Navaneethakrishnan Malaiyappan
13+ years designing, securing, and modernizing enterprise endpoint estates across MECM/SCCM, Microsoft Intune, and Microsoft 365 — currently leading the SCCM & Intune track for a ~45,000-endpoint EMEA Windows estate.
Summary
About Me
I am a Senior Endpoint Management professional and Technical Lead with 13+ years of experience designing, securing, and modernizing enterprise endpoint estates across MECM/SCCM Current Branch, Microsoft Intune, and Microsoft 365.
I currently lead the SCCM and Intune technical track for a global enterprise endpoint platform — managing a ~45,000-endpoint Windows estate across the EMEA region and a team of 12 engineers, while serving as the primary L3/L4 escalation point for Co-Management, Hybrid Azure AD Join, Windows Autopilot, and Cloud Management Gateway.
Alongside my enterprise work, I designed and shipped Mazhai DeployFusion — an open-source, GenAI-powered Windows desktop tool that compresses end-to-end SCCM and Intune application packaging from up to an hour of manual console work into a single-click, sub-2-minute workflow. My approach pairs deep technical knowledge with automation-first thinking to cut operational toil and deliver scalable, secure environments.
Scalable Architecture
Designing and sustaining high-availability endpoint hierarchies.
Automation at Scale
100+ production PowerShell & Microsoft Graph automations.
Technical Leadership
Guiding L1/L2 teams and owning L3/L4 escalations.
Expertise
Core Skills
Endpoint Management & Mobility
Identity, Security & Cloud
Operating Systems
Automation & Scripting
Database & Reporting
ITSM, Process & Leadership
Timeline
Professional Experience
Technical Lead — Endpoint Management
HCL Technologies · Bengaluru, India
- Lead the SCCM and Intune technical track for a global enterprise endpoint platform managing approximately 45,000 Windows endpoints across the EMEA region; lead a team of 12 L1/L2 engineers and act as the primary L3/L4 escalation point for hierarchy-wide and endpoint incidents.
- Own infrastructure health across the full SCCM hierarchy (CAS, Primary, Distribution Points, Management Points, Software Update Points) and the Intune tenant, sustaining patch compliance at 95% across the managed fleet and meeting all operational SLA targets on site components, Boundary Groups, and client communication.
- Plan and execute MECM and SQL maintenance and version-upgrade cycles, including risk assessment, rollback design, and stakeholder coordination across Architecture, Identity, and Security teams.
- Author PowerShell automations for application deployment, IIS / Application Pool compliance, AD-to-SCCM collection sync, and end-of-life device lifecycle, with DFS-based log delivery for hierarchy-wide visibility.
- Build Power BI dashboards on SCCM and Intune data for compliance, deployment, and infrastructure-health visibility used in service-management reviews.
- Drive Root Cause Analysis on critical Co-Management, Hybrid Azure AD Join, Intune Enrollment, and Cloud Management Gateway incidents, and codify findings into runbooks and knowledge-base articles.
- Oversee server patching cycles, investigate non-compliant servers, and present service-improvement and automation outcomes in stakeholder reviews.
IT Infrastructure Specialist — Intune & SCCM
Cognizant Technology Solutions · Bengaluru, India
- Designed, deployed, and operated Microsoft Intune and SCCM infrastructure for enterprise endpoints across Windows, iOS, and Android, spanning AMER, APAC, and EMEA user populations.
- Implemented Windows Autopilot pre-provisioning, region-specific Enrollment Status Page profiles, configuration profiles, compliance policies, and security baselines aligned to corporate standards.
- Delivered application, update, and patch lifecycle through Intune and SCCM; tracked compliance posture and produced bi-monthly device-health reports for service-desk remediation.
- Enforced Conditional Access, trusted-location rules, and MAM/MDM controls in partnership with Security and Identity teams; executed remote wipe, retire, and selective wipe for offboarding and lost/stolen devices.
- Built PowerShell and Microsoft Graph API automations for advanced device, application, and reporting operations; authored SOPs and delivered training to service-desk teams and end users.
- Collaborated cross-functionally with Security, Identity, Networking, and Desktop Support to resolve enrollment, policy-conflict, and co-management issues.
Senior Consultant — IT Infrastructure Management
Infosys Limited · Bengaluru, India
- Delivered L3 administration and engineering for SCCM and Microsoft Intune infrastructure supporting a global R&D engineering workforce.
