Azure Endpoint/Automation Engineer

Ford•Dearborn, MI

13d

About The Position

Route and operationalize Intune logs in Azure: configure Intune Diagnostic Settings to send audit/operational/compliance/device logs to Azure Monitor / Log Analytics, then author KQL queries, alerts, and workbooks for proactive monitoring. Build executive ready insights: create Power BI dashboards fed by the Intune Data Warehouse and/or Log Analytics queries to trend compliance, deployments, and device health. Run multi device queries at scale: use Intune Advanced Analytics - Device query for multiple devices (KQL) to answer fleet wide questions (e.g., drivers, firmware, crash patterns) and drive remediations. Measure update compliance: implement Windows Update for Business reports (Azure Monitor Logs) and craft KQL queries/Workbooks that track patch deployments, failures, and safeguards. Deploy and optimize Endpoint analytics: enable data collection, interpret startup/sign in scores, and turn insights into configuration changes that reduce help desk tickets. Automate with Microsoft Graph: build secure automations and data exports using Graph (PowerShell/REST) for device, app, and policy operations; manage app permissions and throttling considerations. Create and manage Microsoft Entra app registrations: design least privilege application permissions/secrets/certificates for Graph integrations; document consent flows and lifecycle. Design & develop Azure Workflows: Design, build, and maintain server-less integration workflows using Azure Logic Apps and Azure Function apps to automate business processes. Manage Azure substrate for analytics: create and govern Log Analytics workspaces, access control, data retention, and (where needed) data export. Secure access with Device Compliance: integrate Intune compliance with Conditional Access to enforce “require compliant device” for key apps while supporting exceptions and staged rollouts. Document and mentor: publish runbooks, standards, and KQL/Power BI templates; coach analysts and support engineers. Own outcomes end to end: define the signal, build the query, ship the dashboard, and land the fix. Partner closely with Security, Networking, and Collaboration teams on Conditional Access, device risk, and rollout strategies. Continuously improve: baseline with Endpoint analytics; A/B changes; measure and iterate. Established and active employee resource groups

Requirements

Bachelors Degree or equivalent
Hands on with Azure Monitor / Log Analytics, KQL, and Power BI.
Strong coding skills in languages relevant to Azure automation - C#, PowerShell, Graph API, KQL functions, and automation run books.
4-5 years experience.
Proven experience building Intune Data Warehouse and/or Log Analytics backed dashboards that drive decisions.
Comfort with Intune Advanced Analytics - Device query for multiple devices and writing efficient KQL.
Practical knowledge of Windows Update for Business reports and update compliance troubleshooting.
Ability to create and maintain Microsoft Entra app registrations (secrets/certs) and build automations with Microsoft Graph (PowerShell or REST).
3-4 years experience.
Solid understanding of RBAC for Log Analytics workspaces and least privilege access patterns.
Experience with Azure Integration Experience

Nice To Haves

Experience with Windows Autopilot end to end, Endpoint analytics tuning, and Azure Workbooks.
Certifications such as Endpoint Administrator Associate, Identity and Access Administrator, Azure Administrator Associate, Enterprise Data Analyst Associate.
Experience with Azure AI Foundry & Security Copilot to build models for analyzing trends from log analytics. 1-2 years experience.
Depth with Android Enterprise and iOS/iPadOS Automated Device Enrollment (ABM/ASM).