Was :
$90
Today :
$50
Was :
$108
Today :
$60
Was :
$126
Today :
$70
Why Should You Prepare For Your Endpoint Administrator With MyCertsHub?
At MyCertsHub, we go beyond standard study material. Our platform provides authentic Microsoft MD-102 Exam Dumps, detailed exam guides, and reliable practice exams that mirror the actual Endpoint Administrator test. Whether you’re targeting Microsoft certifications or expanding your professional portfolio, MyCertsHub gives you the tools to succeed on your first attempt.
Verified MD-102 Exam Dumps
Every set of exam dumps is carefully reviewed by certified experts to ensure accuracy. For the MD-102 Endpoint Administrator , you’ll receive updated practice questions designed to reflect real-world exam conditions. This approach saves time, builds confidence, and focuses your preparation on the most important exam areas.
Realistic Test Prep For The MD-102
You can instantly access downloadable PDFs of MD-102 practice exams with MyCertsHub. These include authentic practice questions paired with explanations, making our exam guide a complete preparation tool. By testing yourself before exam day, you’ll walk into the Microsoft Exam with confidence.
Smart Learning With Exam Guides
Our structured MD-102 exam guide focuses on the Endpoint Administrator's core topics and question patterns. You will be able to concentrate on what really matters for passing the test rather than wasting time on irrelevant content. Pass the MD-102 Exam – Guaranteed
We Offer A 100% Money-Back Guarantee On Our Products.
After using MyCertsHub's exam dumps to prepare for the Endpoint Administrator exam, we will issue a full refund. That’s how confident we are in the effectiveness of our study resources.
Try Before You Buy – Free Demo
Still undecided? See for yourself how MyCertsHub has helped thousands of candidates achieve success by downloading a free demo of the MD-102 exam dumps.
MyCertsHub – Your Trusted Partner For Microsoft Exams
Whether you’re preparing for Endpoint Administrator or any other professional credential, MyCertsHub provides everything you need: exam dumps, practice exams, practice questions, and exam guides. Passing your MD-102 exam has never been easier thanks to our tried-and-true resources.
Microsoft MD-102 Sample Question Answers
Question # 1
You have a Microsoft 365 subscription.You have devices enrolled in Microsoft Intune as shown in the following table.To which devices can you deploy apps by using Intune?
A. Device1 only B. Device1 and Device2 only C. Device1 and Device3 only D. Device1, Device2, and Device3 only E. Device1, Device2, Device3, and Device4
Answer: D
Question # 2
You have a computer named Computer! that runs Windows 11.A user named User1 plans to use Remote Desktop to connect to Computer1.You need to ensure that the device of User1 is authenticated before the Remote Desktopconnection is established and the sign in page appears.What should you do on Computer1?
A. Turn on Reputation-based protection. B. Enable Network Level Authentication (NLA). C. Turn on Network Discovery. D. Configure the Remote Desktop Configuration service.
Answer: B
Question # 3
Your company uses Microsoft Intune.More than 500 Android and iOS devices are enrolled in the Intune tenant.You plan to deploy new Intune policies. Different policies will apply depending on the version of Android or iOS installed on the device.You need to ensure that the policies can target the devices based on their version ofAndroid or iOS.What should you configure first?
A. groups that have dynamic membership rules in Azure AD B. Device categories in Intune C. Corporate device identifiers in Intune D. Device settings in Azure AD
Answer: A
Question # 4
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.You use Microsoft Intune to manage devices.You have a Windows 11 device named Device1 that is enrolled in Intune. Device1 hasbeen offline for 30 days.You need to remove Device1 from Intune immediately. The solution must ensure that if thedevice checks in again, any apps and data provisioned by Intune are removed. Userinstalled apps, personal data, and OEM-installed apps must be retained.What should you use?
A. a Delete action B. a Retire action C. a Fresh Start action D. an Autopilot Reset action
You have a Windows 10 device named Device! that is joined to Active Directory andenrolled in Microsoft Intune.Device1 is managed by using Group Policy and Intune.You need to ensure that the Intune settings override the Group Policy settings.What should you configure?
