Updated Apr-2025 Test Engine to Practice Test for MD-102 Exam Questions and Answers!
Endpoint Administrator Certification Sample Questions and Practice Exam
Microsoft MD-102 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION # 166
You need to meet the technical requirements for the LEG department computers.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
1 - Create a Azure Log Analytics workspace.
2 - Add a solution to a workspace.
3 - Configure the commercial ID on teh LEG department computers.
Reference:
https://docs.microsoft.com/en-us/windows/deployment/update/windows-analytics-azure-portal
NEW QUESTION # 167
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE:Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
A screenshot of a computer Description automatically generated with medium confidence
NEW QUESTION # 168
You have the Microsoft Deployment Toolkit (MDT) installed in three sites as shown in the following table.
You use Distributed File System (DFS) Replication to replicate images in a share named Production.
You configure the following settings in the Bootstrap.ini file.
Answer:
Explanation:
NEW QUESTION # 169
You have a Microsoft 365 E5 subscription that contains 500 macOS devices enrolled in Microsoft Intune.
You need to ensure that you can apply Microsoft Defender for Endpoint antivirus policies to the macOS devices. The solution must minimize administrative effort.
What should you do?
- A. From the Microsoft Intune admin center, create a configuration profile.
- B. Onboard the macOS devices to the Microsoft Purview compliance portal.
- C. Install Defender for Endpoint on the macOS devices.
- D. From the Microsoft Intune admin center, create a security baseline.
Answer: C
Explanation:
Explanation
To apply Microsoft Defender for Endpoint antivirus policies to the macOS devices, you need to install Defender for Endpoint on the devices. You can use Intune to deploy a script that installs Defender for Endpoint on macOS devices. After installation, you can use Intune to create and assign antivirus policies to the devices. References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-int
NEW QUESTION # 170
You have Windows 10 devices that are managed by using Microsoft Intune. Intune and the Microsoft Store for Business are integrated.
You need to deploy the Remote Desktop modern app as an automatic install to the Windows 10 devices without user interaction.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. From the Intune portal, create a Microsoft Store app for the Remote Desktop modern app.
- B. Create an Azure Active Directory group that contains the Windows 10 devices.
- C. For your organization, make the app available in the Microsoft Store for Business.
- D. From the Microsoft Store for Business portal, assign a license for the app to all the users in the Azure Active Directory group.
- E. Create an Azure Active Directory group that contains all users.
- F. From the Intune portal assign the app to the Azure Active Directory group.
Answer: A,B,F
Explanation:
Step 1: Create an Azure Active Directory group that contains the Windows 10 devices.
Step 2: From the Endpoint Manager admin center, create a Microsoft Store app for the Remote Desktop modern app.
Step 3: From the Endpoint Manager admin center, assign the app to the Azure Active Directory group.
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/store-apps-windows
https://docs.microsoft.com/en-us/mem/intune/apps/apps-deploy
https://docs.microsoft.com/en-us/mem/intune/apps/windows-store-for-business
https://docs.microsoft.com/en-us/mem/intune/apps/apps-add
NEW QUESTION # 171
You have an Azure AD tenant and 100 Windows 10 devices that are Azure AD joined and managed by using Microsoft Intune.
You need to configure Microsoft Defender Firewall and Microsoft Defender Antivirus on the devices. The solution must minimize administrative effort.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Endpoint protection settings.
- B. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Endpoint protection settings.
- C. To configure Microsoft Defender Antivirus, create a Group Policy Object (GPO) and configure the Windows Defender Antivirus settings.
- D. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Device restrictions settings.
- E. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Device restrictions settings.
- F. To configure Microsoft Defender Firewall, create a Group Policy Object (GPO) and configure Windows Defender Firewall with Advanced Security.
Answer: A,B
Explanation:
To configure Microsoft Defender Firewall and Microsoft Defender Antivirus on Azure AD joined devices that are managed by Intune, you need to create a device configuration profile and configure the Endpoint protection settings. You can use this profile to configure various settings for firewall and antivirus protection on the devices.References:https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-protection-windows-10
NEW QUESTION # 172
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that contains a user named User1 and the devices shown in the following table.
User1 can access her Microsoft Exchange Online mailbox from both Device1 and Device2.
You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:
* Assignments
- Users or workload identities: User1
- Cloud apps or actions: Office 365 Exchange Online
* Access controls
- Grant: Block access
You need to configure CAPolicy1 to allow mailbox access from Device1 but block mailbox access from Device2.
Solution: You add a condition that specifies trusted location.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
NEW QUESTION # 173
You have a Microsoft 365 E5 subscription that contains a computer named Computer1 that runs Windows 11.
Computer1 is enrolled in Microsoft Intune.
You need to deploy an app named App1 to Computer1. The App1 installation will use multiple files.
