Global Modern Workplace SME Specialist / Intune

Global Workplace SME Specialist (Intune) – Overview

Within the IT Infrastructure Department and under its governance, the Global Workplace SME Specialist (Intune) reports to the Global Workplace SME Manager and acts as a Team Leader for the Intune domain. The role is responsible for the global endpoint management service, ensuring secure, compliant, and reliable device experiences for end users worldwide, while providing technical leadership, guidance, and coordination to the Intune specialist team.

Key Responsibilities

• Act as a technical team leader for endpoint management: set direction, establish standards, and drive consistent execution across regions.
• Coordinate work with different teams; mentor and coach team members through complex issues and escalations.
• Own technical decision-making and contribute to roadmap planning, change governance, and continuous improvement for the Intune service.
• Own and operate the global endpoint management platform (Microsoft Intune / Microsoft Endpoint Manager).
• Provide Tier-3 escalation support and coaching to the Global Workplace Operations and Global Service Desk teams.
• Partner with local IT teams across agencies/sites for advanced troubleshooting, rollout execution, and continuous improvement.
• Support business stakeholders and end users by translating requirements into scalable, secure endpoint solutions.

Global Endpoints Management

• Manage and support the global workstation, mobile, and meeting-room device environment, ensuring high availability and a consistent end-user experience.
• Administer Microsoft Intune and Windows Autopilot, including tenant configuration, enrollment, provisioning profiles, device groups, and lifecycle standards.
• Design, implement, and maintain endpoint configuration policies (configuration profiles, security baselines, update rings/feature updates), with appropriate testing and phased deployment.
• Define and manage compliance policies and remediation actions; monitor compliance posture through reporting and dashboards; drive corrective actions with local IT and business owners.
• Partner with Identity/Security teams to align device posture with Azure AD (Entra ID) Conditional Access and endpoint security requirements.
• Package, deploy, update, and support business and standard applications (Win32, Microsoft Store, LOB), including application assignment strategy and troubleshooting failed installs.
• Provide Tier-3 technical support during incident bridges and technical calls; perform root-cause analysis and implement preventive fixes.
• Maintain technical documentation and end-user knowledge articles (How-to guides, FAQs) and ensure operational runbooks are current.
• Coordinate and follow up on escalations with third-party vendors, tracking progress and ensuring timely resolution.
• Follow Incident, Problem, and Change Management processes (e.g., ITIL), including change planning, risk assessment, communication, and post-implementation review.
• Contribute to the roadmap for the endpoint environment by proposing improvements, standardisation opportunities, and automation.

Additional Responsibilities

• Support ad-hoc tasks and projects as required, including pilots, rollouts, and service improvements.
• Contribute to project delivery standards, documentation, and quality processes; ensure operational readiness (handover, runbooks, monitoring).
• Identify risks and recurring issues; proactively propose and implement corrective actions, automation, and standardisation.
• Participate in global governance forums (change advisory boards, security reviews) and contribute to policy/standard definition for endpoint management.

Performance Skills

• Understand priorities are business-driven and balance user experience, security, and operational stability.
• Strong technical depth and a demonstrated passion for technology.
• Analytical, structured problem-solving skills with attention to detail.
• Strong organization and planning skills; able to manage multiple priorities and deadlines.
• Able to work independently with accountability; delivers results with minimal supervision.
• Proactive mindset with continuous improvement orientation.
• Comfortable working in a global environment and able to operate effectively with ambiguity.

Deliverables and Success Measures

• Stable and secure Intune service with documented standards, runbooks, and validated deployment procedures.
• Sustained device compliance posture with actionable reporting and timely remediation across regions.
• Successful Autopilot provisioning and Windows update/feature release cadence with minimal end-user disruption.
• High-quality application packaging and deployment outcomes (install success rates, reduced tickets, fast recovery from failures).
• Effective incident/problem/change management participation, including root-cause analysis and preventive improvements.

Technical

• Hands-on experience with Microsoft Intune (MDM/MAM), Windows and mobile device compliance, configuration profiles, and app deployment.
• Strong knowledge of Microsoft Entra ID (Azure AD), Conditional Access, Microsoft 365 services, and endpoint security fundamentals.
• Extensive hands-on support experience with Windows 11, Microsoft 365 Apps and troubleshooting across endpoint, identity, and networking dependencies.
• Windows workstation environments (Windows 11), troubleshooting and performance tuning.
• Microsoft 365 (Apps, Teams, OneDrive) and endpoint productivity tooling.
• Microsoft Intune / Endpoint Manager (enrollment, configuration, compliance, application management, Intune Suite).
• Windows Autopilot and modern provisioning processes.
• Microsoft Entra ID (Azure AD) and Conditional Access policy alignment.
• Windows Update for Business / update rings and servicing strategy.
• Application packaging and deployment concepts (Win32, MSI/MSIX), detection rules, and remediation.
• PowerShell scripting and automation for endpoint operations and reporting.
• Security best practices for endpoints (hardening, least privilege, compliance monitoring); familiarity with Microsoft Defender for Endpoint is a plus.
• MSI/MSIX packaging for Intune (Win32 apps) and troubleshooting installation/detection issues.
• Minimum 5 years of experience in a similar endpoint management / workplace engineering role.
• Collaborative and service-oriented; able to work effectively with global teams and diverse stakeholders.
• Excellent communication skills (written and verbal), able to explain technical topics to non-technical audiences.
• Demonstrates ownership and accountability; drives initiatives from design through delivery and steady-state operations.
• Familiarity with IT asset management and ITIL practices (incident/problem/change) is preferred.
• Professional in English language (oral and written).

Languages

Professional in English language (oral and written).

What we offer

We offer a range of benefits including new Learning opportunities, a comprehensive Welfare System, Life and Health Insurance, Modern Workstation and Discounts within the MSC group. Moreover, MSC Technology Italy fosters a culture of innovation and wellbeing by simultaneously pursuing various initiatives such as Meetups, Technical and General Events, Gaming Tournaments, Company Charity Initiatives and a Sustainability program designed to benefit all employees.

Equal Employment Opportunities

Our Company provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics.