Microsoft MD-102 exam vs. MD-100 and MD-101
The new MD-102 exam from Microsoft is set to replace both MD-100 and MD-101 exams. This does not mean that it covers everything that they cover. Instead, MD-102 cherry-picks objectives from the other two exams: it focuses on MD-101 objectives but still includes some MD-100 objectives and new items reflective of changes in Intune.
About MD-102 Exam
The MD-102 exam streamlines the Microsoft Deployment Toolkit domain objective. On top of that, some objectives are reworded for clarity.
There are some new additions, such as:
– Remote Help.
– Role Based Access Control (RBAC) for Intune.
– Conditional Access policies with compliance status.
The exam focuses on deploying Windows clients, including selecting deployment tools, new computer deployment, and implementing subscription-based activation.
The MD-102 exam does not include many Azure AD-related items from MD-101; we can consider the above as assumed knowledge. The exam focuses on cloud: this creates a gap from traditional Windows functionality and troubleshooting.
Exam Structure
In terms of structure, you can expect to encounter a total of 40 to 60 questions on the exam, which must be completed within 120 minutes. This format not only tests your theoretical knowledge but also challenges you to apply your understanding to practical scenarios. The exam assesses various skills, with content distribution roughly as follows: 25-30% dedicated to preparing infrastructure for devices, 30-35% focusing on managing and maintaining devices. 15-20% is on managing applications, and another 15-20% on protecting devices.
Language Support
The MD-102 exam is available in multiple languages, including English, providing accessibility regardless of your language preference. To enhance your preparation, you are encouraged to utilize practice assessments and hands-on labs that replicate real-world scenarios. This approach not only deepens your understanding but also boosts your confidence before taking the actual exam.
Why You Should Take the MD-102 Exam
Achieving certification through the MD-102 exam is more than just passing a test; it signifies your commitment to professional growth and your readiness to tackle the evolving challenges of endpoint management in a Microsoft 365 environment. By earning this credential, you position yourself as a skilled professional; you will be equipped to contribute effectively to an organization’s endpoint strategy, ultimately demonstrating your capability to manage and secure devices in a modern workplace setting.
Watch the MD-102 Exam Video
In the video below, discover the significance of the MD-102 Exam. Explore its benefits and familiarize yourself with its structure. Additionally, gain insight into different Microsoft certification levels and review the exam layout. Lastly, take a look at our MD-102 preparation course and find out how it can help you succeed.
Sample Questions from our MD-102 Exam Prep Bundle
See below for sample questions from our MD-102 Exam Prep Bundle. These questions cover a range of essential topics. You can expect endpoint deployment strategies using Microsoft Intune. Also, managing devices across various operating systems, and implementing security measures for endpoints. You’ll also explore application management and updates. At the same time you will encounter identity and access management with Microsoft Entra ID. Additionally, the bundle includes scenarios for using Windows Autopilot and Azure Virtual Desktop; this ensures a thorough understanding of modern management principles. These topics will effectively prepare you for the MD-102 certification exam.
Question 1: The organization decides to enforce stronger sign-in protection, requiring Windows Hello for Business across all laptops. Which is a necessary step to ensure the devices can generate the required keys and submit them to Microsoft Entra ID?
a) Set up an on-prem KMS host key for each device
b) Configure a user-based multi-factor authentication policy in Microsoft Entra ID first
c) Enable Windows Hello for Business from the domain-joined perspective only
d) Create a certificate-based authentication policy in Intune for older OS versions
Correct Answer: b) Configure a user-based multi-factor authentication policy in Microsoft Entra ID first
Explanation: Windows Hello for Business generally requires multi-factor authentication to bootstrap secure credential provisioning. When a user first sets up Windows Hello, they need to prove their identity with a second factor. Without an MFA policy, the device cannot complete the strong credential generation. On-prem KMS deals with Windows licensing, not user authentication. Windows Hello for Business can function on cloud-joined devices, not just domain-joined. Certificate-based authentication policy might be relevant for older OS or offline registration, but it's not the standard requirement for setting up Windows Hello for Business.
Question 2: Your supervisor requests a simplified way to analyze which Group Policy objects might be replaced by Intune settings. She wants to import existing GPO configurations. In the Intune portal, which feature provides that import and analysis capability?
a) Autopilot Config Manager
b) Group Policy analytics
c) Configuration Manager co-management
d) Assessment and Deployment Kit (ADK) importer
Correct Answer: b) Group Policy analytics
Explanation: Group Policy analytics in Intune allows you to upload and analyze your on-premises GPO backups, providing a readiness report that details which settings are supported, partially supported, or unsupported in Intune. Autopilot Config Manager is not a tool; Windows Autopilot is for device provisioning. Configuration Manager co-management is about integrating on-prem SCCM with Intune. The ADK importer is not part of Intune but rather a Windows deployment toolset outside the Intune portal.
Question 3: Your company merges with another that extensively uses Configuration Manager (SCCM). You want to shift management to Intune. Which method can help you concurrently manage Windows 11 devices in both SCCM and Intune during the transition?
a) Uninstall SCCM client and push Intune enrollment automatically
b) Set all devices to offline domain join without SCCM involvement
c) Implement co-management with both clients installed
d) Use a third-party MDM tool to broker between SCCM and Intune
Correct Answer: c) Implement co-management with both clients installed
Explanation: Co-management allows you to manage Windows devices with both Configuration Manager and Intune. This approach ensures a gradual migration of workloads from SCCM to Intune, offering a stable transition process. Simply uninstalling the SCCM client or forcing an offline domain join might disrupt existing management. A third-party broker is unnecessary when co-management is available out-of-the-box from Microsoft to unify these tools effectively.
Question 4: A finance manager named Rachel needs line-of-business Windows Store apps updated automatically, but the admin wants to control when the updates happen. Which Intune assignment type or setting ensures the app is deployed to Rachel yet can also be silently updated under admin control?
a) Set the app as Available in the Company Portal, requiring user initiation
b) Use the 'Required' assignment type for the app deployment
c) Create a kiosk mode policy for solely that finance app
d) Configure an end-user-based licensing policy with on-demand updates
Correct Answer: b) Use the 'Required' assignment type for the app deployment
Explanation: When using 'Required' assignment, the application is automatically installed and updated on the user's device without user intervention. The admin can schedule or control the deployment ring for the application updates. Marking an app as 'Available' shifts responsibility to the user, which is not desired in a controlled environment. Kiosk mode locks down the device to a single or few apps. On-demand updates based on user licensing do not guarantee timely updates under admin control.
Question 5: A security auditor queries how you ensure that personal data stored on corporate-managed Windows 11 devices can be removed securely at offboarding. Which feature in Intune helps you remove organizational data from devices while retaining a user's personal data?
a) Factory reset from BIOS
b) Selective wipe for Windows
c) Microsoft Defender Offline scan
d) Cloud-attached WinRE images
Correct Answer: b) Selective wipe for Windows
Explanation: Selective wipe (also known as a corporate wipe) allows you to remove organizational data, configurations, and access from a device, leaving personal data intact. A factory reset from BIOS or a full wipe erases all data, personal or corporate. Microsoft Defender Offline scan removes malware but does not address data segmentation. Cloud-attached WinRE images are used for system recovery, not targeted removal of workplace data. So, a selective wipe accomplishes the enterprise data removal while preserving user content.