Talent.com
EUC Desktop Support

EUC Desktop Support

Tata Consultancy ServicesDavanagere, IN
4 hours ago
Job description

Role : EUC Desktop support, Windows OS Administration, Mac OS

Exp - 10 to 15 years

Location : Chennai / Bangalore

Position Overview

The Infrastructure End User Workplace Operations – Level 3 Support (Desktop Engineering | EUC | Windows & macOS | Intune | HAM) position is a critical role within the Information Technology Infrastructure Services sector. This role requires candidates to be prepared for 24 / 7 rotational shifts, with work locations exclusively in Chennai and Bangalore.

1. Summary of Role

The Level 3 Engineer oversees the full spectrum of desktop engineering and End User Computing (EUC) operations across both Windows and macOS platforms. This role implements a modern, Intune-centric management strategy focused on automated device provisioning, compliance, security baselines, application packaging, and orchestration of software deployments and updates. Responsibilities include managing Local Administrator Password Solution (LAPS) and application control, integrating ServiceNow Hardware Asset Management (HAM) lifecycle processes to ensure traceability from stockroom to disposal. The engineer addresses complex escalations, eliminates root causes, and governs changes, collaborating closely with Security Operations, Identity and Access Management, and Network teams. Compliance with ITIL and ISO / IEC 20000 standards is essential, ensuring consistent, reliable IT services are delivered in Chennai and Bangalore.

2. Level 3 Support – Roles & Responsibilities

  • Serve as the final escalation point for EUC incidents and problems on Windows and macOS endpoints, conducting root cause analyses and implementing permanent solutions, including documentation in the Known Error Database (KEDB).
  • Design Intune tenant architectures for Windows and macOS, including management of RBAC, scope tags, device and user groups, filters, policy sets, and reporting.
  • Engineer provisioning workflows such as Windows Autopilot / Device Preparation and Apple Automated Device Enrollment, optimizing ESP / OOBE and bootstrap or secure token mechanisms for macOS.
  • Package and deploy applications using MSIX, Win32, PKG, and WinGet, managing detection / return codes, dependencies, supersedence, and rollback strategies.
  • Implement Windows LAPS via Intune, defining RBAC for password retrieval, setting password rotation cadences, and ensuring audit and reporting aligned with least-privilege principles.
  • Design and implement Application Control strategies using Windows Defender Application Control (WDAC), App Control for Business, and AppLocker, piloting in audit mode prior to enforcement.
  • Define, maintain, and monitor Intune security baselines for Windows, ensuring regular updates and tracking configuration drift.
  • Orchestrate Windows Update client policies, including update rings, feature, quality, and driver updates, expedited deployments, and manage macOS DDM / MDM update policies with compliance reporting.
  • Integrate Defender for Endpoint risk data with device compliance and Conditional Access, tuning Attack Surface Reduction (ASR) and Endpoint Detection and Response (EDR) for endpoint protection.
  • Lead macOS management, including APNs and Apple Business Manager integration, enrollment methods (BYOD / ADE), configuration profiles, update strategies, and documentation of support runbooks.
  • Govern the ServiceNow HAM lifecycle—request, procurement, receipt, stockroom management, assignment, reclamation / refresh, retirement, and disposal—with a comprehensive audit trail.
  • Build Endpoint Analytics dashboards (e.g., boot time, sign-in, health), generate macOS update reports, set and monitor Service Level Objectives (SLOs), and develop remediation plans.
  • Develop automation using PowerShell and Bash for packaging, compliance remediation, inventory, and policy health, leveraging CI / CD for configuration code management.
  • Chair Problem and Change forums for desktop environment changes, coordinate Change Advisory Board (CAB) meetings, manage maintenance windows, and communicate with stakeholders.
  • Mentor Level 2 analysts, maintain Standard Operating Procedures (SOPs) and runbooks, ensure Configuration Management Database (CMDB) and asset data integrity, and drive continual service improvement initiatives.

