Key skills
PowerShellAzureAzure ADEntra IDiOSAndroid
About this role
Key Responsibilities
- Architect and deploy Microsoft Intune for Windows, macOS, iOS/iPadOS, and Android device fleets at enterprise scale.
- Design Windows Autopilot provisioning, Enrollment Status Page (ESP), and zero-touch deployment workflows.
- Build and maintain device compliance policies, configuration profiles, endpoint security baselines, and Conditional Access integrations.
- Architect co-management transitions from SCCM / Configuration Manager to Intune, including workload sequencing and client health management.
- Configure App Protection Policies, Win32 app packaging, and LOB application lifecycle management.
- Integrate Intune with Microsoft Defender for Endpoint, Purview, YubiKey MFA, and hardware security key enforcement.
- Implement and maintain email security controls via Mimecast and/or Barracuda within the Intune and M365 security stack.
- Define Windows Update for Business rings and patch management policy across all managed platforms.
Required Qualifications
- 6+ years enterprise endpoint management experience, with 4+ years focused on Microsoft Intune / Endpoint Manager.
- Expert-level knowledge of Intune policy architecture, compliance, and Conditional Access.
- Hands-on experience with Autopilot, including Hybrid Azure AD Join and White Glove provisioning.
- Solid understanding of co-management with SCCM and workload migration strategy.
- Proficiency in PowerShell and Microsoft Graph API for Intune automation.
- Experience with YubiKey or hardware token deployment and enforcement within Entra ID / Conditional Access.
- Working knowledge of Mimecast or Barracuda for email filtering, archiving, and security policy management.
Required Certifications
- Microsoft MD-102 (Endpoint Administrator) — required or willingness to obtain.
- Microsoft MS-102 (Enterprise Administrator Expert) — required or willingness to obtain.
- Mimecast Certified Associate or higher — required or willingness to obtain.
- Barracuda Technical Specialist (Email Security) — required or willingness to obtain.
- YubiKey deployment certification or Yubico training completion — willingness to obtain required.
Candidates who do not hold the above certifications will be offered access to unpaid self-paced certification resources as part of onboarding to support role readiness.