Addrovia Technologies
Lead MacOS Intune MDM/MAM Engineer
β - Featured Role | Apply direct with Data Freelance Hub
This role is for a Lead macOS Intune MDM/MAM Engineer in Denver, CO (Hybrid), with a contract length of "Unknown" and a pay rate of "Unknown." Candidates must have a Bachelor's degree, 5+ years in enterprise macOS administration, and expertise in Microsoft Intune and Apple Business Manager.
π - Country
United States
π± - Currency
$ USD
-
π° - Day rate
Unknown
-
ποΈ - Date
June 30, 2026
π - Duration
Unknown
-
ποΈ - Location
Hybrid
-
π - Contract
Unknown
-
π - Security
Unknown
-
π - Location detailed
Denver, CO
-
π§ - Skills detailed
#Computer Science #Leadership #Deployment #Security #Bash #Kerberos #Automation #Python #MDM (Master Data Management) #API (Application Programming Interface) #Azure #Documentation #Defender #Vault #Graph API #IAM (Identity and Access Management) #Compliance #iOS #SAML (Security Assertion Markup Language)
Role description
Job Title: Lead macOS Intune MDM/MAM Engineer
Location: Denver, CO (Hybrid)
Visa: USC & Green Card
Interview: Zoom
Position Overview
We are seeking a highly skilled Lead macOS Intune MDM/MAM Engineer to lead enterprise management of macOS devices using Microsoft Intune (Endpoint Manager). This role focuses on securing, deploying, and managing Apple devices using Apple Business Manager (ABM), Automated Device Enrollment (ADE), Microsoft Entra ID (Azure AD), Platform SSO, FileVault, Secure Enclave, Microsoft Defender for Endpoint, and Conditional Access.
The ideal candidate has extensive experience with enterprise macOS management, identity integration, endpoint security, Zero Trust architecture, passwordless authentication, and BYOD management within the Microsoft ecosystem.
Key Responsibilities
macOS Device Management
β’ Design, deploy, and manage enterprise macOS devices using Microsoft Intune MDM.
β’ Create and maintain configuration profiles, compliance policies, endpoint security policies, and device restrictions.
β’ Manage the complete macOS device lifecycle from provisioning through retirement.
Apple Business Manager & ADE
β’ Integrate Apple Business Manager (ABM) with Microsoft Intune.
β’ Configure Automated Device Enrollment (ADE/DEP) for zero-touch deployment.
β’ Manage enrollment profiles, enrollment tokens, and Apple Volume Purchase Program (VPP).
Mobile Application Management
β’ Deploy App Store and enterprise applications through Intune.
β’ Configure Mobile Application Management (MAM) policies.
β’ Implement app protection policies for corporate and BYOD macOS devices.
Identity & Authentication
β’ Configure Microsoft Entra ID Platform SSO.
β’ Implement passwordless authentication using Secure Enclave, Touch ID, passkeys, and FIDO2.
β’ Deploy Microsoft Enterprise SSO Plug-in and Apple Extensible SSO.
β’ Integrate macOS authentication with Microsoft Entra ID.
Endpoint Security
β’ Configure FileVault full-disk encryption and recovery key escrow.
β’ Implement SecureToken and Secure Enclave security features.
β’ Deploy Microsoft Defender for Endpoint for macOS.
β’ Configure Conditional Access, compliance policies, MFA, and Zero Trust security controls.
BYOD Management
β’ Develop secure BYOD strategies using Intune MAM.
β’ Configure app protection policies and Conditional Access.
β’ Ensure corporate data remains protected on personal macOS devices.
Identity & Security
β’ Implement Azure AD Identity Protection and Smart Lockout policies.
β’ Protect against password spray and identity-based attacks.
β’ Collaborate with IAM and Security teams on authentication and compliance initiatives.
Troubleshooting
β’ Resolve complex Intune enrollment, ADE, FileVault, SecureToken, Platform SSO, and authentication issues.
β’ Perform root-cause analysis for device and identity problems.
β’ Optimize Intune policies and user experience.
Documentation & Leadership
β’ Develop technical documentation, SOPs, runbooks, and deployment guides.
