Senior Engineer – Macos Identity & Intune Platform
MM International
Job description
Job Title: Senior Engineer macOS Identity & Intune Platform
Contract : 6+ Month Contact to Hire
Job Description:
This role is responsible for strengthening macOS authentication reliability, improving identity integration with Entra ID, and optimizing Intune policies across VDC. The engineer will own the end-to-end technical workflow including macOS login engineering, Enterprise SSO Plugin testing, Intune Automated Device Enrollment (ADE), and large-scale Intune policy governance. The goal is to stabilize device-level authentication, eliminate credential-related lockouts, and establish a clean, scalable policy framework for all Apple and Windows devices.
Key Responsibilities
- macOS Authentication & Identity Engineering Analyse macOS authentication workflows including Keychain behaviour, SecureToken, FileVault unlock, and offline/online password states.
Identify root causes of login failures and device-level lockouts caused by stale Keychain credentials.
Test and validate Microsoft Enterprise SSO Plugin and Apple Platform SSO across macOS versions and hardware types.
Evaluate Entra ID authentication scenarios: first login, expired password, offline login, and account mismatch.
- Federated Authentication & SSO Integration Review Apple Platform SSO, Federated Authentication, and Entra ID-bound login flows.
Map dependencies for federation rollout (AD DS, Password Hash Sync/Writeback, PTA, Conditional Access, MFA).
Validate reliability of SSO and federated login across MacBook Pro, Mac Studio, and iOS devices.
- Intune Automated Device Enrollment (ADE) Engineering Inspect and update ADE policies to enforce Entra ID-backed macOS setup instead of local account workflows.
Test ADE deployment changes in controlled pilot environments.
Validate end-to-end macOS onboarding with Enterprise SSO Plugin enabled
- Intune Policy Governance & Optimization Build a complete inventory of Intune objects including configuration profiles, compliance policies, MAM policies, security baselines, and EDR settings.
Identify duplicate, deprecated, and conflicting policies impacting macOS and Windows behaviour.
Develop a structured policy matrix mapped across Windows, macOS, and Mobile to support governance.
Align all policies with Microsoft recommended baselines and identity requirements.
- Testing, Lab Setup & Issue Reproduction Create and maintain a reproducible lab using VMs and physical Mac devices.
Conduct scenario-based testing across login states, device configurations, and identity paths.
Collect device-level telemetry: keychain timestamps, credential stores, MDM profile behaviours, and security agent interactions.
- Documentation, Reporting & Cross-Team Collaboration Produce detailed technical documentation around authentication gaps, SSO plugin requirements, ADE configuration, and Intune policy impacts.
Provide weekly reports, test plans, root-cause analysis, and remediation plans to leadership.
Collaborate with:
o IT Security o Device Engineering
o Identity / Entra ID teams
o Platform SSO Engineering
o Vantage team for AD Connect & AD DS configurations
Required Skills & Experience
Strong experience with macOS authentication internals (Keychain, SecureToken, FileVault, local vs Entra ID password workflows).
Hands-on expertise with Intune MDM, ADE, macOS onboarding, compliance policies, and device configuration profiles.
Deep understanding of Entra ID federation, SSO plugins, Conditional Access, MFA, and identity lifecycle.
Experience troubleshooting complex login issues through telemetry, logs, and controlled reproductions.
Ability to analyze large-scale Intune policy landscapes and resolve cross-platform configuration conflicts.
Strong documentation, communication, and cross-team coordination skills.
Role Impact This role directly improves:
macOS authentication reliability
Identity hygiene and security posture
Reduction of lockouts and credential-related incidents
Intune policy health and governance
End-user experience across VDC's device ecosystem