Assoc Mgr, Modern Workplace Engineering

Role Requirements

• English oral and written communication.
• Strong technical writing, presentation and training skills.

Technical Requirements

Microsoft Intune: Deep hands-on experience with device compliance, application deployment, software updates, endpoint protection, and policy management.

• Device enrolment, corporate and personal/BYOD device scenarios, automated provisioning for Windows, IoS, Android, including zero-touch enrolments for IoS and Android platforms, web based device enrolment for IoS
• Device configuration including creating custom configuration profiles
• Shared and Kiosk device scenarios, Windows and mobile device platforms
• Certificate deployments, PKCS and SCEP. Deploying VPN, email and Wi-Fi profile
• Device Compliance, including custom compliance and integration with Defender for Endpoint for device risk, ConfigMgr compliance. Compliance with Conditional Access
• Assignment filters for managed apps and devices
• Applications,
• Store apps, M365 apps, Edge, LoB and Win32.
• Integration with Apple Business Manager and Google Play store
• Intune Diagnostics
• Creating Log Analytics Workspaces
• Using KQL to create custom reports from Log Analytics data
• Connectors and tokens
• Configuration Manager
• Apple VPP tokens
• Managed Google Play
• Firmware over-the-air update
• MDT connectors – (Windows Security and awareness of 3rd party capabilities)
• Certificate connectors
• Active Dir
• eSIM configuration, awareness of platform specific limitations

Autopilot & Provisioning: Expertise in configuring and validating Windows Autopilot profiles, OEM provisioning, and troubleshooting deployment issues.

• Entra and Hybrid Entra scenarios
• Experience with all Autopilot deployment scenarios, user-driven, pre-provisioning, self-deploying, Autopilot Reset and Autopilot for existing devices
• Enrolment Status Page – configurating and experience troubleshooting
• Autopilot Device Preparation

Qualifications

MDM/MAM Policies: Strong understanding of mobile device and application management, including conditional access, compliance policies, and certificate-based authentication.

• App configuration profiles
• App protection profiles
• Experience configuring Intune and Conditional Access for BYOD scenarios

Windows 10/11 Management: Proven experience with provisioning, servicing, and customising Windows installations using Intune

• Windows Updates, Update Rings, Feature Updates, Quality Updates and driver updates. Monitoring and reporting including Windows Update for Business Reports
• Autopatch, Autopatch Groups, onboarding and monitoring
• Scripts and remediations
• Endpoint Analytics, Group Policy Analytics
• Endpoint Security
• Bitlocker management, including self-service recovery key options
• AV and Firewall configuration
• LAPS, automated and manual configuration
• Windows Hello for Business (client configuration)
• managing local admins group
• Configuring credential guard
• Endpoint detection and response, onboarding devices to MDE
• Application Control
• OneDrive for Business – configuration including integration with known folders, migration from file shares
• Experienced with utilizing Windows Configuration Service Providers and creating custom configuration profiles.

Intune Suite

Experience with configuring Intune add-ons including;

• Endpoint Privilege Management
• Remote Help
• Advanced Analytics
• Experience or awareness (ability to discuss at a high level) Microsoft Tunnel/Tunnel for MAM, Cloud PKI

Hybrid Cloud Management: Experience managing co-managed environments (Intune + ConfigMgr), including cloud management gateway setup and transition to cloud-only management.

Entra ID

Firm understanding of the identity and authentication services dependencies from an Intune SME perspective, including;

• Creating dynamic groups, familiar with extension attributes
• Experience with creating Conditional Access polities and creating inclusions/exclusions for filtered devices
• Using sign-in logs for reporting and conditional access evaluation

Graph API

• Experience with using Graph Explorer and PowerShell to address bespoke device management or reporting scenarios

RBAC

• Creating custom roles, permissions and scope tags based on principles of least privilege access.
• Understating roles and responsibilities and how these can be implemented with RBAC.
• Familiar with the Entra roles with Intune access and using Entra ID PIM for Intune role elevation