Job Description

• Job Summary:
• Around 7-12yrs Experience

• Key Responsibilities:

  1. Microsoft Intune Architecture & Global Management

  • Architect, configure, and manage a secure, scalable Microsoft Intune environment for global endpoint control.
  • Drive end-to-end deployment and policy enforcement for Windows, macOS, iOS, and Android devices.
  • Standardize enrollment, compliance, and configuration profiles aligned with enterprise standards.

  2. Cloud PC (Windows 365) & AVD Deployment & Administration

  • Implement and manage Windows 365 Cloud PCs & AVD to support secure, scalable hybrid work in remote and offshore locations.
  • Define usage policies, resource allocation, and compliance enforcement for Cloud PC & AVD environments.
  • Integrate Cloud PC & AVD management with Intune, Defender for Endpoint, and Azure AD Conditional Access.

  3. App Protection & Compliance Policies

  • Design and enforce App Protection Policies (APP) to prevent data leakage on unmanaged and BYOD devices.
  • Implement dynamic Compliance Policies with real-time device risk assessment, encryption, secure boot validation, and remediation workflows.
  • Enforce conditional access policies based on posture and geographic risk.

  4. Application Deployment & Management

  • Deploy and manage Win32, LOB, Store, and mobile apps across platforms.
  • Configure deployment rings, detection logic, and rollback strategies using Intune and MECM.
  • Automate deployments using PowerShell, Graph API, and Intune scripting tools for consistency and repeatability.

  5. Mobile & macOS Device Management

  • Administer MDM for iOS, iPadOS, Android, and macOS, including ABM, and Android Enterprise enrollment.
  • Enforce platform-specific policies such as encryption, secure Wi-Fi, VPN, certificate deployment, OS versioning and device configuration and restriction polices.

  6. Software Updates & Remediation

  • Design and manage Windows update rings, feature update deployment strategies, and compliance-based remediation workflows.
  • Ensure alignment with enterprise patching schedules and global vulnerability management practices.
  • Automate reporting and exception handling for software update failures and drift scenarios.

  7. Azure AD Joined Devices & Access Enforcement

  • Manage Azure AD Joined and Hybrid Joined devices globally.
  • Enforce passwordless authentication solutions (e.g., Windows Hello for Business, FIDO2) and MFA policies.
  • Configure device compliance-based Conditional Access and risk-tiered enforcement rules.

   

  8. Policy Configuration & Lifecycle Governance

  • Modernize legacy GPOs using Intune Settings Catalog, Administrative Templates, and OMA-URI.
  • Maintain a centralized, version-controlled policy baseline adaptable by region, role, and risk.
  • Track configuration drift and enforce policy consistency with audit-friendly reporting and rollback capabilities.

  10. Microsoft Endpoint Security Oversight

  • Manage Microsoft Defender for Endpoint policy deployment and telemetry.
  • Enforce EDR, attack surface reduction, vulnerability remediation, and automated isolation based on threat signals.
  • Coordinate with the SOC team to align endpoint alerts with global security incident response protocols.

  11. MECM (Microsoft Endpoint Configuration Manager)

  • Maintain legacy MECM environment for:
  • Task sequence OS deployment
  • Patch compliance for isolated/offline devices
  • Application deployment where Intune isn’t feasible
  • Enable and refine co-management to transition workloads to Intune.

  12. ServiceNow Asset Management Integration

  • Integrate Intune and MECM with ServiceNow CMDB for real-time asset tracking, software/hardware inventory, and compliance mapping.
  • Automate asset lifecycle updates based on provisioning, reassignment, retirement, and failure remediation events.
  • Ensure endpoint data flows accurately into ServiceNow for audit readiness, exception management, and risk scoring.