AvePoint - IT Infra Engineer (Endpoint Management)

• Multi-Platform Engineering & Orchestration • Unified Management: Architect, migrate and maintain a "single pane of glass" management strategy using Microsoft Intune, Apple School Manager, and Google Admin Console to ensure seamless integrations. • Unified Management: • Microsoft Intune • Apple School Manager • Google Admin Console • Zero-Touch Provisioning: • Windows Autopilot • Apple School Manager (DEP) • Chrome Zero-Touch Enrollment • Platform Specialization: Windows: Manage physical hardware and Cloud PCs via modern MDM policies. • Windows: • Apple: Oversee macOS and iPadOS configuration profiles and VPP app distribution. • Apple: • ChromeOS: Manage fleet-wide policies and application delivery for Chromebooks. • ChromeOS: • Enterprise vs. Student Strategy • Enterprise Excellence: Implement "Zero Trust" security baselines, Conditional Access, and seamless SSO for corporate staff to ensure maximum productivity and data protection. • Enterprise Excellence: • Student Enablement: Design specialized configurations for student devices, focusing on Shared iPad setups, "Kiosk Mode" for high-stakes testing, and web-content filtering. • Student Enablement: • Scale & Lifecycle: Manage the lifecycle of thousands of devices, from procurement and automated enrolment to remote wipe and decommissioning. • Scale & Lifecycle: • Secure Endpoint Management • Architect secure device compliance frameworks within Intune, ensuring only "healthy" and compliant devices (including Cloud PCs) can access corporate resources. • Intune • Utilize tools such as KQL (Kusto Query Language) and Sentinel to build advanced security visualizations and monitoring workbooks, identifying anomalous behaviour across the M365 stack. • KQL (Kusto Query Language) • Eliminate technical debt by transitioning legacy GPOs and security configurations to modern, cloud-based security baselines. • Automation & Observability • Automation: Engineer for scalability by building reusable automation and utilizing PowerShell scripting and related tools like PowerBI, Dynatrace and Axonius to monitor service health and reporting to derive insights. • Automation: • Scripting & API: Use PowerShell, Bash, and Python to automate repetitive tasks and interact with the Microsoft Graph API for custom reporting. • Scripting & API: • PowerShell • Python • Microsoft Graph API • Fleet Analytics: Utilize KQL and Endpoint Analytics to monitor device health, battery wear, and application performance across the entire estate. • Fleet Analytics: • Endpoint Analytics • Self-Service: Develop and maintain "Self-Service" portals for both staff and students to empower users and reduce helpdesk ticket volume. • Self-Service: • General Responsibilities • Engage stakeholders to translate business requirement into design and services to meet the intended availability, capacity, resiliency, security and continuity requirements. • Engage stakeholders • Forecast budget needed to support the project initiatives and maintenance contracts. • Forecast budget • Ensure MOE’s related Technical Architecture are in compliance with IM8 and Agency’s IT Policies and Standards. • Manage day-to-day delivery and support of application infrastructure services and collaborate with other government agencies and central services teams to facilitate and deliver government-wide services. • Leadership & Strategic Compliance • Strategic Design: Develop global standards for device hardware, OS patch management, and application packaging. • Strategic Design: • Cross-Functional Collaboration: Partner with Security, EdTech, and Operations teams to ensure device policies meet both regulatory compliance and educational outcomes. • Cross-Functional Collaboration: • Mentorship: Act as the Tier 3 escalation point and mentor for junior engineers and campus technicians. • Mentorship: