Responsibilities
- Create and manage secure Windows workstation images for on-site and remote users, including those accessing virtual desktop environments.
- Develop standardized Windows endpoint configurations, security policies, compliance settings, and automated patching workflows using authorized Microsoft tools.
- Manage and enhance Microsoft Intune, Windows Autopilot, Group Policy, and related controls for endpoint compliance and configuration management.
- Assist in deploying passwordless authentication methods, hardware-based credentials such as YubiKeys and CAC, and additional safeguards for high-privilege accounts.
- Connect device enrollment and conditional access systems with Entra ID and Active Directory to enforce secure device setup prior to access grants.
- Support full lifecycle management of Windows devices, including setup, compliance monitoring, reassignment, and secure retirement.
- Design and verify logging, monitoring, and telemetry systems for Windows endpoints, including event logs, agent data, and integration with SIEM and EDR platforms.
- Coordinate patch deployment and policy enforcement through Intune and Group Policy, and correct configuration deviations on Windows systems.
- Develop comprehensive documentation, operational standards, runbooks, validation records, and technical guidance for Microsoft endpoint environments.
- Assist with high-priority incident response, root cause analysis, and audit support for Windows devices and Microsoft-hosted endpoint services.
Work Arrangement
Remote