The Intune/MECM Engineer is responsible for managing, securing, and optimizing enterprise endpoint environments using Microsoft Intune and Microsoft Endpoint Configuration Manager (MECM). This role focuses on modern device management, operating system and application deployment, patching, compliance enforcement, and endpoint security across Windows devices.

The engineer will design and maintain Intune configurations, Autopilot provisioning, update strategies, and device policies while ensuring secure identity and access management through Azure AD / Entra ID. The role requires strong troubleshooting skills, automation mindset, and close collaboration with security, infrastructure, and identity teams to ensure a secure, compliant, and efficient endpoint ecosystem.

Key Responsibilities :

- Design, implement, and manage enterprise endpoint solutions using Microsoft Intune and MECM

- Configure and maintain modern device management (MDM) strategies for Windows endpoints

- Manage OS deployment using Windows Autopilot, MECM task sequences, and Windows Update for Business

- Package, deploy, and maintain applications using Win32/IntuneWin, MSI, and MSIX formats

- Implement and manage patching, update rings, feature updates, and device lifecycle activities (onboarding, retirement, decommissioning)

- Configure and enforce Configuration Profiles, Compliance Policies, and Security Baselines

- Ensure secure identity and access flows using Azure AD / Entra ID, including Hybrid Join, Cloud Join, MFA, SSO, and Conditional Access

- Troubleshoot device enrollment, application deployment, policy conflicts, and update failures

- Monitor endpoint health and compliance using Intune Analytics and Log Analytics

- Generate operational and compliance reports for stakeholders

- Develop and implement automation and scripting to improve efficiency and reduce manual effort

- Collaborate closely with Security, Identity, and Infrastructure teams to align endpoint strategies with organizational standards

Mandatory Skills & Qualifications :

- 8-12 years of strong hands-on experience with Microsoft Intune and MECM in enterprise environments

- Expertise in device, OS, application, and policy management

- Strong experience with application packaging and deployment (Win32/IntuneWin, MSI, MSIX)

- Hands-on experience with Windows Autopilot, MECM task sequences, and Windows Update for Business

- Proven experience in patch management, endpoint retirement, and decommissioning

- Strong knowledge of endpoint security including Configuration Profiles, Compliance Policies, and Security Baselines

- Deep expertise in Identity & Access Management (IAM) :

- Azure AD / Entra ID

- Hybrid and Cloud Join

- MFA, SSO, Conditional Access

- Proficiency in Intune Analytics, Log Analytics, and reporting

Preferred Skills (Nice to Have) :

- PowerShell scripting for automation and troubleshooting