Sr. Intune Engineer
New Today
Job Description
At Broadridge, we've built a culture where the highest goal is to empower others to accomplish more. If you're passionate about developing your career, while helping others along the way, come join the Broadridge team.
We are seeking a Senior Intune Engineer with deep hands on experience in Microsoft Intune, PowerShell automation, endpoint remediation, application deployment, and device security/compliance in a large enterprise environment.
This role requires not just configuration skills, but strong troubleshooting ability, automation mindset, and ownership of endpoint health and security posture.
The ideal candidate has operated Intune at scale, understands the nuances of Windows device enrollment and lifecycle management, and can translate legacy GPO based controls into modern MDM driven policy.
Key Responsibilities
Proactive Remediation & Automation
We are dedicated to fostering a collaborative, engaging, and inclusive environment and are committed to providing a workplace that empowers associates to be authentic and bring their best to work. We believe that associates do their best when they feel safe, understood, and valued, and we work diligently and collaboratively to ensure Broadridge is a company-and ultimately a community-that recognizes and celebrates everyone's unique perspective.
Use of AI in Hiring
As part of the recruiting process, Broadridge may use technology, including artificial intelligence (AI)-based tools, to help review and evaluate applications. These tools are used only to support our recruiters and hiring managers, and all employment decisions include human review to ensure fairness, accuracy, and compliance with applicable laws. Please note that honesty and transparency are critical to our hiring process. Any attempt to falsify, misrepresent, or disguise information in an application, resume, assessment, or interview will result in disqualification from consideration.
We are seeking a Senior Intune Engineer with deep hands on experience in Microsoft Intune, PowerShell automation, endpoint remediation, application deployment, and device security/compliance in a large enterprise environment.
This role requires not just configuration skills, but strong troubleshooting ability, automation mindset, and ownership of endpoint health and security posture.
The ideal candidate has operated Intune at scale, understands the nuances of Windows device enrollment and lifecycle management, and can translate legacy GPO based controls into modern MDM driven policy.
Key Responsibilities
Proactive Remediation & Automation
- Design, implement, and maintain Intune Proactive Remediation Scripts to detect and automatically fix endpoint issues.
- Build custom detection and remediation logic using PowerShell to address:
- Configuration drift
- Vulnerability findings
- Application health issues
- Compliance gaps
- Develop remediation scripts that are idempotent, safe, and scalable across thousands of endpoints.
- Troubleshoot remediation scripts that fail silently, including:
- Analyzing Intune Management Extension logs
- Validating execution context (SYSTEM vs user)
- Handling exit codes, timeouts, and logging
- Maintain script repositories with documentation, version control, and rollback strategies.
- Manage enterprise application deployment using Intune Win32 apps, including:
- Packaging applications with the IntuneWinAppUtil
- Defining install, uninstall, and detection logic
- Understand and articulate the difference between:
- Win32 applications
- Line-of-Business (LOB) apps
- Microsoft Store apps (legacy and new Store integration)
- Troubleshoot application deployments that show as Pending, Failed, or Not Installed, including:
- Reviewing IME logs and Company Portal logs
- Diagnosing detection rule failures
- Addressing dependency and timing issues
- Implement and manage dependencies and supersede to support:
- Application upgrades
- Forced replacements
- Controlled uninstall/reinstall scenarios
- Partner with security and app teams to ensure deployments meet compliance and vulnerability remediation requirements.
- Own the end-to-end troubleshooting process for Intune enrollment and device registration issues.
- Diagnose and resolve issues across:
- Azure AD Join
- Hybrid Azure AD Join
- Azure AD Workplace Join
- Perform structured, step-by-step troubleshooting when devices:
- Fail to enroll
- Appear in Azure AD but not in Intune
- Enroll but fail to receive policies
- Leverage logs and tools including:
- Event Viewer (DeviceManagement-Enterprise-Diagnostics-Provider)
- Company Portal logs
- dsregcmd /status
- Intune Management Extension logs
- Lead efforts to migrate legacy GPO settings to Intune, including:
- Mapping policy intent
- Selecting appropriate Intune configuration profiles or settings catalog policies
- Validating behavior parity and user impact
- Design and enforce Intune compliance policies aligned with corporate security standards.
- Ensure non-compliant devices are automatically remediated or restricted.
- Understand and articulate how Conditional Access policies interact with Intune compliance.
- Troubleshoot scenarios where:
- Devices show as compliant in Intune
- Yet are blocked by Conditional Access
- Partner with Identity and Security teams to resolve:
- Token refresh issues
- Policy evaluation timing conflicts
- Device state mismatches
- Stay current with Intune, Microsoft Endpoint Manager, Entra ID, and Windows servicing changes.
- Evaluate new Intune features and determine enterprise readiness and adoption strategy.
- Document standards, runbooks, and operational procedures.
- Act as a technical escalation point and mentor junior engineers.
- Participate in endpoint architecture discussions and roadmap planning.
- 5+ years managing Windows endpoints in an enterprise environment
- 3+ years of hands-on Microsoft Intune administration
- Advanced PowerShell scripting for automation and remediation
- Deep understanding of:
- Intune Proactive Remediations
- Win32 app deployment
- Intune Management Extension behavior
- Strong troubleshooting skills across:
- Enrollment
- Application deployment
- Compliance and Conditional Access
- Experience migrating from GPO-based management to modern MDM
- Experience in Citrix, VDI, or hybrid endpoint environments
- Familiarity with vulnerability scanners (Nessus/Tenable) and endpoint remediation workflows
- Experience working with Defender for Endpoint
- Large-scale enterprise or regulated environment experience
- Endpoints remain compliant, healthy, and secure with minimal manual intervention
- Issues are detected and remediated automatically through scripting
- Application deployments are reliable, predictable, and well-documented
- Enrollment issues are resolved quickly with clear root cause analysis
- Legacy management debt is steadily reduced through Intune modernization
We are dedicated to fostering a collaborative, engaging, and inclusive environment and are committed to providing a workplace that empowers associates to be authentic and bring their best to work. We believe that associates do their best when they feel safe, understood, and valued, and we work diligently and collaboratively to ensure Broadridge is a company-and ultimately a community-that recognizes and celebrates everyone's unique perspective.
Use of AI in Hiring
As part of the recruiting process, Broadridge may use technology, including artificial intelligence (AI)-based tools, to help review and evaluate applications. These tools are used only to support our recruiters and hiring managers, and all employment decisions include human review to ensure fairness, accuracy, and compliance with applicable laws. Please note that honesty and transparency are critical to our hiring process. Any attempt to falsify, misrepresent, or disguise information in an application, resume, assessment, or interview will result in disqualification from consideration.
- Location:
- London
- Job Type:
- FullTime
- Category:
- Technology