From a technician’s perspective, the change in Microsoft 365 certification is a very good phenomenon because it simplifies the certification steps. Yes, Exam MD-102: Endpoint Administrator integrates “Exam MD-100: Windows Client” and “Exam MD-101: Managing Modern Desktops”.
Of course, the certification courses and exams will also undergo some modifications accordingly.
Whether you are a technology professional who is fine-tuning your skills, or you are part of an organization that relies on these skills, you know that staying ahead of the curve in this rapidly changing environment requires proactiveness and adaptability
Next, I will introduce the differences and changes between Exam MD-102: Endpoint Administrator and the previous exams (MD-100, MD-101), and most importantly: the new Microsoft 365 certification: “MD-102 exam best solution“.
Microsoft: Microsoft 365 certifications Change
This is very important:
The new Microsoft 365 Certified: Endpoint Administrator Associate certification name better reflects the focus for professionals in this role, as the term endpoint more accurately characterizes the range of applicable devices used in solutions they manage. The associate level remains the same.
Plus, the new Exam MD-102: Endpoint Administrator (beta available in May 2023) will replace Exam MD-100: Windows Client and Exam MD-101: Managing Modern Desktops (both retiring on September 30, 2023). This change can help streamline your journey to certification.
Exam MD-100 and Exam MD-101 were scheduled to retire on July 31, 2023, however, that date was moved out to September 30, 2023. A replacement exam, Exam MD-102: Endpoint Administrator, is available and will move from beta to live status on September 6, 2023. On the same date, Microsoft 365 Certified: Modern Desktop Administrator Associate certification will be renamed to Microsoft 365 Certified: Endpoint Administrator Associate.
View more information and answers to your questions about the new Microsoft 365 MD-102 exam
MD-102, MD-101, MD-100: Differences and changes
When comparing the objectives of the three exams, MD-102 is primarily based on the previous exam, MD-101, but still contains some MD-100 objectives, as well as some new program years that reflect changes in Intune over the past few years. Now is also a good time to point out that Microsoft likes to change tool names frequently.
There are some MD-101 goals that are not part of MD-102, such as items related to Azure AD, including user and group management, and some topics about conditional access policies. After spending a few weeks working on the new exam, I also noticed that the Microsoft Deployment Toolkit domain targets have been narrowed, with only about half the items in the new exam description being in the old MD-101. However, those who are missing are still mostly covered by those who have moved in.
Some new features (not many) include remote help in Intune, Intune role-based access control, Intune connector for Active Directory, Locally Administered Passwords (LAPS) solution for Azure AD, Conditional Access with compliance status Policies and application protection strategies, Microsoft Tunnel for Intune, endpoint analysis and adoption scores, and some Android related skills. I also noticed that some of the skills on the MD-102 exam were rephrased for clarity.
This is a point of view that I like very much, and the analysis is very comprehensive. You can click to view the full text to get the complete content.
Microsoft MD-102 Exam Solution
This is the highlight of this article!
No matter how Microsoft 365 certification changes!
Maybe you have no experience with the MD-100 exam, the MD-101 exam, or the new target content of the MD-102 exam, that doesn’t matter!
Using leads4pass MD-102 exam solution: https://www.leads4pass.com/md-102.html (MD-102 dumps) can help you practice tests, not only improve your exam skills but also your understanding of new knowledge, The most important thing is to ensure 100% passing of the exam.
Verify Microsoft MD-102 exam practice questions online
From | Number of exam questions (Free) | Related certifications Solution |
leads4pass | 15 | Microsoft 365 |
Question 1:
Your network contains an on-premises Active Directory domain and an Azure AD tenant.
The Default Domain Policy Group Policy Object (GPO) contains the settings shown in the following table.
You need to migrate the existing Default Domain Policy GPO settings to a device configuration profile.
Which device configuration profile type template should you use?
A. Administrative Templates
B. Endpoint protection
C. Device restrictions
D. Custom
Correct Answer: C
Explanation:
Deploy Password Policies using Intune Configuration Profiles | Device Restriction
We can use the Intune device restriction profile to deploy password policies for Intune-managed Windows 10 devices.
Reference:
https://howtomanagedevices.com/intune/2409/password-policies-using-intune/
Question 2:
You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.
All devices have Microsoft Edge installed.
From the Microsoft Intune admin center, you create a Microsoft Edge Baseline profile named Edge1.
You need to apply Edge1 to all the supported devices.
To which devices should you apply Edge1?