A. a device configuration profile B. a device compliance policy C. an MDM Security Baseline profile D. a Group Policy Object (GPO)
Answer: A
Explanation:
A device configuration profile is a collection of settings that can be applied to devices
enrolled in Microsoft Intune. You can use device configuration profiles to manage Windows
10 devices that are joined to Active Directory and enrolled in Intune. To ensure that the
Intune settings override the Group Policy settings, you need to enable the policy CSP
setting called MDMWinsOverGP in the device configuration profile. This setting will give
precedence to the MDM policy over any conflicting Group Policy settings. References: [Use
policy CSP settings to create custom device configuration profiles]
Question # 6
You have a Microsoft 365 subscription that includes Microsoft Intune.You have an update ring named UpdateRing1 that contains the following settings:• Automatic update behavior: Auto install and restart at a scheduled time• Automatic behavior frequency: First week of the month• Scheduled install day: Tuesday• Scheduled install time: 3 AMFrom the Microsoft Intone admin center, you select Uninstall for the feature updates ofUpdateRing1. When will devices start to remove the feature updates?
A. when a user approves the uninstall B. as soon as the policy is received C. next Tuesday D. the first Tuesday of the next month
Question # 7
You need to implement mobile device management (MDM) for personal devices that runWindows 11. The solution must meet the following requirements:• Ensure that you can manage the personal devices by using Microsoft Intune.• Ensure that users can access company data seamlessly from their personal devices.• Ensure that users can only sign in to their personal devices by using their personalaccount.What should you use to add the devices to Azure AD?
A. Azure AD registered Most Voted B. hybrid Azure AD join. C. Azure AD joined
Answer: A
Explanation:
zure AD registered devices meet all your requirements:
Microsoft Intune management: Azure AD registered devices can be managed by Microsoft
Intune, allowing you to configure policies, apply security settings, and distribute apps.
Seamless data access: Users can access company data through approved mobile apps
using their personal accounts. Conditional Access policies can ensure secure access while
respecting their personal device ownership.
Personal account sign-in: Users can only sign in to their devices using their personal
accounts, as Azure AD registered devices don't join the domain and don't require work or
school credentials.
Azure AD joined and hybrid Azure AD join wouldn't be suitable choices in this case:
Azure AD joined devices are domain-joined, requiring users to sign in with work or school
credentials, violating your requirement for personal accounts.
Hybrid Azure AD join combines on-premises Active Directory with Azure AD, adding
complexity and not aligning with your need for purely personal device management
Question # 8
Your network contains an Active Directory domain. The domain contains 10 computers thatrun Windows 10. Users in the finance department use the computers.You have a computer named Computer1 that runs Windows 10.From Computer1, you plan to run a script that executes Windows PowerShell commandson the finance department computers.You need to ensure that you can run the PowerShell commands on the finance departmentcomputers from Computer.What should you do on the finance department computers?
A. From Windows PowerShell, run the Enable-MMAgent cmdlet. B. From the local Group Policy, enable the Allow Remote Shell Access setting. C. From Windows PowerShell, run the Enable-PSRemoting cmdlet. D. From the local Group Policy, enable the Turn on Script Execution setting
Answer: C
Explanation:
Enable-PSRemoting is specifically designed to enable remote PowerShell access. This
cmdlet configures the necessary settings on the target computers to allow remote
PowerShell connections. The other options are not directly related to enabling remote
PowerShell: Enable-MMAgent is used for managing mobile devices. The "Allow Remote
Shell Access" group policy setting is primarily for enabling remote access for command
prompt (cmd.exe), not PowerShell. The "Turn on Script Execution" group policy setting
controls whether scripts can run locally on a computer, but it doesn't enable remote
PowerShell access. By running Enable-PSRemoting on the finance department computers,
you'll ensure that they are ready to receive and execute PowerShell commands from
Computer1.
Question # 9
You have a computer named Computed that has Windows 10 installed.You create a Windows PowerShell script named config.psl.You need to ensure that config.psl runs after feature updates are installed on Computer5.Which file should you modify on Computer5?
A. LiteTouch.wsf B. SetupConfig.ini C. Unattendb* D. Unattend.xml
Answer: B
Explanation:
SetupConfig.ini is a file that can be used to customize the behavior of Windows Setup
during feature updates. You can use this file to specify commands or scripts that run before
or after the installation process. To run a PowerShell script after a feature update, you can
use the PostOOBE parameter in SetupConfig.ini and specify the path to the script
file. References: [SetupConfig.ini reference]
Question # 10
You use Microsoft Defender for Endpoint to protect computers that run Windows 10.You need to assess the differences between the configuration of Microsoft Defender forEndpoint and the Microsoft-recommended configuration baseline.Which tool should you use?
