Lead macOS Intune MDM/MAM Engineer

Evolution Cloud Services (EVOCS)Quinte West, ON
$80 - $85

About The Position

EVOCS is a hyper-fast-growing company on a mission to empower businesses with advisory expertise and ideal technologies. We are seeking an experienced Lead macOS Intune Engineer to take ownership of Apple device management across our enterprise. This high-impact individual contributor role sits at the intersection of endpoint engineering, identity & access management, and security. You will collaborate closely with our Identity, Security, and IT Support teams to ensure all Mac devices, whether corporate-owned or BYOD, meet our security posture and provide a seamless user experience.

Requirements

  • 5+ years managing and securing macOS devices in an enterprise environment.
  • 3+ years hands-on with Microsoft Intune (Endpoint Manager) — deploying and managing macOS at scale.
  • Proven experience with Apple Business Manager (ABM) and Automated Device Enrollment (ADE).
  • Strong command of Intune configuration profiles, compliance policies, and app protection policies for macOS.
  • Deep knowledge of FileVault encryption management via Intune — policy creation, key escrow, and recovery.
  • Solid understanding of Apple’s Secure Enclave, SecureToken, and related macOS security primitives.
  • Experience configuring Microsoft Entra ID Platform SSO and SSO extensions on macOS.
  • Familiarity with Conditional Access policies that tie device compliance to identity access.
  • Proficiency in scripting — Bash/zsh, PowerShell, and/or Python — for automation and Microsoft Graph API integrations.
  • Understanding of identity protection mechanisms: smart lockout, risk-based sign-in, MFA.

Nice To Haves

  • Microsoft certifications: Modern Desktop Administrator Associate, Enterprise Administrator Expert, or Identity and Access Administrator.
  • Apple Certified Support Professional (ACSP) or equivalent credential.
  • Experience with Microsoft Defender for Endpoint on macOS.
  • Familiarity with Zero Trust frameworks and CIS Benchmarks for macOS.
  • Exposure to Azure AD Privileged Identity Management, Microsoft Sentinel, or Azure AD sign-in log analysis.
  • Experience managing iOS/iPadOS devices or cross-platform MDM environments.

Responsibilities

  • Architect, deploy, and manage the lifecycle of macOS devices using Microsoft Intune MDM.
  • Design and tune configuration profiles, compliance policies, and security rules for macOS devices.
  • Own the integration between Microsoft Intune and Apple Business Manager (ABM).
  • Configure Automated Device Enrollment (ADE) for zero-touch Mac provisioning.
  • Manage app deployment and updates (App Store, VPP, and enterprise apps) through Intune.
  • Enforce app protection policies to secure corporate data on managed and BYOD macOS devices.
  • Implement Microsoft Entra ID Platform SSO on macOS using the Enterprise SSO plug-in.
  • Enable Secure Enclave-based authentication (hardware-backed keys, Touch ID) for a Windows Hello-equivalent experience on Mac.
  • Ensure cloud accounts are properly linked to local Mac accounts.
  • Manage FileVault full-disk encryption via Intune, including key escrow and recovery workflows.
  • Leverage Apple’s T2 / Apple Silicon security features and deploy Microsoft Defender for Endpoint on macOS.
  • Configure endpoint protection and compliance policies (password, screen lock, threat response).
  • Design policies that apply MAM app protection and Conditional Access to personal Macs without intruding on personal data.
  • Define clear enrollment and access rules for non-corporate devices accessing company resources.
  • Monitor and mitigate identity-related risks on Mac endpoints.
  • Champion Zero Trust principles: least privilege, device compliance-gated access, and continuous verification.
  • Lead root-cause analysis for complex Intune enrollment, SSO, SecureToken/FileVault, and authentication failures.
  • Resolve misconfigurations quickly and provide durable fixes.
  • Develop and maintain runbooks, configuration guides, and incident response playbooks for macOS management.
  • Train and mentor IT support staff on Mac device support, Intune policy management, and security best practices.
  • Stay current with new Microsoft Endpoint Manager features and Apple platform updates and make recommendations.

Benefits

  • Consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service