A. Device1 only
B. Device1 and Device2 only
C. Device1, Device2, and Device3 only
D. Device1, Device2, and Device4 only
E. Device1, Device2, Device3, and Device4
Correct Answer: B
Explanation:
Windows 10 and Windows 11 only.
Reference:
https://learn.microsoft.com/en-us/mem/intune/protect/security-baseline-settings-edge
Question 3:
Your company has a wireless access point that uses WPA2-Enterprise. You need to configure a computer to connect to the wireless access point. What should you do first?
A. Create a provisioning package in Windows Configuration Designer.
B. Request a passphrase.
C. Request and install a certificate.
D. Create a Connection Manager Administration Kit (CMAK) package.
Correct Answer: B
Reference: https://support.microsoft.com/en-za/help37/windows-setting-up-wireless-network
Question 4:
You have two computers named Computer1 and Computer2 that run Windows 10. Computer2 has Remote Desktop enabled.
From Computer1, you connect to Computer2 by using Remote Desktop Connection.
You need to ensure that you can access the local drives on Computer1 from within the Remote Desktop session.
What should you do?
A. From Computer2, configure the Remote Desktop settings.
B. From Windows Defender Firewall on Computer1, allow Remote Desktop.
C. From Windows Defender Firewall on Computer2, allow File and Printer Sharing.
D. From Computer1, configure the Remote Desktop Connection settings.
Correct Answer: D
Explanation:
How to gain access to local files:
You can gain access to your disk drives on the local computer during a Remote Desktop session. You can redirect the local disk drives, including the hard disk drives, CD-ROM disk drives, floppy disk drives, and mapped network disk drives so that you can transfer files between the local host and the remote computer in the same way that you copy files from a network share.
You can use Microsoft Windows Explorer to view the disk drives and files for each redirected disk drive.
Alternatively, you can view the files for each redirected disk drive in My Computer. The drives are displayed as “drive_letter on terminal_server_client_name” in both Windows Explorer and My Computer.
To view the disk drives and files for the redirected disk drive:
1. Click Start, point to All Programs (or Programs), point to
Accessories, point to Communications, and then click Remote Desktop Connection.
2. Click Options, and then click the
Local Resources tab.
3. Click Disk Drives, and then click
Connect.
Reference:
Question 5:
You have 200 computers that run Windows 10 and are joined to an Active Directory domain.
You need to enable Windows Remote Management (WinRM) on all the computers by using Group Policy.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Set the Startup Type of the Windows Remote Management (WS-Management) service to Automatic.
B. Enable the Windows Firewall: Allow inbound remote administration exception setting.
C. Enable the Allow remote server management through the WinRM setting.
D. Enable the Windows Firewall: Allow inbound Remote Desktop exceptions setting.
E. Enable the Allow Remote Shell access setting.
F. Set the Startup Type of the Remote Registry service to Automatic.
Correct Answer: ABC
Question 6:
You have a Microsoft 365 Subscription that uses Microsoft Intune. You add apps to Intune as shown in the following table.
You need to create an app configuration policy named Policy1 for the Android Enterprise platform. Which apps can you manage by using Policy1?
A. App2 only
B. App3 only
C. App1 and App3 only
D. App2 and App3 only
E. App1, App2, and App3
Correct Answer: B
Explanation:
Add app configuration policies for managed Android Enterprise devices
App configuration policies in Microsoft Intune supply settings to Managed Google Play apps on managed Android Enterprise devices. The app developer exposes Android-managed app configuration settings.
Intune uses these exposed settings to let the admin configure features for the app. The app configuration policy is assigned to your user groups. The policy settings are used when the app checks for them, typically the first time the app runs.
Not every app supports app configuration. Check with the app developer to see if their app supports app configuration policies.
Use the configuration designer
You can use the configuration designer for Managed Google Play apps when the app is designed to support configuration settings. Configuration applies to devices enrolled in Intune. The designer lets you configure specific configuration values for the settings exposed by the app.
Reference:
https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-use-android¨
Question 7:
You are creating a device configuration profile in Microsoft Intune.
You need to configure specific OMA-URI settings in the profile.
Which profile type template should you use?
A. Device restrictions (Windows 10 Team)
B. Identity protection
C. Custom
D. Device restrictions
Correct Answer: C
Explanation:
Windows client custom profiles use Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings to configure different features. These settings are typically used by mobile device manufacturers to control features on the device.
