

Lead macOS Intune MDM/MAM Engineer
About the role
EVOCS OVERVIEW EVOCS’s journey began with a mission to empower businesses with advisory expertise, empowered with idealtechnologies to provide them with comprehensive solutions to grow and prosper. Founded by a team of passionate experts, EVOCS has grown into a trusted partner to a growing number of leaders across their respective industries. Our roots in employee-managed operations reflect our commitment to quality, consistency, and client success. If you enjoy working in a hyper-fast-growing company, are eager to be part of an agile team, and want to be part of our success story, then let’s talk! 🎯 Role Overview We’re looking for an experienced Lead macOS Intune Engineer to own Apple device management across our enterprise. You’ll architect and drive the full lifecycle of macOS endpoints, from zero-touch provisioning through Apple Business Manager all the way to advanced security hardening with FileVault, Secure Enclave, and passwordless authentication. This is a high-impact individual contributor role sitting at the intersection of endpoint engineering, identity & access management, and security. You’ll collaborate closely with our Identity, Security, and IT Support teams to ensure every Mac, corporate or BYOD, meets our security posture and delivers a seamless user experience. 🧩 What you will do In this role, you will: macOS Endpoint Management Architect, deploy, and manage the lifecycle of macOS devices using Microsoft Intune MDM Design and tune configuration profiles, compliance policies, and security rules that keep Mac devices secure, performant, and user-friendly Apple Business Manager & Zero-Touch Provisioning Own the integration between Microsoft Intune and Apple Business Manager (ABM) Configure Automated Device Enrollment (ADE) for zero-touch Mac provisioning — corporate devices enroll and configure themselves out of the box Mobile Application Management (MAM) Manage app deployment and updates (App Store, VPP, and enterprise apps) through Intune Enforce app protection policies to secure corporate data on both managed and BYOD macOS devices Passwordless Authentication & Single Sign-On Implement Microsoft Entra ID Platform SSO on macOS using the Enterprise SSO plug-in Enable Secure Enclave-based authentication (hardware-backed keys, Touch ID) to deliver a Windows Hello–equivalent experience on Mac Ensure cloud accounts are properly linked to local Mac accounts, eliminating repeated password prompts Device Security & Encryption Manage FileVault full-disk encryption via Intune, including key escrow and recovery workflows Leverage Apple’s T2 / Apple Silicon security features and deploy Microsoft Defender for Endpoint on macOS Configure endpoint protection and compliance policies (password, screen lock, threat response) BYOD Strategy Design policies that apply MAM app protection and Conditional Access to personal Macs without intruding on personal data Define clear enrollment and access rules for non-corporate devices accessing company resources Identity & Security Best Practices Monitor and mitigate identity-related risks on Mac endpoints — password spray attacks, brute-force attempts, and unauthorized access Champion Zero Trust principles: least privilege, device compliance-gated access, and continuous verification Troubleshooting & Support Lead root-cause analysis for complex Intune enrollment, SSO, SecureToken/FileVault, and authentication failures Resolve misconfigurations quickly and provide durable fixes that prevent recurrence Documentation, Training & Continuous Improvement Develop and maintain runbooks, configuration guides, and incident response playbooks for macOS management Train and mentor IT support staff on Mac device support, Intune policy management, and security best practices Stay current with new Microsoft Endpoint Manager features and Apple platform updates; bring recommendations to the team 🧠 What you will bring 5+ years managing and securing macOS devices in an enterprise environment 3+ years hands-on with Microsoft Intune (Endpoint Manager) — deploying and managing macOS at scale Proven experience with Apple Business Manager (ABM) and Automated Device Enrollment (ADE) Strong command of Intune configuration profiles, compliance policies, and app protection policies for macOS Deep knowledge of FileVault encryption management via Intune — policy creation, key escrow, and recovery Solid understanding of Apple’s Secure Enclave, SecureToken, and related macOS security primitives Experience configuring Microsoft Entra ID Platform SSO and SSO extensions on macOS Familiarity with Conditional Access policies that tie device compliance to identity access Proficiency in scripting — Bash/zsh, PowerShell, and/or Python — for automation and Microsoft Graph API integrations Understanding of identity protection mechanisms: smart lockout, risk-based sign-in, MFA Ideally you have… Microsoft certifications: Modern Desktop Administrator Associate, Enterprise Administrator Expert, or Identity and Access Administrator Apple Certified Support Professional (ACSP) or equivalent credential Experience with Microsoft Defender for Endpoint on macOS Familiarity with Zero Trust frameworks and CIS Benchmarks for macOS Exposure to Azure AD Privileged Identity Management, Microsoft Sentinel, or Azure AD sign-in log analysis Experience managing iOS/iPadOS devices or cross-platform MDM environments Pay Range for jobs in the US. Pay Range $80—$85 USD 👥 Our Values We are privileged to serve our loyal customer base in our mission to build lasting relationships with our clients based on trust and mutual success. We strive to deliver exceptional quality and consistency through a white-glove approach. By empowering businesses with tailored solutions and insights, we help them achieve their goals and navigate the ever-evolving tech landscape. The values we live by: Customer-centric Solutions Innovation & Excellence Integrity & Transparency Data-driven Decision Making 📝 Need to Know The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.
