) application deployment, patching, collections, boundaries
- Microsoft Intune device enrollment, app deployment, compliance policies
- Good understanding of:
- Windows OS (Windows 10/11)
- Active Directory & Group Policy
- Azure AD / Entra ID basics
- Experience in:
- Co-management (SCCM + Intune)
- Windows Update for Business (WUfB)
Packaging & Scripting
- Application packaging experience:
- MSI / EXE / Intune Win32 apps
- Scripting knowledge:
- PowerShell (strongly preferred)
Process Knowledge
- ITIL processes:
- Incident, Problem, Change Management
- Experience in handling patch cycles and CAB approvals
Soft Skills
- Strong troubleshooting mindset (must go beyond checklist-based fixes)
- Clear communication with end-users and stakeholders
- Ability to work in structured environments with SLAs
Experience & Education
- 36 years of experience in endpoint management / EUC support
- Bachelor's degree in IT or related field
- Relevant certifications (good to have):
- Microsoft Endpoint Administrator (MD-102)
- Azure fundamentals (AZ-900)
Qualifications
Graduation
Range Of Year Experience-Min Year
3
Range Of Year Experience-Max Year
6