3. Technical Skills

  • In-depth expertise in Microsoft Intune for both Windows and macOS, covering configuration, compliance, application deployment, and reporting.
  • Experience with Windows Autopilot and Device Preparation, emphasizing ESP / OOBE and troubleshooting.
  • Proficiency with Apple Business Manager, APNs, and supervised macOS enrollment (BYOD / ADE).
  • Management of macOS updates using DDM / MDM policies, deadlines, and compliance reporting.
  • Configuration of Windows Update client policies, including rings, feature freezes, expedited updates, and driver approvals.
  • Application packaging for Windows (MSIX, IntuneWin, WinGet) and macOS (PKG, DMG, MAU).
  • Implementation of Windows LAPS via Intune, including policy enforcement, RBAC, rotation, and reporting.
  • Design and deployment of Application Control (WDAC, App Control for Business, AppLocker).
  • Management of security baselines for Windows, Edge, and M365, including CSP hardening.
  • Onboarding and tuning of Defender for Endpoint, ASR / EDR, and Conditional Access configurations.
  • ServiceNow HAM operations, including management of stockrooms, reservations, lifecycle states, and disposal orders.
  • PowerShell and Bash scripting for automation, with a basic understanding of Graph API and packaging automation.
  • Knowledge of BitLocker and FileVault fundamentals, including recovery key governance.
  • Familiarity with Endpoint Analytics, Update Compliance, and Apple declarative update reporting.
  • Proficiency in ITSM / ITIL practices, including Incident, Problem, Change, and Request processes, and maintaining CMDB hygiene.

    • 4. Qualifications & Experience

  • 7–12 years of experience in Desktop Engineering / EUC, with demonstrated Level 3 responsibilities across Windows and macOS environments, including automation and application packaging.
  • Possession of ITIL Foundation certification (or higher), with hands-on experience in Problem and Change management and Post-Incident Reviews (PIRs).
  • Proven expertise in Intune (Windows / macOS), Autopilot / ADE, LAPS, WDAC / AppLocker, security baselines, and update orchestration.
  • Experience working in 24 / 7 operational environments and on-call rotations, with job location limited to Chennai and Bangalore.
  • Strong skills in documentation, knowledge base writing, SOP / runbook maintenance, and an understanding of asset lifecycle management (HAM).

    • 5. Must-Have Skills

  • Mastery of Intune for multi-platform environments, including policy architecture, RBAC, scope tags, dynamic groups / filters, and health reporting for both Windows and macOS.
  • Experience designing scalable provisioning solutions, such as Windows Autopilot / Device Preparation and Apple ADE, optimizing ESP / OOBE, managing secure / bootstrap tokens, and ensuring robust reset and repurpose workflows.
  • Expertise in establishing secure administrative practices by implementing Windows LAPS via Intune, with RBAC-controlled retrieval and rotation, consistent with least-privilege principles and audit trails.
  • Ability to lead application governance using WDAC / App Control (managed installer) and AppLocker, piloting in audit mode, transitioning to enforcement, and managing exceptions.
  • Competence in orchestrating patch management strategies, including comprehensive Windows update rings (feature, quality, driver, expedite) and macOS DDM deadlines, maintaining compliance dashboards and rollback procedures.

    • 6. Good-to-Have Skills

  • Experience with MSIX and WinGet repository curation, automated packaging pipelines, and macOS MAU / channel planning.
  • Ownership of Endpoint Analytics KPIs (Boot, Logon, Restart) and Apple declarative update reporting for targeted remediation.
  • Familiarity with deploying the HAM Success Map (process, KPIs) and supporting stockroom mobility with barcodes and mobile applications.

    • 7. Desired Competencies

  • Technical : Advanced troubleshooting skills, disciplined scripting, a strong focus on secure configuration, performance tuning, and the ability to make data-driven decisions across both Windows and macOS platforms.
  • Behavioral : Strong sense of ownership, effective communication skills, stakeholder management, mentoring abilities, and a commitment to continuous improvement in alignment with ITIL and ISO standards.

    • 8. Location & Work Scope

    Candidates must be willing and able to work 24 / 7 shifts, including participation in on-call rotations. The position is strictly based in Chennai and Bangalore.

    This job description is aligned with ITIL / ISO service management standards, emphasizes Intune-based modern management for both Windows and macOS, and incorporates ServiceNow HAM lifecycle governance.

    Create a job alert for this search

    Desktop Support • Davanagere, IN