Reference:
https://docs.microsoft.com/en-us/mem/intune/configuration/custom-settings-windows-10
Question 8:
You have an Azure AD tenant that contains the devices shown in the following table.
Which devices can be activated by using subscription activation?
A. Device1 only
B. Device1 and Device2 only
C. Device1 and Device3 only
D. Device1, Device2, Device3, and Device4
Correct Answer: C
Explanation:
Windows subscription activation
The subscription activation feature enables you to “step up” from Windows Pro edition to Enterprise or Education editions. You can use this feature if you\’re subscribed to Windows Enterprise E3 or E5 licenses. Subscription activation also
supports step-up from Windows Pro Education edition to Education edition.
Devices must be Azure AD-joined or hybrid Azure AD-joined. Workgroup-joined or Azure AD-registered devices aren’t supported.
Reference: https://learn.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation
Question 9:
You have a Microsoft 365 E5 subscription and 100 unmanaged iPad devices.
You need to deploy a specific iOS update to the devices. Users must be prevented from manually installing a more recent version of iOS.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Create a device configuration profile.
B. Enroll the devices in Microsoft Intune by using the Intune Company Portal.
C. Create a compliance policy.
D. Create an iOS app provisioning profile.
E. Enroll the devices in Microsoft Intune by using Apple Business Manager.
Correct Answer: AE
Explanation:
A: iOS and iPadOS device settings to allow or restrict features using Intune
There are different settings you can control on iOS and iPadOS devices. As part of your mobile device management (MDM) solution, use these settings to allow or disable features, set password rules, allow or restrict specific apps, and more.
This feature applies to:
iOS/iPadOS
These settings are added to a device configuration profile in Intune and then assigned or deployed to your iOS/iPadOS devices.
E: Enroll iOS and iPadOS devices in Microsoft Intune
Personal and organization-owned devices can be enrolled in Intune. Once they\’re enrolled, they receive the policies and profiles you create. You have the following options when enrolling iOS/iPadOS devices:
Automated device enrollment (ADE)
Apple Configurator
BYOD: User and Device enrollment
Automated Device Enrollment (ADE) (supervised)
Previously called the Apple Device Enrollment Program (DEP). Use on devices owned by your organization. This option configures settings using Apple Business Manager (ABM) or Apple School Manager (ASM). It enrolls a large number of
devices, without you ever touching the devices. These devices are purchased from Apple, have your preconfigured settings, and can be shipped directly to users or schools. You create an enrollment profile in the Intune admin center and push this profile to the devices.
Reference:
https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-ios
https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-ios-ipados
Question 10:
Your company has 200 computers that run Windows 10. The computers are managed by using Microsoft Intune.
Currently, Windows updates are downloaded without using Delivery Optimization.
You need to configure the computers to use Delivery Optimization.
What should you create in Intune?
A. a device compliance policy
B. a Windows 10 update ring
C. a device configuration profile
D. an app protection policy
Correct Answer: C
Explanation:
With Intune, use Delivery Optimization settings for your Windows devices to reduce bandwidth consumption when those devices download applications and updates. Configure Delivery Optimization as part of your device configuration
profiles.
Reference:
https://docs.microsoft.com/en-us/intune/delivery-optimization-windows
Question 11:
You have a Microsoft 365 E5 subscription that contains 150 hybrid Azure AD joined Windows devices. All the devices are enrolled in Microsoft Intune.
You need to configure Delivery Optimization on the devices to meet the following requirements:
Allow downloads from the internet and from other computers on the local network. Limit the percentage of used bandwidth to 50.
What should you use?
A. a configuration profile
B. a Windows Update for Business Group Policy setting
C. a Microsoft Peer-to-Peer Networking Services Group Policy setting
D. an Update ring for Windows 10 and later profile
Correct Answer: C
Explanation:
How Microsoft uses Delivery Optimization
At Microsoft, to help ensure that ongoing deployments weren’t affecting our network and taking away bandwidth for other services, Microsoft IT used a couple of different bandwidth management strategies.
Delivery Optimization, and peer-to-peer caching enabled through Group Policy were piloted and then deployed to all managed devices using Group Policy.
Based on recommendations from the Delivery Optimization team, we used the “group” configuration to limit sharing of content to only the devices that are members of the same Active Directory domain.
The content is cached for 24 hours. More than 76 percent of content came from peer devices versus the Internet.
Note: Delivery Optimization options
You can use Group Policy or an MDM solution like Intune to configure Delivery Optimization.
