Design and implement a phased migration from MECM to Microsoft Intune, including co‑management, workload shifting, and eventual decommissioning of MECM for clients.
Translate existing Group Policies into Intune configuration profiles, security baselines, and compliance policies, with minimal user disruption.
Define and roll out Windows Autopilot and other zero‑touch provisioning approaches for new and re‑provisioned Windows devices.
Implement and manage Entra ID–based device management and conditional access, including hybrid‑joined and cloud‑native devices.
Design and implement Windows Hello for Business and other passwordless authentication options (e.g., FIDO2) in coordination with identity and security teams.
Use E5 capabilities (Defender, endpoint security, app protection, device compliance) to uplift endpoint security posture.
Package, deploy and update applications via Intune (and MECM where needed during transition), including rings/pilot groups and rollback plans.
Develop documentation, runbooks, and knowledge transfer for internal operations teams, considering limited in‑house endpoint resources.
Troubleshoot complex client management issues across MECM, Intune, Entra ID, on‑prem AD, and GPO.
Collaborate with cloud, network and security teams to align endpoint management with zero‑trust and Azure migration initiatives.

Requirements

Endpoint management/Windows client engineering, including hands‑on experience with Microsoft Intune/Endpoint Manager and MECM/ConfigMgr.
Strong understanding of Active Directory, Entra ID (Azure AD), hybrid join, and Group Policy design and troubleshooting.
Demonstrated experience implementing or migrating to Intune (co‑management, workload shifts, Autopilot, policy baselines).
Experience with Windows Hello for Business, conditional access, and modern authentication concepts.
Good knowledge of Microsoft 365 E5 security stack (Defender, compliance, device configuration).
Solid PowerShell skills for automation, reporting, and remediation.
Experience operating in resource‑constrained environments where you must prioritize and phase work carefully.
Strong communication skills to work directly with stakeholders, explain trade‑offs, and drive change.
Nice to Have: Experience managing or securing Windows servers with Intune or related tooling in hybrid scenarios.
Exposure to zero‑trust architectures and endpoint‑related security frameworks.
Experience with MacOS/iOS/Android MDM is a plus.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Microsoft IntuneMECMWindows AutopilotEntra IDWindows Hello for BusinessPowerShellconditional accesszero-touch provisioningendpoint securityGroup Policy

Soft Skills

strong communication skillscollaborationtroubleshootingdocumentation developmentknowledge transferprioritizationchange management