Endpoint Management with Microsoft Intune

Over the course of Adam's time managing the organization's device fleet, he configured, tested, and deployed a wide range of solutions through Microsoft Intune covering 200+ Windows devices alongside iOS and Android personal devices. The projects below represent key initiatives that improved security, reduced IT overhead, and standardized device management across the organization.

Device Enrollment & Autopilot

Enrolled 200+ Windows devices into Intune using a cloud-native Entra joined approach without requiring devices to be reimaged. This in-place enrollment method preserved all user data and applications, saving significant time and avoiding disruption to day-to-day operations. Devices were configured for Windows Autopilot, enabling zero-touch provisioning for any new or reset devices going forward. Internal documentation and a runbook were created to standardize the process for future IT use.

LAPS & Local Admin Management

Prior to LAPS being configured, the organization had locally created admin account with a seasonally rotating password set up on all devices, leaving those and the default Windows Administrator account as a potential backdoor. Adam configured LAPS (Local Admin Password Solution) through Intune for all cloud-joined devices, rotating the local admin password frequently and storing it securely in Entra ID. This solved a real operational problem: when users needed elevated access for approved tasks, IT could provide the LAPS password through the RMM, temporarily enabling the Administrator account for the workday only. This also proved critical in time-sensitive situations where users had performed unauthorized SSD swaps or device resets and ended up going through Autopilot enrollment without the RMM installed.

Security & Compliance Policies

Configured, tested, and deployed a suite of security and compliance policies across the entire Windows device fleet through Intune. This included baseline compliance policies to enforce minimum security standards and conditional access policies tied to Entra ID to ensure only compliant devices could access company resources. Policies were validated in a test environment before being pushed to production to minimize risk of disruption.

BYOD & Application Deployment

Designed and deployed app protection and compliance policies for iOS and Android personal devices through a canary rollout — launching first with select departments to gather live feedback and identify issues before expanding company wide. Policies were configured to protect company data on personal devices without requiring full device enrollment, offering a balance between security and user privacy. On the Windows side, core business applications including UniFLOW, ITSPlatform, and E-Automate were packaged and deployed silently through Intune, eliminating the need for manual installation and reducing IT overhead for application requests.

Outcomes & Technologies

The transition from SCCM to Intune delivered measurable improvements across security, operations, and cost. 200+ devices were enrolled cloud-natively without data loss, SCCM was decommissioned reducing licensing overhead, and the organization gained full visibility into device compliance for the first time. LAPS eliminated a long-standing local admin security gap. BYOD policies secured company data on personal devices without sacrificing user experience. Silent application deployments reduced IT tickets and standardized the software environment across the fleet.

Technologies Used: Microsoft Intune • Microsoft Entra ID • Windows Autopilot • LAPS • Conditional Access • App Protection Policies • PowerShell • iOS • Android • Windows 10/11

Phone

(516) 551-2522

Area of living

East Meadow, NY 11554
United States of America