What should you use to package App1, and which file format will be used? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
"The Microsoft Win32 Content Prep Tool zips all files and subfolders when it creates the .intunewin file. Be sure to keep the Microsoft Win32 Content Prep Tool separate from the installer files and folders, so that you don't include the tool or other unnecessary files and folders in your .intunewin file."
NEW QUESTION # 174
Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant. The tenant contains the users shown in the following table.
You assign Windows 10/11 Enterprise E5 licenses to Gtoup1 and Uset2.
You deploy the devices shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 175
You have the devices shown in the following table.
You need to migrate app data from Device1 to Device2. The data must be encrypted and stored on Seryer1 during the migration.
Which command should you run on each device? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 176
You have a Microsoft 365 subscription.
All computers are enrolled in Microsoft Intune.
You have business requirements for securing your Windows 11 environment as shown in the following table.
What should you implement to meet each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 177
You have a Microsoft 365 subscription that contains the devices shown in the following table.
You plan to enroll the devices in Microsoft Intune.
How often will the compliance policy check-ins run after each device is enrolled in Intune? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Every three minutes for 15 minutes, then every 15 minutes for two hours, and then around every eight hours If devices recently enroll, then the compliance, non-compliance, and configuration check-in runs more frequently. The check-ins are estimated at:
Windows 10: Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours Graphical user interface, text, application, email Description automatically generated
Box 2: Every 15 minutes for one hour, and then every eight hours
iOS/iPadOS: Every 15 minutes for 1 hour, and then around every 8 hours
Reference: https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-troubleshoot
NEW QUESTION # 178
You have an Azure AD group named Group1. Group! contains two Windows 10 Enterprise devices named Device1 and Device2. You create a device configuration profile named Profile1. You assign Profile! to Group1. You need to ensure that Profile! applies to Device1 only. What should you modify in Profile 1?
- A. Settings
- B. Assignments
- C. Applicability Rules
- D. Scope (Tags)
Answer: D
Explanation:
To ensure that Profile1 applies to Device1 only, you need to modify the Applicability Rules in Profile1. You can use applicability rules to filter which devices receive a profile based on criteria such as device model, manufacturer, or operating system version. You can create an applicability rule that matches Device1's properties and excludes Device2's properties. References:
https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-assign#applicability-rules
NEW QUESTION # 179
You have a Windows 10 device named Device! that is joined to Active Directory and enrolled in Microsoft Intune.
Device1 is managed by using Group Policy and Intune.
You need to ensure that the Intune settings override the Group Policy settings.
What should you configure?
- A. a device compliance policy
- B. a Group Policy Object (GPO)
- C. an MDM Security Baseline profile
- D. a device configuration profile
Answer: D
Explanation:
Explanation
A device configuration profile is a collection of settings that can be applied to devices enrolled in Microsoft Intune. You can use device configuration profiles to manage Windows 10 devices that are joined to Active Directory and enrolled in Intune. To ensure that the Intune settings override the Group Policy settings, you need to enable the policy CSP setting called MDMWinsOverGP in the device configuration profile. This setting will give precedence to the MDM policy over any conflicting Group Policy settings. References: [Use policy CSP settings to create custom device configuration profiles]
NEW QUESTION # 180
Hotspot Question
You have a Microsoft 365 E5 subscription that uses Microsoft Intune.
You need to ensure that users can only enroll devices that meet the following requirements:
- Android devices that support the use of work profiles.
- iOS devices that run iOS 11.0 or later.
Which two restrictions should you modify? To answer, select the restrictions in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: Android device administrator, Platform: Block
Restrict devices running on the following platforms:
Android device administrator
Android Enterprise work profile
iOS/iPadOS
macOS
Windows
Note: If you allow both Android platforms for the same group, devices that support work profile will enroll with a work profile. Devices that don't support it will enroll on the Android device administrator platform. Neither work profile nor device administrator enrollment will work until you complete all prerequisites for Android enrollment.
Box 2: iOS/PadOS, Allow min/max Range: Min
Reference:
https://docs.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set
NEW QUESTION # 181
You have computers that run Windows 10 and are managed by using Microsoft Intune.
Users store their files in a folder named D:\Folder1.
You need to ensure that only a trusted list of applications is granted write access to D:\Folder1.
What should you configure in the device configuration profile?
- A. Microsoft Defender Application Guard
- B. Microsoft Defender Application Control
- C. Microsoft Defender SmartScreen
- D. Microsoft Defender Exploit Guard
Answer: D
Explanation:
This is an ASR rule which is part of Exploit Guard
Ref:https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-controlled-folders?view= Ref:https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-d
NEW QUESTION # 182
You have a Microsoft 365 Business Standard subscription and 100 Windows 10 Pro devices.
You purchase a Microsoft 365 E5 subscription.
You need to upgrade the Windows 10 Pro devices to Windows 10 Enterprise. The solution must minimize administrative effort.
Which upgrade method should you use?
