Role Overview
As a Cloud Endpoint Solutions Architect, you will lead the design and implementation of next-generation endpoint environments built on cloud-native technologies. Your focus will be on transitioning traditional desktop management models to secure, scalable solutions using Microsoft Intune, Windows 365 Cloud PCs, and Azure Virtual Desktop (AVD). You'll ensure all architectures align with Zero Trust principles, organizational compliance needs, and operational efficiency goals.
Key Responsibilities
- Design future-state endpoint architectures centered on Intune, Windows 365, and AVD, tailored to user personas and business requirements
- Develop modern management strategies, including cloud-native adoption, co-management, and phased migration approaches
- Define governance frameworks for device lifecycle management, configuration standards, and security enforcement
- Implement device enrollment and provisioning using Windows Autopilot and Entra ID join methods
- Create and manage configuration baselines through profiles, settings catalog, security baselines, and administrative templates
- Integrate compliance policies with Conditional Access to enforce endpoint posture and access controls
- Design application deployment models for Win32, Microsoft Store, and M365 Apps, including dependency handling and detection logic
- Establish update management strategies for feature updates, quality patches, and driver maintenance
- Enable proactive monitoring and remediation using Endpoint Analytics, scripting, and reporting tools
- Architect Windows 365 Cloud PC solutions across Business, Enterprise, and Frontline editions based on performance and use case
- Define provisioning policies, image management, security controls, and network connectivity for Cloud PCs
- Design AVD host pools with appropriate session models (pooled vs personal, multi-session vs single-session)
- Implement FSLogix profile solutions, image versioning, automation, and resiliency patterns
- Ensure identity, access, and network configurations for AVD align with enterprise security standards
- Guide teams on monitoring, capacity planning, cost control, and performance optimization
- Collaborate with security teams to implement endpoint protection, Defender integration, and attack surface reduction
- Ensure compliance with regulatory requirements including data handling, access control, and logging
- Lead discovery sessions, technical workshops, and solution design engagements
- Produce detailed architecture diagrams, implementation plans, migration runbooks, and test strategies
- Mentor engineering teams and contribute to reusable templates, automation, and technical standards
- Coordinate with identity, networking, security, and service management teams to ensure end-to-end alignment
Required Qualifications
- Minimum of 5 years in endpoint management, end-user computing (EUC), or cloud infrastructure with increasing responsibility in architectural design
- Hands-on experience with Microsoft Intune in large-scale environments, including enrollment, configuration, compliance, app deployment, and troubleshooting
- Proven experience designing or deploying Windows 365 and/or Azure Virtual Desktop solutions
- Strong understanding of Microsoft Entra ID, device identity, and Conditional Access policies
- Solid knowledge of enterprise Windows management, including policy frameworks, application packaging, and servicing models
- Experience creating technical documentation such as high- and low-level designs, operational runbooks, and diagrams
- Ability to lead technical discussions and explain complex concepts to both technical and non-technical stakeholders
Preferred Qualifications
- Experience with FSLogix, profile container strategies, and AVD performance tuning
- Familiarity with Microsoft Defender for Endpoint, security baselines, and endpoint hardening practices
- Background in migrating from SCCM/MECM or legacy VDI platforms (Citrix, VMware) to modern cloud management
- Scripting and automation skills, particularly PowerShell; Azure Automation or Functions is a plus
- Experience with monitoring tools such as Log Analytics, Azure Monitor, AVD Insights, and endpoint analytics
- Understanding of networking concepts relevant to virtual desktops, including routing, segmentation, and identity-aware access
- Microsoft certifications such as MD-102, MS-102, AZ-104, AZ-140, or SC-300 (or equivalent real-world expertise)
Technology Environment
Microsoft Intune, Windows 365 Cloud PC, Azure Virtual Desktop (AVD), Microsoft Endpoint Manager, Windows Autopilot, Entra ID, Conditional Access, Configuration Profiles, Settings Catalog, Security Baselines, Administrative Templates, Compliance Policies, Zero Trust, Win32 Apps, Microsoft Store Apps, M365 Apps, Windows Update for Business, Endpoint Analytics, Proactive Remediations, FSLogix, Image Management, Scaling Automation, Resiliency Patterns, Microsoft Defender for Endpoint, Attack Surface Reduction, PowerShell, Azure Automation, Azure Functions, Log Analytics, Azure Monitor, AVD Insights
Work Environment
This role operates in a hybrid model with primary work conducted remotely. Occasional travel may be required to support on-site engagements or team collaboration.
Benefits
- Competitive compensation package
- Comprehensive group benefits for you and your family
- Flexible work arrangements
- Generous time-off policy
- Casual work culture
- Remote-first setup with occasional travel
Our Values
- We Own Outcomes
- Win Together
- Make An Impact
- Enjoy The Journey
- Respect All
Equal Opportunity Employer
We are committed to equal employment opportunity. All qualified applicants will be considered without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. Reasonable accommodations are available for individuals with disabilities.