β’ Mentor junior engineers and support teams.
β’ Evaluate new Microsoft and Apple technologies for continuous improvement.
Required Qualifications
β’ Bachelor's degree in Computer Science, Information Technology, or related field.
β’ 5+ years of enterprise macOS administration.
β’ 3+ years of Microsoft Intune administration focused on macOS.
β’ Strong expertise in:
β’ Microsoft Intune (Endpoint Manager)
β’ Apple Business Manager (ABM)
β’ Automated Device Enrollment (ADE/DEP)
β’ Microsoft Entra ID (Azure AD)
β’ Platform SSO
β’ Microsoft Enterprise SSO Plug-in
β’ FileVault
β’ SecureToken
β’ Secure Enclave
β’ Passkeys & FIDO2 Authentication
β’ Microsoft Defender for Endpoint
β’ Conditional Access
β’ MFA
β’ Apple MDM configuration profiles
β’ Compliance and Endpoint Security policies
β’ Strong understanding of SAML, OAuth, OIDC, Kerberos, and identity management.
β’ Experience with Bash, PowerShell, Python, or Microsoft Graph API automation.
β’ Excellent troubleshooting, documentation, leadership, and communication skills.
Preferred Qualifications
β’ Microsoft 365 Certified: Modern Desktop Administrator Associate
β’ Microsoft Certified: Identity and Access Administrator
β’ Microsoft Enterprise Administrator Expert
β’ Apple Certified Support Professional (ACSP)
β’ Experience with Microsoft Sentinel, Azure AD Identity Protection, CIS Benchmarks, NIST, and Zero Trust security.
β’ Experience managing iOS/iPadOS devices with Intune.
β’ Cross-platform endpoint management (Windows/macOS).
Key Skills
β’ Microsoft Intune (MDM/MAM)
β’ macOS Administration
β’ Apple Business Manager (ABM)
β’ Automated Device Enrollment (ADE)
β’ Microsoft Entra ID (Azure AD)
β’ Platform SSO
β’ FileVault
β’ SecureToken
β’ Secure Enclave
β’ Microsoft Defender for Endpoint
β’ Conditional Access
β’ MFA
β’ BYOD Management
β’ Zero Trust
β’ Endpoint Security
β’ Apple MDM
β’ VPP
β’ Microsoft Graph API
β’ PowerShell
β’ Bash
β’ Python
β’ Identity & Access Management
β’ SAML
β’ OAuth
β’ OIDC
β’ Kerberos
β’ Endpoint Compliance
β’ Enterprise Mobility
β’ Technical Leadership
β’ Documentation
β’ Troubleshooting
Job Title: Lead macOS Intune MDM/MAM Engineer
Location: Denver, CO (Hybrid)
Visa: USC & Green Card
Interview: Zoom
Position Overview
We are seeking a highly skilled Lead macOS Intune MDM/MAM Engineer to lead enterprise management of macOS devices using Microsoft Intune (Endpoint Manager). This role focuses on securing, deploying, and managing Apple devices using Apple Business Manager (ABM), Automated Device Enrollment (ADE), Microsoft Entra ID (Azure AD), Platform SSO, FileVault, Secure Enclave, Microsoft Defender for Endpoint, and Conditional Access.
The ideal candidate has extensive experience with enterprise macOS management, identity integration, endpoint security, Zero Trust architecture, passwordless authentication, and BYOD management within the Microsoft ecosystem.
Key Responsibilities
macOS Device Management
β’ Design, deploy, and manage enterprise macOS devices using Microsoft Intune MDM.
β’ Create and maintain configuration profiles, compliance policies, endpoint security policies, and device restrictions.
β’ Manage the complete macOS device lifecycle from provisioning through retirement.
Apple Business Manager & ADE
β’ Integrate Apple Business Manager (ABM) with Microsoft Intune.
β’ Configure Automated Device Enrollment (ADE/DEP) for zero-touch deployment.
β’ Manage enrollment profiles, enrollment tokens, and Apple Volume Purchase Program (VPP).
Mobile Application Management
β’ Deploy App Store and enterprise applications through Intune.
