It Infrastructure Lead

Role & responsibilities

Job Description: IT Infrastructure Lead (GPO to Intune Migration Large Enterprises)
Position Overview

We are seeking a highly skilled IT Infrastructure Lead to oversee the end-to-end migration of enterprise infrastructure from on-premises Group Policy Objects (GPOs) and SCCM-managed environments to Microsoft Intune. The successful candidate will lead infrastructure assessment, architecture validation, and migration execution to modern, cloud-based management aligned with Microsoft’s Zero Trust framework.

This role requires deep expertise in Active Directory, SCCM/Intune co-management, BitLocker/MBAM transitions, and enterprise-level infrastructure governance, ensuring that all migration activities are secure, compliant, and optimized for scalability.

Key Responsibilities
Infrastructure Assessment & Planning

Evaluate existing Active Directory (AD), SCCM, and MBAM environments to identify dependencies, configurations, and readiness gaps.

Lead the assessment and discovery phase, ensuring complete GPO inventory collection, classification, and compatibility evaluation using Group Policy Analytics.

Develop a migration roadmap that defines assessment, pilot, phased rollout, and post-migration optimization timelines.

Identify and document all prerequisite configurations for Intune, including Conditional Access, compliance baselines, and automation requirements.

Architecture Design & Governance

Define and validate the solution architecture for migrating GPOs and SCCM configurations to Intune.

Ensure architectural alignment with enterprise policies, security frameworks (ISO 27001, SOC, GDPR), and regulatory requirements.

Oversee the design and implementation of BitLocker-to-Intune migration, ensuring TPM compliance and secure key escrow in Azure AD.

Coordinate with cloud infrastructure and security teams to ensure Zero Trust principles, identity-based access controls, and multi-region compliance are maintained.

Migration Oversight & Execution

Oversee migration execution across all project phases, starting from pilot to full-scale deployment.

Ensure structured rollout plans with defined fallback and rollback mechanisms to mitigate risk.

Supervise policy deployment activities including Configuration Profiles, Security Baselines, Patch Management, and Endpoint Protection.

Validate all migrated configurations through Intune reporting, compliance dashboards, and Azure Monitor insights.

Stakeholder Management & Coordination

Act as the primary technical liaison between project stakeholders, including IT Operations, Security, Compliance, and Executive Management.

Communicate project status, risks, and mitigation plans clearly to stakeholders at all levels.

Facilitate alignment between technical deliverables and business objectives, ensuring minimal disruption during migration.

Security, Compliance & Reporting

Validate policy enforcement, encryption, and patch management compliance post-migration.

Utilize Intune and Azure reporting tools to monitor endpoint health, policy deployment success, and overall compliance posture.

Collaborate with security teams to ensure consistent implementation of Microsoft Defender for Endpoint, Conditional Access, and Data Loss Prevention (DLP) policies.

Team Leadership & Knowledge Transfer

Lead a team of Intune Specialists, QA Engineers, and Infrastructure Analysts throughout the project lifecycle.

Provide technical guidance, mentorship, and escalation support for complex infrastructure or migration challenges.

Develop and deliver training sessions, documentation, and standard operating procedures (SOPs) for post-migration management.

Required Qualifications & Skills

8+ years of experience in IT Infrastructure Management with hands-on experience in Microsoft ecosystems (Active Directory, SCCM, Intune, Azure AD).

Proven track record of leading enterprise-scale migrations from on-premises to Microsoft Intune or hybrid cloud environments.

Strong knowledge of:

Group Policy Management (GPMC)

Intune Configuration Profiles & Security Baselines

SCCM to Intune co-management and patch automation

BitLocker and MBAM transitions

Azure AD Conditional Access, Defender for Endpoint, and MDM integration

Deep understanding of enterprise network infrastructure, identity management, and Zero Trust architecture.

Excellent project management, problem-solving, and communication skills.

Experience coordinating with multi-disciplinary teams and external vendors to deliver secure, compliant outcomes.

Preferred Certifications

Microsoft Certified: Enterprise Administrator Expert (MS-102)

Microsoft Certified: Cybersecurity Architect Expert (SC-100)

Microsoft Certified: Windows Server Hybrid Administrator Associate (AZ-800/801)

ITIL v4 Foundation (preferred for operational governance)

PMP or equivalent project management certification (desirable)

Preferred candidate profile