Sr Intune Endpoint Engineer

Stefanini Group is looking for a Senior Intune Endpoint Engineer for a globally recognized company. The role involves taking ownership of a partially migrated Intune tenant and ensuring it reaches a stable, predictable, and auditable state, with responsibilities including troubleshooting, app packaging, and implementing Autopilot deployments.

Responsibilities:

• Own day-to-day engineering and escalation for Intune: policies, apps, enrollment, compliance, and updates
• Troubleshoot when policies/apps don't apply using a structured approach (assignment/scoping, filters, licensing, device state, IME logs, MDM diagnostics, event logs)
• Diagnose and remediate policy conflicts and precedence issues across configuration profiles, security baselines, compliance policies, scripts, and (where applicable) co-management/GPO overlap
• Perform deep Windows troubleshooting when needed (Event Viewer, Services, Scheduled Tasks, registry, MDM diagnostics) to resolve issues without reimaging
• Package and deploy complex Windows applications (non-MSI installers, multiple components, prerequisites) using Win32 app model
• Build reliable detection rules, install/uninstall logic, versioning, and logging standards; manage supersedence and dependencies
• Create repeatable packaging standards (folder structure, log locations, naming/versioning conventions) and automate where possible with PowerShell and Graph
• Design, implement, and test Autopilot deployments (deployment profiles, ESP, device naming, dynamic groups, required apps, enrollment flows)
• Establish a repeatable Autopilot test plan and acceptance criteria before expanding scope
• Implement and manage Windows Update for Business: update rings, feature update policies, quality updates, deadlines, and safeguards
• Verify what is actually happening on devices (Intune reporting + device-side validation) and troubleshoot update compliance gaps
• Implement operational maturity: change control, peer review (where applicable), pilot rings, rollback plans, and post-change validation
• Maintain documentation that supports auditability and long-term maintainability: runbooks, standards, 'why' behind configurations, and conflict-avoidance guidance
• Produce drift detection and baseline comparison outputs (e.g., export Intune objects, compare to a golden baseline, report differences)
• Partner with Security/IAM to layer WUfB + Defender + compliance + baselines + Conditional Access in a way that avoids conflicting settings and unintended lockouts
• Ensure endpoint security posture is strong while maintaining usability and operational stability

Requirements:

• 5+ years in endpoint engineering/EUC with significant enterprise Intune ownership
• Proven experience stabilizing or cleaning up a partially migrated / inconsistent Intune environment
• Strong knowledge of: Intune Management Extension (IME) behavior, Win32 app processing, and log-based troubleshooting
• Policy assignment/scoping, filters, and conflict resolution
• Autopilot + ESP design and troubleshooting
• Windows Update for Business rings and feature update control
• Strong Windows 10/11 troubleshooting skills (Event Viewer, services, scheduled tasks, registry, MDM diagnostics)
• Strong PowerShell skills used routinely for automation, reporting, and troubleshooting (Graph API preferred)
• Ability to write clear documentation and operate with disciplined change control
• Co-management (ConfigMgr/SCCM) experience and understanding of how it can shadow or override Intune behavior
• Defender for Endpoint and endpoint security policy experience (BitLocker, ASR, firewall, security baselines)
• macOS and/or mobile management experience (iOS/iPadOS, Android Enterprise)
• PKI/cert profiles (SCEP/PKCS), Wi-Fi/VPN profiles, and enterprise networking integrations
• Certifications (nice to have): MD-102, Azure/Entra, Security certs