Desktop Administrator

About The Position

Requirements

• 3–5+ years in desktop/endpoint administration within medium/large enterprise environments.
• Hands-on administration of Microsoft Intune/Endpoint Manager and at least one enterprise RMM platform.
• Strong Windows 10/11 skills.
• Proficiency with PowerShell scripting for automation and remediation.
• Solid understanding of Entra ID/Azure AD (or modern IdP), Group Policy, device compliance, conditional access concepts.
• Familiarity with Defender for Endpoint (or equivalent EDR), BitLocker, and security baselines.
• Working knowledge of networking fundamentals (DNS/DHCP/VPN/Wi-Fi) and remote support tools.
• Excellent customer service mindset with clear written/verbal communication.
• CompTIA A+ (or equivalent technology certification)

Nice To Haves

• macOS/iOS/Android device management experience desirable.
• Exposure to healthcare compliance (e.g., HIPAA/PHI) preferred.
• Microsoft MD-102: Endpoint Administrator
• Microsoft SC-200 (Security Operations Analyst) and/or AZ-104 (Azure Administrator)

Responsibilities

• Works with other IT staff and provides guidance to the Service Desk and other IT staff on endpoint standards and procedures.
• Works collaboratively with the Networking and Systems Administrator roles.
• Administers Intune/Endpoint Manager, including tenant hygiene, device enrollment (Windows Autopilot), configuration profiles, compliance policies, conditional access coordination, BitLocker, and Defender for Endpoint baselines.
• Packages, deploys, and updates applications (MSI/MSIX/.intunewin), including line-of-business apps; manages WinGet repositories.
• Maintains device compliance posture, remediates drifts, and reports on policy adherence.
• Participates in administering the organization’s Remote Monitoring & Management (RMM) platform(s): agent health, policy configuration, alerting thresholds, script libraries, remote support sessions, patch automation, and asset inventory.
• Builds and maintains automation (PowerShell preferred) to standardize builds, reduce manual tasks, and improve reliability across endpoints.
• Drives endpoint OS and application patching schedules; coordinates change windows to minimize user impact.
• Enforces endpoint hardening standards (CIS/Microsoft baselines), secures local admin rights, manages device encryption, and collaborates on MDR/EDR integrations.
• Supports healthcare-grade privacy and security practices (e.g., HIPAA/PHI handling) and incident response playbooks in coordination with InfoSec.
• Serves as Tier 2/3 escalation for endpoint issues, VIP support, and remote assistance; ensures timely resolution and clear communication.
• Participates in Service Desk to refine ticket categories, SLAs, and knowledge articles; contributes to self-service content and training.
• Works collaboratively across departments (clinical, operations, HR, finance, air/ground operations) to understand workflows and deliver reliable user services.
• Supports identity and endpoint integrations (Entra ID/Azure AD, and/or Okta), MFA, and device compliance gates for M365 apps.
• Troubleshoots Microsoft 365 desktop apps (Teams, Outlook, OneDrive) and device sign-in issues; coordinates with network/telecom teams for connectivity dependencies.
• Maintains standard operating procedures, build images/runbooks, “golden” configuration baselines, and endpoint support playbooks.
• Tracks hardware/software assets, warranty/RMA, and license consumption; supports annual audits and true-ups.
• Analyzes endpoint telemetry and ticket trends to recommend optimizations; pilots new tools, features, and policies; assists with migrations (e.g., SCCM→Intune).
• Participates in after-hours maintenance windows and on-call rotations as required.

Benefits

• 501(c)(3) nonprofit ambulance service