β’ Configure Mobile Application Management (MAM) policies.
β’ Implement app protection policies for corporate and BYOD macOS devices.
Identity & Authentication
β’ Configure Microsoft Entra ID Platform SSO.
β’ Implement passwordless authentication using Secure Enclave, Touch ID, passkeys, and FIDO2.
β’ Deploy Microsoft Enterprise SSO Plug-in and Apple Extensible SSO.
β’ Integrate macOS authentication with Microsoft Entra ID.
Endpoint Security
β’ Configure FileVault full-disk encryption and recovery key escrow.
β’ Implement SecureToken and Secure Enclave security features.
β’ Deploy Microsoft Defender for Endpoint for macOS.
β’ Configure Conditional Access, compliance policies, MFA, and Zero Trust security controls.
BYOD Management
β’ Develop secure BYOD strategies using Intune MAM.
β’ Configure app protection policies and Conditional Access.
β’ Ensure corporate data remains protected on personal macOS devices.
Identity & Security
β’ Implement Azure AD Identity Protection and Smart Lockout policies.
β’ Protect against password spray and identity-based attacks.
β’ Collaborate with IAM and Security teams on authentication and compliance initiatives.
Troubleshooting
β’ Resolve complex Intune enrollment, ADE, FileVault, SecureToken, Platform SSO, and authentication issues.
β’ Perform root-cause analysis for device and identity problems.
β’ Optimize Intune policies and user experience.
Documentation & Leadership
β’ Develop technical documentation, SOPs, runbooks, and deployment guides.
β’ Mentor junior engineers and support teams.
β’ Evaluate new Microsoft and Apple technologies for continuous improvement.
Required Qualifications
β’ Bachelor's degree in Computer Science, Information Technology, or related field.
β’ 5+ years of enterprise macOS administration.
β’ 3+ years of Microsoft Intune administration focused on macOS.
β’ Strong expertise in:
β’ Microsoft Intune (Endpoint Manager)
β’ Apple Business Manager (ABM)
β’ Automated Device Enrollment (ADE/DEP)
β’ Microsoft Entra ID (Azure AD)
β’ Platform SSO
β’ Microsoft Enterprise SSO Plug-in
β’ FileVault
β’ SecureToken
β’ Secure Enclave
β’ Passkeys & FIDO2 Authentication
β’ Microsoft Defender for Endpoint
β’ Conditional Access
β’ MFA
β’ Apple MDM configuration profiles
β’ Compliance and Endpoint Security policies
β’ Strong understanding of SAML, OAuth, OIDC, Kerberos, and identity management.
β’ Experience with Bash, PowerShell, Python, or Microsoft Graph API automation.
β’ Excellent troubleshooting, documentation, leadership, and communication skills.
Preferred Qualifications
β’ Microsoft 365 Certified: Modern Desktop Administrator Associate
β’ Microsoft Certified: Identity and Access Administrator
β’ Microsoft Enterprise Administrator Expert
β’ Apple Certified Support Professional (ACSP)
β’ Experience with Microsoft Sentinel, Azure AD Identity Protection, CIS Benchmarks, NIST, and Zero Trust security.
β’ Experience managing iOS/iPadOS devices with Intune.
β’ Cross-platform endpoint management (Windows/macOS).
Key Skills
β’ Microsoft Intune (MDM/MAM)
β’ macOS Administration
β’ Apple Business Manager (ABM)
β’ Automated Device Enrollment (ADE)
β’ Microsoft Entra ID (Azure AD)
β’ Platform SSO
β’ FileVault
β’ SecureToken
β’ Secure Enclave
β’ Microsoft Defender for Endpoint
β’ Conditional Access
β’ MFA
β’ BYOD Management
β’ Zero Trust
β’ Endpoint Security
β’ Apple MDM
β’ VPP
β’ Microsoft Graph API
β’ PowerShell
β’ Bash
β’ Python
β’ Identity & Access Management
β’ SAML
β’ OAuth
β’ OIDC
β’ Kerberos
β’ Endpoint Compliance
β’ Enterprise Mobility
β’ Technical Leadership
β’ Documentation
β’ Troubleshooting
