Intune - MDM Engineer - L3

The role involves managing and supporting a large-scale enterprise IT environment (10,000+ users) with a focus on endpoint management, device enrollment, compliance policies, and security baselines using Microsoft Intune and Endpoint Manager. The successful candidate will configure, monitor, and maintain infrastructure components related to device lifecycle management, endpoint security, and collaborate with security and infrastructure teams to implement zero-trust and enterprise IT policies.

1. Manage and support a 10,000+ user environment with a strong emphasis on Intune (MDM/MAM), device enrolment, compliance policies, and endpoint management.
2. Configure, troubleshoot, and maintain Intune and Microsoft Endpoint Manager services, ensuring device security, patching, and compliance with organizational standards.
3. Provide day-to-day administration and production support for Intune/MDM, Microsoft 365, Teams, and OneDrive environments.
4. Develop, deploy, and maintain device configuration profiles, compliance policies, app protection policies, and conditional access rules.
5. Monitor system health, performance, and compliance posture of managed devices, proactively identifying and resolving potential issues.
6. Practical knowledge of device enrolment methods (Autopilot, Apple DEP, Android Zero-Touch), Active Directory/LDAP, DNS, mail routing, and patch management.
7. Administer security baselines, BitLocker encryption, Windows Update for Business (WUfB), and mobile application deployment via Intune.
8. Collaborate with security and infrastructure teams to maintain device security posture, identity protection, and zero-trust policies.
9. Other duties as assigned.

1. Strong background in Intune / Microsoft Endpoint Manager (MDM/MAM) administration and support.
2. 5 to 8+ years of experience in M365 administration, with at least 3+ years hands‑on experience in Intune/MDM.
3. Proven experience implementing, migrating, and supporting large‑scale environments (10,000+ users and devices) from legacy on‑prem to M365.
4. In‑depth understanding of Active Directory, Azure AD, conditional access, endpoint security, and device lifecycle management.
5. Experience with patch management, compliance monitoring, and security baselines using Intune and related tools (e.g., SCOM, Defender for Endpoint).
6. Ability to perform under pressure in a fast‑paced, enterprise IT environment.
7. Excellent communication and documentation skills with a collaborative, team‑oriented mindset.