Microsoft Intune Engineer / Endpoint Management Specialist
United States
Contract
5 hours ago
No H1B
Key skills
Microsoft IntuneWindows AutopilotEndpoint ManagementMobile Device ManagementEntra IDMicrosoft Graph APIRole-Based Access ControlDevice ComplianceApplication DeploymentPolicy ManagementBYOD Security PoliciesTroubleshootingAnalyticsiOSAndroidFirewall
About this role
Axiom Global Technologies is seeking an experienced Microsoft Intune / Endpoint Management Engineer to manage enterprise device management and security policies across Windows and mobile platforms. The role involves overseeing device compliance, application deployment, and modern endpoint provisioning, ensuring a secure and efficient device management environment.
Responsibilities:
- Manage device compliance, application deployment, endpoint protection, software updates, and policy configuration using Microsoft Intune
- Administer device enrollment for corporate and BYOD environments across Windows, iOS, and Android platforms
- Implement automated device provisioning, including zero-touch enrollment and web-based device enrollment for iOS
- Configure device policies and custom configuration profiles for enterprise device management
- Deploy and manage VPN, email, Wi-Fi, and certificate profiles using PKCS and SCEP
- Configure and manage shared devices and kiosk device scenarios for Windows and mobile platforms
- Manage application deployments, including Microsoft 365 apps, Edge, Store apps, Line-of-Business (LOB), and Win32 applications
- Integrate Apple Business Manager and Managed Google Play with Intune
- Configure Log Analytics workspaces and develop custom reports using KQL
- Manage connectors and tokens including Apple VPP tokens, Managed Google Play, and certificate connectors
- Support firmware and device updates over-the-air
- Configure and support Windows Autopilot deployment profiles and troubleshoot provisioning issues
- Manage Autopilot deployment scenarios, including: User-Driven deployment, Pre-provisioning, Self-Deploying mode, Autopilot Reset, Autopilot for existing devices
- Configure and troubleshoot the Enrollment Status Page (ESP)
- Manage Autopilot device preparation and provisioning workflows
- Implement device compliance policies and conditional access integration
- Configure app configuration profiles and app protection policies
- Manage certificate-based authentication and identity integrations
- Implement BYOD security policies using Intune and Conditional Access
- Provision and manage Windows endpoints using Intune
- Manage Windows Update for Business, including: Update Rings, Feature Updates, Quality Updates, Driver Updates
- Monitor update compliance using Windows Update for Business reports
- Manage Windows Autopatch and Autopatch groups
- Configure and manage: BitLocker encryption and recovery, Windows Defender Antivirus and Firewall, Local Administrator Password Solution (LAPS), Windows Hello for Business, Credential Guard, Endpoint Detection and Response (Microsoft Defender for Endpoint), Application Control policies
- Configure OneDrive for Business, including known folder redirection and file share migration
- Utilize Windows Configuration Service Providers (CSPs) to build custom device configurations
- Support Endpoint Analytics, Group Policy Analytics, and remediation scripts
- Experience with Intune add-ons such as: Endpoint Privilege Management, Remote Help, Advanced Analytics, Awareness of Microsoft Tunnel / Tunnel for MAM and Cloud PKI solutions
- Manage co-managed environments (Intune + Configuration Manager)
- Support Cloud Management Gateway (CMG) implementation and transition to cloud-only management
- Create and manage dynamic groups and extension attributes
- Configure and maintain Conditional Access policies
- Analyze sign-in logs for reporting and access evaluation
Requirements:
- Minimum 5 years of experience in endpoint management or device management roles
- Hands-on experience with Microsoft Intune administration, including device compliance, application deployment, and policy management
- Experience with device enrollment and automated provisioning across Windows, iOS, and Android platforms
- Experience supporting corporate and BYOD device scenarios
- Experience with Intune diagnostics and troubleshooting
- High School Diploma or GED required
- The selected applicant will have access to export-controlled materials. Therefore, candidates must qualify as a U.S. Person, defined as a U.S. Citizen, U.S. Permanent Resident (Green Card holder), Refugee, or Asylee
- Experience with Microsoft Graph API
- Knowledge of Role-Based Access Control (RBAC) for endpoint management