Summary of Delivery Optimization Settings
*
Maximum foreground download bandwidth (percentage) DOPercentageMaxForegroundBandwidth
*
Maximum background download bandwidth (percentage) DOPercentageMaxBackgroundBandwidth
*
Etc.
Note 2: Policies to prioritize the use of Peer-to-Peer and Cache Server sources
When the Delivery Optimization client is configured to use peers and Microsoft Connected Cache (MCC), to achieve the best possible content delivery experience, the client will connect to both MCC and peers in parallel. If the desired content can’t be obtained from MCC or peers, Delivery Optimization will automatically fall back to the HTTP source to get the requested content.
There are four settings that allow you to prioritize peer-to-peer or MCC sources by delaying the
immediate fallback to the HTTP source which is the default behavior.
Incorrect:
Not D: Update rings for Windows 10 and later policy in Intune
Create update rings that specify how and when Windows as a Service updates your Windows 10/11 devices with feature and quality updates. With Windows 10/11, new features and quality updates include the contents of all previous updates.
As long as you\’ve installed the latest update, you know your Windows devices are up to date. Unlike with previous versions of Windows, you now must install the entire update instead of part of an update.
Reference:
https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization
https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization-reference
Question 12:
You have devices enrolled in Microsoft Intune as shown in the following table.
On which devices can you apply app configuration policies?
A. Device2 only
B. Device1 and Device2 only
C. Device3 and Device4 only
D. Device2, Device3, and Device4 only
E. Device1, Device2, Device3, and Device4
Correct Answer: C
Explanation:
App configuration policies for Microsoft Intune
You can create and use app configuration policies to provide configuration settings for both iOS/iPadOS or Android apps.
Reference:
https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-overview
Question 13:
You need to prepare for the deployment of the Phoenix office computers.
What should you do first?
A. Generalize the computers and configure the Device settings from the Microsoft Entra admin center.
B. Extract the serial number of each computer to an XML file and upload the file from the Microsoft Intune admin center.
C. Extract the hardware ID information of each computer to a CSV file and upload the file from the Microsoft Intune admin center.
D. Generalize the computers and configure the Mobility (MDM and MAM) settings from the Microsoft Entra admin center.
E. Extract the serial number information of each computer to a CSV file and upload the file from the Microsoft Intune admin center.
Correct Answer: C
Explanation:
To manage devices through Microsoft Store for Business and Education, you\’ll need a .csv file that contains specific information about the devices. You should be able to get this from your Microsoft account contact, or the store where you purchased the devices. Upload the .csv file to Microsoft Store to add the devices.
Note:
Provide new computers to the Phoenix office users. The new computers have Windows 10 Pro preinstalled and were purchased already.
Deploy Windows 10 Enterprise to the computers of the Phoenix office users by using Windows Autopilot.
Reference:
https://docs.microsoft.com/en-us/microsoft-store/add-profile-to-devices
Question 14:
Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10.
On Computer1, you create a folder and assign Full control permissions to Everyone.
You share the folder as Share1 and assign the permissions shown in the following table.
When accessing Share1, which two actions can be performed by User1 but not by User2? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Delete a file created by another user.
B. Set the permissions for a file.
C. Rename a file created by another user.
D. Take ownership of the file.
E. Copy a file created by another user to a subfolder.
Correct Answer: BD
Question 15:
You have a Microsoft 365 subscription that uses Microsoft Intune Suite.
You use Microsoft Intune to manage devices.
You have a Windows 11 device named Device1 that is enrolled in Intune. Device 1 has been offline for 30 days.
You need to remove Device1 from Intune immediately. The solution must ensure that if the device checks in again, any apps and data provisioned by Intune are removed. User-installed apps, personal data, and OEM-installed apps must be retained.
What should you use?
A. a Delete action
B. a Retire action
C. a Fresh Start action
D. An autopilot Reset action
Correct Answer: B
Explanation:
Retire
The Retire action removes managed app data (where applicable), settings, and email profiles that were assigned by using Intune.
The device is removed from Intune management. Removal happens the next time the device checks in and receives the remote Retire action.
The device still shows up in Intune until the device checks in. If you want to remove stale devices immediately, use the Delete action instead.
Retire leaves the user\’s personal data on the device.
Reference:
https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe
…
Microsoft 365 Certified: MD-102 exam solution contains 162 exam questions and answers, providing two practice methods, PDF and VCE. Download the complete MD-102 exam questions: https://www.leads4pass.com/md-102.html Helping you stand out in a rapidly changing environment.