Overview
Skills
Job Details
Job Descriptions:-
Must have:
- Windows 11 migration/Intune laptop rollout
We are seeking a highly skilled and driven Microsoft 365 Engineer with architect-level expertise to lead the design and implementation of a modern endpoint management strategy using Microsoft Intune. This is a strategic, hands-on role focused on building a secure, scalable, and user-friendly Windows 11 laptop deployment and management framework from the ground up. You will serve as the technical authority on Intune and endpoint security, working cross-functionally with IT, security, and executive leadership.
Note: This role does not involve direct management of Windows 10 devices. However, awareness of user transition challenges from Windows 10 to Windows 11 is essential.
Key Responsibilities
Architect and lead the rollout of Microsoft Intune for Windows 11 laptops across the enterprise.
Design and implement Conditional Access policies aligned with Zero Trust principles.
Manage and optimize Intune device compliance, configuration profiles, and application deployment.
Lead cloud-based Group Policy (Administrative Templates, Settings Catalog) strategy and migration.
Oversee Microsoft Entra ID (formerly Azure AD) user and group provisioning, dynamic groups, and role-based access control.
Integrate and manage Microsoft Defender for Endpoint across Intune-managed devices.
Develop and maintain patching, application lifecycle, and vulnerability management processes.
Lead Windows 11 OS hardening, packaging, and deployment strategies.
Maintain and integrate SCCM (ConfigMgr) where necessary for co-management or legacy support.
Provide expert-level guidance on Surface Pro device management and RSA token integration.
Produce high-quality documentation, diagrams, and executive-level presentations.
Collaborate with internal security teams to align endpoint strategy with organizational risk posture.
Serve as a technical liaison between IT, InfoSec, and business stakeholders.
Operate within a strict Change Control environment, ensuring all changes are well-documented, reviewed, and approved.
Required Skills & Experience
Extensive hands-on experience in enterprise endpoint management, with deep expertise in Microsoft Intune.
Strong understanding of Windows 11 OS deployment, hardening, and lifecycle management.
Proven success implementing Conditional Access, Defender for Endpoint, and cloud-based GPO strategies.
Experience with Microsoft Entra ID provisioning and role-based access models.
Familiarity with SCCM in hybrid environments and legacy support scenarios.
Knowledge of RSA token provisioning and Surface device management.
Excellent written and verbal communication skills; able to engage with both technical and non-technical audiences.
Strong documentation and process development skills.
Ability to challenge the status quo and advocate for secure, scalable solutions even in the face of resistance.
Demonstrated professionalism, accountability, and ability to work independently.
Experience working in financial services or other regulated industries is highly preferred.