A. Microsoft Defender for Endpoint Power 81 app B. Microsoft Secure Score C. Endpoint Analytics D. Microsoft 365 Defender portal
Answer: B
Question # 11
You have a Microsoft 365 E5 subscription and 25 Apple iPads.You need to enroll the iPads in Microsoft Intune by using the Apple Configurator enrollmentmethod.What should you do first?x
You have a Microsoft 365 E5 subscription and 25 Apple iPads.You need to enroll the iPads in Microsoft Intune by using the Apple Configurator enrollmentmethod.What should you do first?A. Upload a file that has the device identifiers for each iPad. B. Modify the enrollment restrictions. C. Configure an Apple MDM push certificate. D. Add your user account as a device enrollment manager (DEM).
You have a Microsoft 365 E5 subscription.All devices are enrolled in Microsoft Intune.You need to ensure that devices that have NOT checked in for 30 days are deleted fromintune.What should you configure from the Microsoft Intune admin center?
A. a device limit restriction B. automatic enrollment C. a device clean-up rule D. a configuration profile
Question # 13
You have a Microsoft 365 subscription that uses Microsoft Intune.You need to ensure that you can deploy apps to Android Enterprise devices.What should you do first?
A. Create a configuration profile. B. Add a certificate connector. C. Configure the Partner device management settings. D. Link your managed Google Play account to Intune.
Question # 14
Your company has an Azure AD tenant named contoso.com that contains several Windows10 devices.When you join new Windows 10 devices to contoso.com, users are prompted to set up afour-digit pin.You need to ensure that the users are prompted to set up a six-digit pin when they join theWindows 10 devices to contoso.com.Solution: From the Microsoft Entra admin center, you modify the User settings and theDevice settings.Does this meet the goal?
A. Yes B. No
Question # 15
You have computers that run Windows 10 and are managed by using Microsoft Intune.Users store their files in a folder named D:\Folder1.You need to ensure that only a trusted list of applications is granted write access toD:\Folder1.What should you configure in the device configuration profile?
A. Microsoft Defender Exploit Guard B. Microsoft Defender Application Guard C. Microsoft Defender SmartScreen D. Microsoft Defender Application Control.
Answer: A
Explanation:
This is an ASR rule which is part of Exploit Guard
You have a Microsoft 365 subscription that contains 100 devices enrolled in MicrosoftIntune.You need to review the startup processes and how often each device restarts.What should you use?
A. Endpoint analytics B. Intune Data Warehouse C. Azure Monitor D. Device Management
Answer: B
Explanation:
Endpoint analytics within Microsoft Intune specifically provides insights into device
performance and health, including information about startup processes and restart
frequency. It offers features like:
Startup performance: Analyzes boot and sign-in times, identifying slow devices and their
specific bottlenecks.
Restart frequency: Tracks how often devices restart overall and per model, helping identify
unusual occurrences.
Model performance: Compares boot and sign-in performance across different device
models.
Question # 17
You have a Microsoft 365 subscription that contains a user named User1. User! isassigned a Windows 10/11 Enterprise E3 license. You use Microsoft Intune Suite tomanage devices. User1 activates the following devices:• Device1: Windows 11 Enterprise• Device2: Windows 10 Enterprise• Device3: Windows 11 EnterpriseHow many more devices can User1 activate?
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.You use Microsoft Intune to manage Windows 11 devices.You create a new policy set named Set and add five device configuration profiles forWindows 10 and later.You create a device compliance policy named Policy1.You need to ensure that when users are assigned the device configuration profiles in Set1,they are always assigned Policy1 also.What should you configure?
A. the assignments of Policy1 B. the Policy1 configurations C. the assignments of Set1 D. the Set1 configurations
Answer: C
Explanation:
You can include the following management objects in a policy set:
Apps
App configuration policies
App protection policies
Device configuration profiles
Device compliance policies
Windows autopilot deployment profiles
Enrollment status page
Settings catalog policies
Question # 19
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.You use Microsoft Intune to manage devices.Auto-enrollment in Intune is configured.You have 100 Windows 11 devices in a workgroup.You need to connect the devices to the corporate wireless network and enroll 100 newWindows devices in Intune.What should you use?
A. a provisioning package B. a Group Policy Object (GPO) C. mobile device management (MDM) automatic enrollment. D. a device configuration policy
Join new Windows devices to Microsoft Entra ID and Intune. To bulk enroll devices for
your Microsoft Entra tenant, you create a provisioning package with the Windows
Configuration Designer (WCD) app. Applying the provisioning package to corporate-owned
devices joins the devices to your Microsoft Entra tenant and enrolls them for Intune
management. Once the package is applied, it's ready for your Microsoft Entra users to sign
in
Question # 20
Your company uses Microsoft Intune to manage devices.You need to ensure that only Android devices that use Android work profiles can enroll inintune.Which two configurations should you perform in the device enrollment restrictions? Eachcorrect answer presents part of the solution.NOTE Each correct selection is worth one point.
