Endpoint Management Consultant

Endpoint Management Consultant

Posted 1 week ago by TalentHawk

Apply
Negotiable
Undetermined
Undetermined
United Kingdom
Apply
.NET Framework Application Deployment Attack Surface Management Azure Active Directory BitLocker Drive Encryption Data Encryption Device Management Encryption Endpoint Management Endpoint Security Enterprise Performance Management (EPM) Management Management Consulting Microsoft 365 Microsoft Azure Microsoft Intune (Mobile Device Management Software) Microsoft Windows

Summary: The role of Endpoint Management Consultant involves providing expert guidance on Microsoft Endpoint Security, focusing on Intune, Endpoint Privilege Management, and Defender for Endpoint configurations. The consultant will assess current setups, recommend best practices, and implement security measures aligned with Zero Trust principles. The ideal candidate will possess extensive knowledge in modern device management and security baselines. This position requires a proactive approach to enhance endpoint security across client environments.

Key Responsibilities:

  • Evaluate current Endpoint Privilege Management (EPM) setup and recommend best practices for secure privilege elevation.
  • Review and improve AutoPilot / Auto-Enrollment configurations.
  • Assess and optimize Intune Global Baseline, platform-specific, and department-specific policies.
  • Design and implement Conditional Access and Security-Role Exceptions to align with Zero Trust principles.
  • Integrate Defender for Endpoint threat insights with Intune compliance actions (e.g., automatic quarantine).
  • Provide guidance on managing BYOD with corporate/personal data separation.
  • Advise on IntuneWin packaging with app dependencies (e.g., pre-install .NET).
  • Implement and enforce data exfiltration prevention policies via Intune.
  • Enable secure remote control capabilities for IT, ensuring auditability via Azure AD logs.
  • Review existing Defender for Endpoint configurations: Antivirus Attack Surface Reduction (ASR), Device Control ATP (Advanced Threat Protection).
  • Evaluate Windows Update Rings and clarify policies for Quality and Feature updates.
  • Recommend best practices for grace periods, deadlines, and policy structuring.
  • Compare and advise on CIS vs Microsoft Security Baselines for optimal compliance and minimal disruption.
  • Audit and standardize BitLocker encryption policies and enforcement to reduce non-compliance.
  • Review and simplify Account Protection Policies to reduce policy sprawl and confusion.

Key Skills:

  • Strong experience with Microsoft Intune, Defender for Endpoint, and Azure AD Conditional Access.
  • Proven track record of implementing Zero Trust security architecture.
  • Deep understanding of Windows device management, BitLocker, and Intune compliance policies.
  • Familiarity with CIS security baselines and Microsoft baseline comparison.
  • Experience with IntuneWin packaging and application deployment strategies.
  • Ability to provide clear documentation and actionable best-practice recommendations.

Salary (Rate): undetermined

City: undetermined

Country: United Kingdom

Working Arrangements: undetermined

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

We are seeking an experienced Microsoft Endpoint Security Architect or Consultant to review, assess, and provide best-practice guidance across our clients Intune, Endpoint Privilege Management (EPM), and Defender for Endpoint configuration. The ideal candidate will have deep expertise in modern device management, security baselines, and zero-trust enforcement using Microsoft technologies.

Key Responsibilities:

  • Evaluate current Endpoint Privilege Management (EPM) setup and recommend best practices for secure privilege elevation.
  • Review and improve AutoPilot / Auto-Enrollment configurations.
  • Assess and optimize Intune Global Baseline , platform-specific, and department-specific policies.
  • Design and implement Conditional Access and Security-Role Exceptions to align with Zero Trust principles.
  • Integrate Defender for Endpoint threat insights with Intune compliance actions (e.g., automatic quarantine).
  • Provide guidance on managing BYOD with corporate/personal data separation.
  • Advise on IntuneWin packaging with app dependencies (e.g., pre-install .NET).
  • Implement and enforce data exfiltration prevention policies via Intune.
  • Enable secure remote control capabilities for IT, ensuring auditability via Azure AD logs .

Assessment & Advisory Areas:

  • Review existing Defender for Endpoint configurations: Antivirus Attack Surface Reduction (ASR) Device Control ATP (Advanced Threat Protection)
  • Evaluate Windows Update Rings and clarify policies for Quality and Feature updates.
  • Recommend best practices for grace periods, deadlines, and policy structuring .
  • Compare and advise on CIS vs Microsoft Security Baselines for optimal compliance and minimal disruption.
  • Audit and standardize BitLocker encryption policies and enforcement to reduce non-compliance.
  • Review and simplify Account Protection Policies to reduce policy sprawl and confusion.

Required Skills & Experience:

  • Strong experience with Microsoft Intune , Defender for Endpoint , and Azure AD Conditional Access .
  • Proven track record of implementing Zero Trust security architecture.
  • Deep understanding of Windows device management , BitLocker , and Intune compliance policies .
  • Familiarity with CIS security baselines and Microsoft baseline comparison.
  • Experience with IntuneWin packaging and application deployment strategies.
  • Ability to provide clear documentation and actionable best-practice recommendations.
Apply
Similar Jobs
Loading data...