- A. Windows Autopilot
- B. an in-place upgrade by using Windows installation media
- C. Subscription Activation
- D. a Microsoft Deployment Toolkit (MDT) lite-touch deployment
Answer: C
Explanation:
Windows 10/11 Subscription Activation
Windows 10 Pro supports the Subscription Activation feature, enabling users to step-up from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise, respectively, if they are subscribed to Windows 10/11 Enterprise E3 or E5.
Reference:
https://docs.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation
NEW QUESTION # 183
You have a Microsoft 365 subscription that contains 100 devices enrolled in Microsoft Intune.
You need to review the startup processes and how often each device restarts.
What should you use?
- A. Device Management
- B. Endpoint analytics
- C. Azure Monitor
- D. Intune Data Warehouse
Answer: D
Explanation:
Endpoint analytics within Microsoft Intune specifically provides insights into device performance and health, including information about startup processes and restart frequency. It offers features like:
Startup performance: Analyzes boot and sign-in times, identifying slow devices and their specific bottlenecks.
Restart frequency: Tracks how often devices restart overall and per model, helping identify unusual occurrences.
Model performance: Compares boot and sign-in performance across different device models.
NEW QUESTION # 184
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
You have devices enrolled in Microsoft Intune as shown in the following table.
From Intune, you create and send a custom notification named Notification1 to Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
A screenshot of a computer Description automatically generated with medium confidence
Reference:
https://docs.microsoft.com/en-us/mem/intune/remote-actions/custom-notifications
NEW QUESTION # 185
You have a Microsoft 365 subscription that contains 500 Android Enterprise devices.
All the devices are enrolled in Microsoft Intune.
You need to deliver bookmarks to the Chrome browser on the devices.
What should you create?
- A. an app configuration policy
- B. a configuration profile
- C. an app protection policy
- D. a compliance policy
Answer: A
Explanation:
https://learn.microsoft.com/en-us/mem/intune/apps/apps-configure-chrome-android#add-app- configuration-for-managed-ae-devices
NEW QUESTION # 186
Your company has an Azure AD tenant named contoso.com that contains several Windows 10 devices.
When you join new Windows 10 devices to contoso.com, users are prompted to set up a four-digit pin.
You need to ensure that the users are prompted to set up a six-digit pin when they join the Windows 10 devices to contoso.com.
Solution: From the Microsoft Entra admin center, you configure automatic mobile device management (MDM) enrollment. From the Microsoft Intune admin center, you configure the Windows Hello for Business enrollment options.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
NEW QUESTION # 187
Hotspot Question
You have a Microsoft 365 subscription that uses Microsoft Intune.
You plan to manage Windows updates by using Intune.
You create an update ring for Windows 10 and later and configure the User experience settings for the ring as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
https://learn.microsoft.com/en-us/mem/intune/protect/windows-update-settings
NEW QUESTION # 188
You have an Azure AD tenant that contains the users shown in the following table.
You have the devices shown in the following table.
You have a Conditional Access policy named CAPolicy1 that has the following settings:
* Assignments
o Users or workload identities: User 1. User1
o Cloud apps or actions: Office 365 Exchange Online
o Conditions: Device platforms: Windows, iOS
* Access controls
o Grant Require multi-factor authentication
You have a Conditional Access policy named CAPolicy2 that has the following settings:
Assignments
o Users or workload identities: Used, User2
o Cloud apps or actions: Office 365 Exch
o Conditions
Device platforms: Android, iOS
Filter for devices
Device matching the rule: Exclude filtered devices from policy
Rule syntax: device. displayName- contains "1"
Access controls
Grant Block access
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Explanation:
Explanation
A screen shot of a computer Description automatically generated with low confidence
NEW QUESTION # 189
You have an Azure AD tenant and 100 Windows 10 devices that are Azure AD joined and managed by using Microsoft Intune.
You need to configure Microsoft Defender Firewall and Microsoft Defender Antivirus on the devices. The solution must minimize administrative effort.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Endpoint protection settings.
- B. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Endpoint protection settings.
- C. To configure Microsoft Defender Antivirus, create a Group Policy Object (GPO) and configure the Windows Defender Antivirus settings.
- D. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Device restrictions settings.
- E. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Device restrictions settings.
- F. To configure Microsoft Defender Firewall, create a Group Policy Object (GPO) and configure Windows Defender Firewall with Advanced Security.
Answer: A,B
Explanation:
To configure Microsoft Defender Firewall and Microsoft Defender Antivirus on Azure AD joined devices that are managed by Intune, you need to create a device configuration profile and configure the Endpoint protection settings. You can use this profile to configure various settings for firewall and antivirus protection on the devices. Reference: https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-protection-windows-10
NEW QUESTION # 190
......
Certification dumps Microsoft 365 Certified MD-102 guides - 100% valid: https://examcollection.dumpsvalid.com/MD-102-brain-dumps.html