Job Description – L3 / SME Endpoint Architect (SCCM / Intune / MEM)
Role Overview
The L3 Endpoint SME is responsible for end-to-end ownership, architecture, and optimization of endpoint management platforms, including Microsoft Endpoint Configuration Manager (SCCM) and Microsoft Intune (MEM).
This role acts as the highest technical escalation point, drives platform stability, automation, and modernization (Intune-first strategy), and ensures secure, compliant, and scalable endpoint management across the enterprise.
Key Responsibilities
Platform Ownership & Architecture
Own the design, architecture, and roadmap for:
SCCM (ConfigMgr)
Microsoft Intune (MDM/MAM)
Co-management (SCCM + Intune)
Drive transition towards cloud-first endpoint management (Intune-first approach)
Define standards for:
Device configuration
Application deployment
Patch management
Compliance & security baselines
Advanced Troubleshooting & Escalation (L3)
Act as final escalation point for complex endpoint issues:
Patch failures across large device groups
Application deployment failures (complex packaging/detection issues)
Co-management conflicts (SCCM vs Intune workloads)
Policy conflicts (GPO, Intune, security baselines)
Perform deep-dive troubleshooting using:
SCCM logs (CAS.log, WUAHandler.log, AppEnforce.log, etc.)
Intune diagnostics & device logs
Engage Microsoft/OEM support with detailed diagnostics
Patch Management Strategy & Governance
Define and govern enterprise patching strategy:
Monthly patch cycles
Emergency patching (zero-day vulnerabilities)
Patch rings and deployment groups
Ensure high compliance (>95–98%) across environment
Align patching with security and audit requirements
Application Packaging Strategy & Engineering
Define standards and frameworks for:
Application packaging (MSI, EXE, Win32 apps)
Detection methods and deployment logic
Review and approve complex application packages
Drive automation and standardization in packaging
Policy & Compliance Management
Design and implement:
Intune configuration profiles
Compliance policies
Conditional access integration
Resolve conflicts between:
GPO vs Intune policies
Legacy vs modern management approaches
Ensure endpoint compliance with security baselines and audit controls
Automation & Modernization
Lead automation initiatives using:
PowerShell (advanced scripting expected)
Graph API (preferred)
Automate:
Patch deployments
Application rollouts
Compliance remediation
Drive adoption of:
Autopilot
Zero-touch provisioning
AIOps (where applicable)
Monitoring, Reporting & Optimization
Define KPIs and dashboards for:
Patch compliance
Application deployment success
Device health and compliance
Identify and eliminate:
Deployment failures
Recurring incidents
Optimize infrastructure:
SCCM site performance
Distribution point efficiency
Intune sync performance
Security & Compliance Alignment
Work closely with security teams to:
Implement endpoint security baselines
Support vulnerability management (patch SLAs)
Ensure readiness for:
Internal/external audits
Compliance frameworks
Leadership & Stakeholder Management
Provide technical leadership to L1 & L2 teams
Review technical quality of incident resolution
Lead technical discussions with client stakeholders
Present:
Improvement roadmap
Platform health reports
Risk and mitigation plans
Required Skills & Qualifications
Technical Expertise (Non-Negotiable)
Deep hands-on experience in:
SCCM (ConfigMgr) – architecture, troubleshooting, performance tuning
Microsoft Intune (MEM) – device management, compliance, app deployment
Strong expertise in:
Windows 10/11 management
Azure AD / Entra ID
Group Policy (GPO)
Advanced Skills
Strong scripting expertise:
PowerShell (mandatory)
Graph API (good to have)
Experience with:
Windows Autopilot
Co-management design & optimization
Windows Update for Business (WUfB)
Process & Governance
Strong ITIL understanding:
Incident, Problem, Change Management
Experience in:
CAB discussions
RCA reviews
Audit and compliance reporting
Soft Skills
Strong decision-making during critical issues
Ability to simplify complex technical issues for business stakeholders
Ownership mindset with proactive problem-solving
Ability to challenge and improve existing setups (not just maintain)
Experience & Education
7–10+ years of experience in endpoint management / EUC engineering
3+ years in L3 / SME / Architect role
Bachelor’s degree in IT or related field
Certifications (strongly preferred):
Microsoft Endpoint Administrator (MD-102)
Azure Administrator (AZ-104)