M365 Resident Engineer

Job title: M365 Resident Engineer

Company: Innovations Group

Job description: Job Summary:Around 7-12yrs ExperienceKey Responsibilities:1. Microsoft Intune Architecture & Global ManagementArchitect, configure, and manage a secure, scalable Microsoft Intune environment for global endpoint control.Drive end-to-end deployment and policy enforcement for Windows, macOS, iOS, and Android devices.Standardize enrollment, compliance, and configuration profiles aligned with enterprise standards.2. Cloud PC (Windows 365) & AVD Deployment & AdministrationImplement and manage Windows 365 Cloud PCs & AVD to support secure, scalable hybrid work in remote and offshore locations.Define usage policies, resource allocation, and compliance enforcement for Cloud PC & AVD environments.Integrate Cloud PC & AVD management with Intune, Defender for Endpoint, and Azure AD Conditional Access.3. App Protection & Compliance PoliciesDesign and enforce App Protection Policies (APP) to prevent data leakage on unmanaged and BYOD devices.Implement dynamic Compliance Policies with real-time device risk assessment, encryption, secure boot validation, and remediation workflows.Enforce conditional access policies based on posture and geographic risk.4. Application Deployment & ManagementDeploy and manage Win32, LOB, Store, and mobile apps across platforms.Configure deployment rings, detection logic, and rollback strategies using Intune and MECM.Automate deployments using PowerShell, Graph API, and Intune scripting tools for consistency and repeatability.5. Mobile & macOS Device ManagementAdminister MDM for iOS, iPadOS, Android, and macOS, including ABM, and Android Enterprise enrollment.Enforce platform-specific policies such as encryption, secure Wi-Fi, VPN, certificate deployment, OS versioning and device configuration and restriction polices.6. Software Updates & RemediationDesign and manage Windows update rings, feature update deployment strategies, and compliance-based remediation workflows.Ensure alignment with enterprise patching schedules and global vulnerability management practices.Automate reporting and exception handling for software update failures and drift scenarios.7. Azure AD Joined Devices & Access EnforcementManage Azure AD Joined and Hybrid Joined devices globally.Enforce passwordless authentication solutions (e.g., Windows Hello for Business, FIDO2) and MFA policies.Configure device compliance-based Conditional Access and risk-tiered enforcement rules. 8. Policy Configuration & Lifecycle GovernanceModernize legacy GPOs using Intune Settings Catalog, Administrative Templates, and OMA-URI.Maintain a centralized, version-controlled policy baseline adaptable by region, role, and risk.Track configuration drift and enforce policy consistency with audit-friendly reporting and rollback capabilities.10. Microsoft Endpoint Security OversightManage Microsoft Defender for Endpoint policy deployment and telemetry.Enforce EDR, attack surface reduction, vulnerability remediation, and automated isolation based on threat signals.Coordinate with the SOC team to align endpoint alerts with global security incident response protocols.11. MECM (Microsoft Endpoint Configuration Manager)Maintain legacy MECM environment for:Task sequence OS deploymentPatch compliance for isolated/offline devicesApplication deployment where Intune isn’t feasibleEnable and refine co-management to transition workloads to Intune.12. ServiceNow Asset Management IntegrationIntegrate Intune and MECM with ServiceNow CMDB for real-time asset tracking, software/hardware inventory, and compliance mapping.Automate asset lifecycle updates based on provisioning, reassignment, retirement, and failure remediation events.Ensure endpoint data flows accurately into ServiceNow for audit readiness, exception management, and risk scoring.

Expected salary: 14000 – 18000 per month

Location: Abu Dhabi

Job date: Fri, 23 May 2025 07:28:10 GMT

Apply for the job now!