M365 Endpoint and Identity Administrator

SOLV Energy is a leading provider of infrastructure services to the power industry, designing, building and maintaining utility scale solar, battery storage and high voltage substation projects nationwide.

The M365 Endpoint & Identity Administrator is responsible for managing and maintaining the design, configuration, and operational integrity of SOLV Energy’s Microsoft Intune environment and the broader Microsoft 365 platform (Entra , Teams, SharePoint, One Drive). This role owns Mobile Device Management (MDM), endpoint patch management, and configuration policy authoring across the Windows and macOS and is accountable for executing all endpoint changes through SOLV Energy’s formal IT change management process.

This role is hybrid with regular in office presence in San Diego, CA, Edison, NJ or Bend, OR. Specific location details and expectations will be discussed during the interview process.

• Own the configuration, health, and roadmap of Microsoft Intune as SOLV Energy’s primary MDM platform, including device enrollment, compliance policies, configuration profiles, and endpoint security baselines across Windows and macOS
• Author and maintain Intune configuration profiles, security baselines, and Settings Catalog policies, including Defender for Endpoint, Bit Locker, File Vault, Attack Surface Reduction rules, tamper protection, and account lockout
• Design and operate Windows Autopilot deployment profiles, Enrollment Status Page configuration, Autopilot device groups, and Entra‑joined provisioning workflows for new and re‑provisioned endpoints
• Manage macOS enrollment, configuration, and compliance through Intune, including File Vault and device‑pinned Conditional Access scenarios for managed and contractor‑owned hardware
• Build and maintain Intune application deployment packages, including detection rules, requirement rules, assignment scoping, and supersedence relationships
• Own the enterprise endpoint patch management program across Windows (Microsoft Autopatch / Intune update rings) and macOS (Intune update policies), including ring design, pilot testing, production rollouts, deferral policies, and compliance reporting
• Manage third‑party application patching through Patch My PC (PMPC) Cloud, including publishing critical applications, enforcing automatic updates, configuring user‑context vs system‑context deployments, and triaging/ remediating patch failures
• Lead Conditional Access policy design and operation in partnership with Cybersecurity, including device‑compliance, app‑protection, sign‑in risk, and named‑location policies
• Drive CVE remediation efforts for endpoints, including OS, driver, and firmware updates (e.g., Dell Control Vault, Dell Command Update, Apple Rapid Security Response), in coordination with Cybersecurity on vulnerability prioritization
• Build and maintain executive‑level patch compliance, device posture, and Intune health dashboards to support leadership visibility, SOX ITGC evidence, and audit readiness
• Author and submit change management requests in Fresh service for all endpoint configuration, policy, and patching changes, including risk assessment, test evidence, rollback plan, and communication plan
• Participate in the Change Advisory Board (CAB), presenting changes for review and securing approval prior to any production deployment.
• Pilot all Intune policy, Autopilot profile, and patch ring changes against a defined test group before broad release; validate rollback procedures
• Develop and maintain Power Shell and Microsoft Graph automation for Intune reporting, policy auditing, bulk device operations, and lifecycle tasks
• Collaborate with Cybersecurity, Infrastructure, and Service Desk teams to maintain a secure, compliant, and supportable end‑user computing environment
• Develop and maintain SOPs and runbooks for recurring operational processes such as Windows feature updates, monthly patch cycles, Autopilot onboarding, macOS enrollment, and incident response for endpoint outages
• Support M&A integration activities for the Microsoft 365 and endpoint workstream, including tenant migrations, Intune policy alignment, and…