Sr Intune/Entra Engineer

About The Position

Requirements

• Endpoint management/Windows client engineering, including hands‑on experience with Microsoft Intune/Endpoint Manager and MECM/ConfigMgr.
• Strong understanding of Active Directory, Entra ID (Azure AD), hybrid join, and Group Policy design and troubleshooting.
• Demonstrated experience implementing or migrating to Intune (co‑management, workload shifts, Autopilot, policy baselines).
• Experience with Windows Hello for Business, conditional access, and modern authentication concepts.
• Good knowledge of Microsoft 365 E5 security stack (Defender, compliance, device configuration).
• Solid PowerShell skills for automation, reporting, and remediation.
• Experience operating in resource‑constrained environments where you must prioritize and phase work carefully.
• Strong communication skills to work directly with stakeholders, explain trade‑offs, and drive change.

Nice To Haves

• Experience managing or securing Windows servers with Intune or related tooling in hybrid scenarios.
• Exposure to zero‑trust architectures and endpoint‑related security frameworks.
• Experience with MacOS/iOS/Android MDM is a plus.

Responsibilities

• Design and implement a phased migration from MECM to Microsoft Intune, including co‑management, workload shifting, and eventual decommissioning of MECM for clients.
• Translate existing Group Policies into Intune configuration profiles, security baselines, and compliance policies, with minimal user disruption.
• Define and roll out Windows Autopilot and other zero‑touch provisioning approaches for new and re‑provisioned Windows devices.
• Implement and manage Entra ID–based device management and conditional access, including hybrid‑joined and cloud‑native devices.
• Design and implement Windows Hello for Business and other passwordless authentication options (e.g., FIDO2) in coordination with identity and security teams.
• Use E5 capabilities (Defender, endpoint security, app protection, device compliance) to uplift endpoint security posture.
• Package, deploy and update applications via Intune (and MECM where needed during transition), including rings/pilot groups and rollback plans.
• Develop documentation, runbooks, and knowledge transfer for internal operations teams, considering limited in‑house endpoint resources.
• Troubleshoot complex client management issues across MECM, Intune, Entra ID, on‑prem AD, and GPO.
• Collaborate with cloud, network and security teams to align endpoint management with zero‑trust and Azure migration initiatives.