Senior Intune Endpoint Engineer

Stefanini Group is looking for Sr. Intune Endpoint Engineer for a globally recognized company! For interested applicants, click the apply button, or you may reach out to Alfher Hidalgo at (248) 728-2627 / Alfher.Hidalgo@stefanini.com for faster processing. Thank you!

Core Responsibilities

Stabilization, Troubleshooting, and Intune Internals

• Own day-to-day engineering and escalation for Intune: policies, apps, enrollment, compliance, and updates.
• Troubleshoot when policies/apps don't apply using a structured approach (assignment/scoping, filters, licensing, device state, IME logs, MDM diagnostics, event logs).
• Diagnose and remediate policy conflicts and precedence issues across configuration profiles, security baselines, compliance policies, scripts, and (where applicable) co-management/GPO overlap.
• Perform deep Windows troubleshooting when needed (Event Viewer, Services, Scheduled Tasks, registry, MDM diagnostics) to resolve issues without reimaging.

Win32 App Packaging, Detection, and Automation

• Package and deploy complex Windows applications (non-MSI installers, multiple components, prerequisites) using Win32 app model.
• Build reliable detection rules, install/uninstall logic, versioning, and logging standards; manage supersedence and dependencies.
• Create repeatable packaging standards (folder structure, log locations, naming/versioning conventions) and automate where possible with PowerShell and Graph.

Autopilot and Provisioning

• Design, implement, and test Autopilot deployments (deployment profiles, ESP, device naming, dynamic groups, required apps, enrollment flows).
• Establish a repeatable Autopilot test plan and acceptance criteria before expanding scope.

Update Rings, Feature Management, and Verification

• Implement and manage Windows Update for Business: update rings, feature update policies, quality updates, deadlines, and safeguards.
• Verify what is actually happening on devices (Intune reporting + device-side validation) and troubleshoot update compliance gaps.

Governance, Change Control, and Documentation

• Implement operational maturity: change control, peer review (where applicable), pilot rings, rollback plans, and post-change validation.
• Maintain documentation that supports auditability and long‑term maintainability: runbooks, standards, 'why' behind configurations, and conflict‑avoidance guidance.
• Produce drift detection and baseline comparison outputs (e.g., export Intune objects, compare to a golden baseline, report differences).

Security Layering Without Collisions

• Partner with Security/IAM to layer WUfB + Defender + compliance + baselines + Conditional Access in a way that avoids conflicting settings and unintended lockouts.
• Ensure endpoint security posture is strong while maintaining usability and operational stability.

Job Requirements

Required Qualifications

• 5+ years in endpoint engineering/EUC with significant enterprise Intune ownership.
• Proven experience stabilizing or cleaning up a partially migrated / inconsistent Intune environment.
• Strong knowledge of:
• Intune Management Extension (IME) behavior, Win32 app processing, and log-based troubleshooting
• Policy assignment/scoping, filters, and conflict resolution
• Autopilot + ESP design and troubleshooting
• Windows Update for Business rings and feature update control
• Strong Windows 10/11 troubleshooting skills (Event Viewer, services, scheduled tasks, registry, MDM diagnostics).
• Strong PowerShell skills used routinely for automation, reporting, and troubleshooting (Graph API preferred).
• Ability to write clear documentation and operate with disciplined change control.

Preferred Qualifications

• Co‑management (ConfigMgr/SCCM) experience and understanding of how it can shadow or override Intune behavior.
• Defender for Endpoint and endpoint security policy experience (BitLocker, ASR, firewall, security baselines).
• macOS and/or mobile management experience (iOS/iPadOS, Android Enterprise).
• PKI/cert profiles (SCEP/PKCS), Wi‑Fi/VPN profiles, and enterprise networking integrations.
• Certifications (nice to have): MD‑102, Azure/Entra, Security certs.