A. From Platform Settings, set Android device administrator Personally Owned to Block. B. From Platform Settings, set Android Enterprise (work profile) to Allow. C. From Platform Settings, set Android device administrator Personally Owned to Allow D. From Platform Settings, set Android device administrator to Block.
Answer: A,B
Explanation:
To ensure that only Android devices that use Android work profiles can enroll in Intune, you
need to perform two configurations in the device enrollment restrictions. First, you need to
set Android device administrator Personally Owned to Block. This prevents users from
enrolling personal Android devices that use device administrator mode. Second, you need
to set Android Enterprise (work profile) to Allow. This allows users to enroll corporateowned or personal Android devices that use work profiles. References:
You have a Microsoft 365 Business Standard subscription and 100 Windows 10 Prodevices.You purchase a Microsoft 365 E5 subscription.You need to upgrade the Windows 10 Pro devices to Windows 10 Enterprise. The solutionmust minimize administrative effort.Which upgrade method should you use?
A. Windows Autopilot B. a Microsoft Deployment Toolkit (MDT) lite-touch deployment C. Subscription Activation D. an in-place upgrade by using Windows installation media
Answer: C
Explanation:
Subscription Activation is a feature that allows you to upgrade from Windows 10 Pro or
Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise without needing a
product key or reinstallation. You just need to assign a subscription license (such as
Microsoft 365 E5) to the user in Azure AD, and then sign in to the device with that user
account. The device will automatically activate Windows Enterprise edition using the
firmware-embedded activation key for Windows Pro edition. This method minimizes
administrative effort and simplifies the upgrade process. References: Windows subscription
activation, Deploy Windows Enterprise licenses
Question # 22
You are creating a device configuration profile in Microsoft IntuYou need to configure specific OMA-URI settings in the profile.Which profile type template should you use?
A. Device restrictions (Windows 10 Team) B. Identity protection C. Custom D. Device restrictions
Answer: C
Question # 23
You have a Microsoft 365 E5 subscription that contains a user named User! and a web appnamed Appl.App1 must only accept modern authentication requests.You plan to create a Conditional Access policy named CAPolicy1 that will have thefollowing settings:• Assignments° Users or workload identities: User1° Cloud apps or actions: App1• Access controls° Grant: Block accessYou need to block only legacy authentication requests to Appl. Which condition should youadd to CAPolicy1?
A. Filter for devices B. Device platforms C. User risk D. Sign-in risk E. Client apps
Answer: E
Explanation:
you can use the client apps condition to block legacy authentication requests to
App11. Legacy authentication is a term that refers to authentication protocols that do not
support modern authentication features such as multi-factor authentication or conditional access2. Examples of legacy authentication protocols include Basic Authentication, Digest
Authentication, NTLM, and Kerberos2. To block legacy authentication requests, you need
to configure the client apps condition to include Other clients, which covers any client that
Your company has 200 computers that run Windows 10. The computers are managed by using Microsoft Intune. Currently, Windows updates are downloaded without using DeliveryOptimization. You need to configure the computers to use Delivery Optimization. Whatshould you create in Intune?
A. a device compliance policy B. a Windows 10 update ring C. a device configuration profile D. an app protection policy
Answer: C
Question # 25
You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices enrolled in Microsoft Intune.You plan to use Endpoint analytics.You need to create baseline metrics.What should you do first?
A. Create an Azure Monitor workbook. B. Onboard 10 devices to Endpoint analytics. C. Create a Log Analytics workspace. D. Modify the Baseline regression threshold.
Answer: B
Explanation:
Onboarding from the Endpoint analytics portal is required for Intune managed devices.
Feedback That Matters: Reviews of Our Microsoft MD-102 Dumps
Callum JohnsonApr 01, 2026
The MD-102 exam gave me a deeper understanding of endpoint security and deployment. Not only did the prep materials I used cover the fundamentals, but they also really helped me connect theory to real-world workplace situations.
Satish VarmaMar 31, 2026
I recently passed MD-102 and found the practice tests really useful for getting comfortable with Intune and device management questions.
Jayden DavisMar 31, 2026
What stood out in preparing for MD-102 was how much hands-on knowledge I gained. The study process made me feel more prepared for managing real enterprise environments, not just answering exam questions.
Callum Johnson
Satish Varma
Jayden Davis