- Managed endpoint deployment, policy configuration, application distribution, and OS Deployment task sequences across a multi-region Windows estate.
- Owned L3 escalations for client health, content distribution, and application deployment incidents; mentored L1/L2 engineers and authored operational runbooks.
- Delivered PowerShell and SQL-based automations for inventory reconciliation, compliance reporting, and bulk endpoint remediation.
Senior Analyst — SCCM Administrator
Capgemini · Bengaluru, India
- Administered SCCM Current Branch infrastructure (Primary site, DPs, MPs, SUPs) for a large global enterprise, with a primary focus on automated patch management and vulnerability tracking.
- Executed Operating System Deployment activities including task-sequence creation, driver and image management, and hardware-lifecycle refresh cycles.
- Handled change management, CAB approvals, and maintenance windows for a multi-region Windows estate; supported infrastructure migration and upgrade activities.
Wintel Administrator
InKnowTech Pvt Ltd · Bengaluru, India
- Provided Wintel server and workstation administration for a large R&D engineering environment; supported Active Directory operations, patching, and L2 escalations.
Desktop Support Engineer
PCS Technologies · Bengaluru, India
- Delivered end-user desktop support, hardware and software break-fix, and on-site incident resolution under ITIL processes.
Impact
Key Achievements
Migrated the entire MECM and SQL server estate from Windows Server 2016 to the current LTS release using an Active-Passive cutover, with no production impact.
Transitioned the full SCCM site hierarchy from HTTP to Enhanced HTTP and full HTTPS communication, materially improving client-server security and audit posture.
Re-platformed Intune and SCCM infrastructure from on-premises to a cloud-hosted footprint, reducing operational toil and unlocking elastic scale for global users.
Production PowerShell automations spanning client health, application deployment, AD-to-SCCM sync, EoL device lifecycle, IIS/AppPool compliance, and HTML reporting.
Shipped a free, open-source GenAI-powered Windows desktop tool that automates end-to-end SCCM and Intune application packaging into a sub-2-minute, single-click workflow.
Built a bulk-targeted SCCM Application that uninstalls legacy agents, reinstalls clients with required parameters, and auto-remediates WMI corruption without desk-side touch.
Portfolio
Projects
Featured · Open-Source GenAI Product
Mazhai DeployFusion
A free, open-source, GenAI-powered Windows desktop tool that automates the entire SCCM and Intune application packaging and deployment pipeline — taking a raw .exe or .msi installer to a fully deployed, collection-targeted SCCM Application or Intune Win32 app in a single click. Compresses 30–60 minutes of manual console work into a sub-2-minute workflow with zero scripting knowledge required from the operator. AI-assisted script and detection-method generation is powered by Anthropic Claude and Google AI models.
Engineering & Automation Projects
VIP Device Blocker
An internal IT tool that prevents SCCM application deployments, Windows updates, and PFE remediation from reaching executive endpoints during presentations. VIP users self-schedule block windows (hostname, start, end) through a portal backed by a CSV data layer; a PowerShell job on a 30-minute Task Scheduler cadence enforces SCCM block and unblock actions automatically.
SCCM Client Health Remediation App
An SCCM Application that bulk-targets non-compliant endpoints, removes legacy agents, reinstalls the client with the required switches, and remediates WMI corruption end-to-end — no desk-side touch required.
Unified IIS / Application Pool Compliance Framework
A PowerShell framework with dynamic role discovery across CAS, Primary, DPs, SUPs, and MPs — including WsusPool queue-length checks and DFS-based log delivery for hierarchy-wide visibility.
AD-to-SCCM Collection Sync Engine
A scheduled PowerShell automation providing bidirectional membership management between Active Directory groups and SCCM device collections, with structured daily logging.
Windows 10 End-of-Life Device Lifecycle Automation
A cross-domain script handling AD description updates, account disable, OU moves, and SCCM block/unblock for end-of-life devices — with early-exit logic for accounts already in the Inactive OU.
Daily AD + SCCM Estate Report
An inventory integration of Active Directory and SCCM data that delivers a daily HTML email report on the Windows estate, with DFS upload and automated local cleanup.
Certifications
Microsoft Certified: Endpoint Administrator Associate
MD-102
Languages
Education
Bachelor of Engineering — Computer Science & Engineering
Nanda College of Technology · Anna University, Tamil Nadu
Diploma in Computer Science
Thiru Ramakrishna Nallammai Polytechnic College, Dharapuram