Microsoft Active Directory & Intune Specialist ( AZ Local | Hybrid)

About the position

The Microsoft Active Directory & Intune Migration Specialist will lead the assessment, cleanup, and modernization of the agency’s Active Directory Group Policy environment. This role focuses on auditing and rationalizing existing GPOs and migrating applicable policies to Microsoft Intune to support modern endpoint management. The specialist will design and implement Intune configurations, compliance policies, application deployments, Windows Update strategies, and PowerShell-based remediation solutions while collaborating with security and infrastructure teams.

Responsibilities

• Audit and analyze the existing Active Directory Group Policy Object (GPO) environment
• Identify active, inactive, redundant, or conflicting GPOs and document findings
• Present analysis and recommendations to IT leadership
• Remove unused or obsolete GPOs to improve security and manageability
• Design and execute a phased migration from GPOs to Microsoft Intune
• Create Intune configuration profiles, compliance policies, and device policies
• Package and deploy Win32 apps and manage application configurations in Intune
• Develop PowerShell scripts and Intune proactive remediations
• Configure Windows Update for Business and Intune update rings
• Maintain and optimize AD OU structures, security groups, and delegations
• Collaborate with cybersecurity and compliance teams
• Produce detailed documentation, runbooks, SOPs, and rollback plans

Requirements

• 5+ years of hands-on experience as an Active Directory / GPO Specialist
• Strong experience with Microsoft System Center Configuration Manager (SCCM)
• Expertise in Group Policy design, troubleshooting, and audits
• Advanced PowerShell scripting experience
• 5+ years administering Active Directory and GPOs in enterprise environments (500+ endpoints)
• 3+ years working with Microsoft Intune (enrollment, compliance, configuration, apps)
• Experience with Intune Win32 apps, LOB apps, and Store apps
• Experience migrating from GPO/WSUS to Intune and Windows Update for Business
• Experience presenting technical findings to non-technical leadership
• Local Phoenix candidates only
• Must state current location on resume (mandatory)
• Must be available for in-person interviews within 1 week of posting close
• Must be able to start within 2 weeks of offer

Nice-to-haves

• Microsoft Intune (Endpoint Manager)
• Microsoft Entra ID (Azure AD)
• Group Policy & Windows Update management
• Microsoft Certified: Endpoint Administrator Associate (MD-102)

Benefits

• Flexible work from home options available.