Apply for End-User Endpoint Management Engineer, Microsoft Defender, InTune, M365

On behalf of our public-sector client, Affinity is seeking an End-User Endpoint Management Engineer to support Technology Services in designing, implementing, and operationalizing endpoint management capabilities for Windows 11 devices using Microsoft Intune, Autopilot, Entra ID, Microsoft Defender, and related M365 services. The role is focused on secure endpoint configuration, device provisioning, policy implementation, application deployment, update management, compliance reporting, user onboarding, and operational readiness for the modern workplace endpoint environment.

Responsibilities:

• Ensure full knowledge transfer of all modernized endpoint management operational procedures to responsible and accountable staff.

• Assess current endpoint management practices, Windows 11 readiness, device profiles, policy gaps, application requirements, support processes, and operational constraints.

• Design, configure, test, and refine Intune policy sets for Windows 11 devices, including configuration profiles, compliance policies, security baselines, endpoint protection settings, device restrictions, and exception handling.

• Design and implement Autopilot deployment profiles, enrollment status pages, device naming standards, group assignment logic, provisioning workflows, and pilot deployment patterns.

• Configure Windows Update rings, feature update policies, quality update policies, driver and firmware management approaches, rollback considerations, and update exception processes.

• Package, deploy, and maintain required applications, scripts, certificates, configuration profiles, VPN/Wi-Fi settings, printers, and other endpoint dependencies.

• Support Microsoft Defender for Endpoint onboarding, endpoint security policy configuration, attack surface reduction, tamper protection, device risk signals, and operational reporting.

• Validate endpoint readiness through pilot groups, test cases, deployment rings, user feedback, issue triage, deployment metrics, and operational readiness checkpoints.

• Develop endpoint reporting for compliance, update status, device health, application deployment, Defender onboarding, policy assignment, failed deployments, and exceptions.

• Document device lifecycle processes including procurement intake, enrollment, assignment, refresh, wipe/reset, retirement, lost/stolen device handling, break/fix support, and re provisioning.

• Support integration with ServiceNow, asset management, CMDB, and support workflows to ensure device records, ownership, lifecycle state, and operational processes remain accurate.

• Produce deployment runbooks, support procedures, troubleshooting guides, configuration standards, test scripts, operational checklists, and transition-to-operations documentation.

• Support change management, communications, training, pilot coordination, deployment scheduling, hypercare, and knowledge transfer.

• Work with cybersecurity, identity, M365, infrastructure, service desk, and business stakeholders to ensure endpoint configurations meet security, operational, compliance, and user experience requirements.

Education, Training, and Experience

• Minimum of 10 years’ experience in endpoint management, modern workplace engineering, or desktop systems administration in enterprise environments.

• Bachelor of Science in Information Technology, or an equivalent combination of training and experience.

• Strong hands-on experience with Microsoft Intune, Autopilot, Entra ID, and Windows 11 enterprise deployment is required.

• Microsoft certifications such as Modern Desktop Administrator Associate or Endpoint Administrator Associate are strong assets.

• Experience with Microsoft Defender for Endpoint, security baselines, and device hardening is an asset.

• Experience working in a rapidly evolving environment with matrix leadership is an asset.

Knowledge, Skills, and Abilities:

• Knowledge of modern endpoint management, Intune policy design, Autopilot provisioning, and Windows Update for Business. 

• Knowledge of endpoint security baselines, Defender for Endpoint, compliance policies, and device hardening practices.

• Knowledge of application packaging and deployment, and endpoint lifecycle management.

• Knowledge of ITIL and ITSM related standards and practices, including CMDB and asset management integration.

• Knowledge of MS Visio, Teams, PowerPoint, and SharePoint.

• Ability to respond to shifting priorities, demands, and timelines.

• Ability to anticipate, investigate, research, and analyze challenging endpoint problems, and to resolve or escalate issues in a timely fashion.

• Ability to work effectively and elicit cooperation with a variety of internal and external contacts.

• Ability to communicate effectively orally and in writing and to prepare clear, concise, and complete documentation.

• Ability to prepare and maintain a variety of records and technical documentation related to the work.

Affinity Earn:

Know someone who’s great for this, or any of our open roles? Earn up to $4,000/year for each successful referral through Affinity Earn. You can also earn up to $50,000 for helping us find new clients. Learn about our referral program at https://affinity-group.ca/earn/ or browse our jobs & follow us at https://www.linkedin.com/company/affinity-staffing/jobs/

About Affinity: 

Affinity Group is a technology and business consulting and services company. We believe in creating long term relationships between clients and consultants that foster a mutually beneficial partnership. Affinity is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All employment is decided on the basis of qualifications, merit and business need.

For more information on Affinity, please visit www.affinity-group.ca

Job Number: 13586

#LI-Hybrid