Similar Jobs


Lead macOS Intune MDM/MAM Engineer
About the role
EVOCS OVERVIEW EVOCS’s journey began with a mission to empower businesses with advisory expertise, empowered with idealtechnologies to provide them with comprehensive solutions to grow and prosper. Founded by a team of passionate experts, EVOCS has grown into a trusted partner to a growing number of leaders across their respective industries. Our roots in employee-managed operations reflect our commitment to quality, consistency, and client success. If you enjoy working in a hyper-fast-growing company, are eager to be part of an agile team, and want to be part of our success story, then let’s talk! 🎯 Role Overview We’re looking for an experienced Lead macOS Intune Engineer to own Apple device management across our enterprise. You’ll architect and drive the full lifecycle of macOS endpoints, from zero-touch provisioning through Apple Business Manager all the way to advanced security hardening with FileVault, Secure Enclave, and passwordless authentication. This is a high-impact individual contributor role sitting at the intersection of endpoint engineering, identity & access management, and security. You’ll collaborate closely with our Identity, Security, and IT Support teams to ensure every Mac, corporate or BYOD, meets our security posture and delivers a seamless user experience. 🧩 What you will do In this role, you will: macOS Endpoint Management Architect, deploy, and manage the lifecycle of macOS devices using Microsoft Intune MDM Design and tune configuration profiles, compliance policies, and security rules that keep Mac devices secure, performant, and user-friendly Apple Business Manager & Zero-Touch Provisioning Own the integration between Microsoft Intune and Apple Business Manager (ABM) Configure Automated Device Enrollment (ADE) for zero-touch Mac provisioning — corporate devices enroll and configure themselves out of the box Mobile Application Management (MAM) Manage app deployment and updates (App Store, VPP, and enterprise apps) through Intune Enforce app protection policies to secure corporate data on both managed and BYOD macOS devices Passwordless Authentication & Single Sign-On Implement Microsoft Entra ID Platform SSO on macOS using the Enterprise SSO plug-in Enable Secure Enclave-based authentication (hardware-backed keys, Touch ID) to deliver a Windows Hello–equivalent experience on Mac Ensure cloud accounts are properly linked to local Mac accounts, eliminating repeated password prompts Device Security & Encryption Manage FileVault full-disk encryption via Intune, including key escrow and recovery workflows Leverage Apple’s T2 / Apple Silicon security features and deploy Microsoft Defender for Endpoint on macOS Configure endpoint protection and compliance policies (password, screen lock, threat response) BYOD Strategy Design policies that apply MAM app protection and Conditional Access to personal Macs without intruding on personal data Define clear enrollment and access rules for non-corporate devices accessing company resources Identity & Security Best Practices Monitor and mitigate identity-related risks on Mac endpoints — password spray attacks, brute-force attempts, and unauthorized access Champion Zero Trust principles: least privilege, device compliance-gated access, and continuous verification Troubleshooting & Support Lead root-cause analysis for complex Intune enrollment, SSO, SecureToken/FileVault, and authentication failures Resolve misconfigurations quickly and provide durable fixes that prevent recurrence Documentation, Training & Continuous Improvement Develop and maintain runbooks, configuration guides, and incident response playbooks for macOS management Train and mentor IT support staff on Mac device support, Intune policy management, and security best practices Stay current with new Microsoft Endpoint Manager features and Apple platform updates; bring recommendations to the team 🧠 What you will bring 5+ years managing and securing macOS devices in an enterprise environment 3+ years hands-on with Microsoft Intune (Endpoint Manager) — deploying and managing macOS at scale Proven experience with Apple Business Manager (ABM) and Automated Device Enrollment (ADE) Strong command of Intune configuration profiles, compliance policies, and app protection policies for macOS Deep knowledge of FileVault encryption management via Intune — policy creation, key escrow, and recovery Solid understanding of Apple’s Secure Enclave, SecureToken, and related macOS security primitives Experience configuring Microsoft Entra ID Platform SSO and SSO extensions on macOS Familiarity with Conditional Access policies that tie device compliance to identity access Proficiency in scripting — Bash/zsh, PowerShell, and/or Python — for automation and Microsoft Graph API integrations Understanding of identity protection mechanisms: smart lockout, risk-based sign-in, MFA Ideally you have… Microsoft certifications: Modern Desktop Administrator Associate, Enterprise Administrator Expert, or Identity and Access Administrator Apple Certified Support Professional (ACSP) or equivalent credential Experience with Microsoft Defender for Endpoint on macOS Familiarity with Zero Trust frameworks and CIS Benchmarks for macOS Exposure to Azure AD Privileged Identity Management, Microsoft Sentinel, or Azure AD sign-in log analysis Experience managing iOS/iPadOS devices or cross-platform MDM environments Pay Range for jobs in the US. Pay Range $80—$85 USD 👥 Our Values We are privileged to serve our loyal customer base in our mission to build lasting relationships with our clients based on trust and mutual success. We strive to deliver exceptional quality and consistency through a white-glove approach. By empowering businesses with tailored solutions and insights, we help them achieve their goals and navigate the ever-evolving tech landscape. The values we live by: Customer-centric Solutions Innovation & Excellence Integrity & Transparency Data-driven Decision Making 📝 Need to Know The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.