Exam MD-102: Endpoint Administrator
As a candidate for the Exam MD-102: Endpoint Administrator, you should be an expert in handling various tasks in a Microsoft 365 environment, such as setting up, configuring, securing, managing, and keeping an eye on devices and client applications. Your responsibilities include:
- Managing identity, security, access, policies, updates, and apps for endpoints.
- Putting in place solutions for deploying and managing endpoints efficiently, covering different operating systems, platforms, and device types.
- Scaling up the implementation and management of endpoints using tools like Microsoft Intune, Windows 365, Windows Autopilot, Microsoft Defender for Endpoint, and Microsoft Entra ID.
Working Areas:
As an endpoint administrator, collaboration is key. You’ll work with architects, Microsoft 365 administrators, security administrators, and other workload administrators to create and execute a modern workplace strategy that aligns with the organization’s business needs.
To excel in this role, you need hands-on experience with Microsoft Entra ID and Microsoft 365 technologies, including Intune. Strong skills and experience in deploying, configuring, and maintaining both Windows and non-Windows devices are essential for success in this field.
Exam Details
- The Microsoft MD-102 exam has 40-60 questions.
- These questions can be different, like scenarios where you pick one answer, multiple-choice questions, putting things in order, dragging and dropping, and marking for review.
- To pass, you need a score of 700 or higher.
- The exam is available in English, Chinese (Simplified), German, Spanish, French, Japanese, and Portuguese (Brazil).
- The exam cost is $165 USD.
Exam Course Outline
Preparing for the exam starts with understanding the course outline, serving as a guide to acquiring crucial skills and knowledge. Delving into the exam curriculum ensures a comprehensive grasp of the topics at hand. Now, let’s understand the key components of the MD-102 exam.
Deploy Windows client (25–30%)
Prepare for a Windows client deployment
- Select a deployment tool based on requirements (Microsoft Documentation: Windows 10 deployment scenarios and tools)
- Choose between migrate and rebuild (Microsoft Documentation: Windows upgrade and migration considerations)
- Choose an imaging and/or provisioning strategy (Microsoft Documentation: Windows 10 deployment considerations)
- Select a Windows edition based on requirements (Microsoft Documentation: Windows Processor Requirements)
- Implement subscription-based activation (Microsoft Documentation: Windows subscription activation)
- Deploy Windows 365
Plan and implement a Windows client deployment by using Windows Autopilot
- Configure device registration for Autopilot (Microsoft Documentation: Manually register devices with Windows Autopilot)
- Create, validate, and assign deployment profiles (Microsoft Documentation: Privileged access deployment)
- Set up the Enrollment Status Page (ESP) (Microsoft Documentation: Set up the Enrollment Status Page)
- Deploy Windows devices by using Autopilot (Microsoft Documentation: Overview of Windows Autopilot)
- Troubleshoot an Autopilot deployment (Microsoft Documentation: Troubleshooting overview)
Plan and implement a Windows client deployment by using the Microsoft Deployment Toolkit (MDT)
- Plan and implement an MDT deployment infrastructure (Microsoft Documentation: Prepare for deployment with MDT)
- Create, manage, and deploy images (Microsoft Documentation: Deploy a Custom Image)
- Monitor and troubleshoot a deployment (Microsoft Documentation: Monitor applications from the Configuration Manager console)
- Plan and configure user state migration (Microsoft Documentation: Getting started with the User State Migration Tool (USMT))
Configure remote management
- Configure Remote Help in Intune (Microsoft Documentation: Use Remote Help with Microsoft Intune)
- Configure Remote Desktop on a Windows client (Microsoft Documentation: Remote Desktop clients for Remote Desktop Services and remote PCs)
- Configure the Windows Admin Center (Microsoft Documentation: Windows Admin Center)
- Configure PowerShell remoting and Windows Remote Management (WinRM) (Microsoft Documentation: Installation and configuration for Windows Remote Management)
Manage identity and compliance (15–20%)
Manage identity
- Implement user authentication on Windows devices, including Windows Hello for Business, passwordless, and tokens (Microsoft Documentation: Passwordless authentication options for Microsoft Entra ID, Plan a passwordless authentication deployment in Microsoft Entra ID)
- Manage role-based access control (RBAC) for Intune (Microsoft Documentation: Role-based access control (RBAC) with Microsoft Intune)
- Register devices in and join devices to Microsoft Entra ID (Microsoft Documentation: Microsoft Entra registered devices)
- Implement the Intune Connector for Active Directory (Microsoft Documentation: Deploy Microsoft Entra hybrid joined devices by using Intune and Windows Autopilot)
- Manage the membership of local groups on Windows devices
- Implement and manage Local Administrative Passwords Solution (LAPS) for Microsoft Entra ID (Microsoft Documentation: What is Windows LAPS?)
Implement compliance policies for all supported device platforms by using Intune
- Specify compliance policies to meet requirements (Microsoft Documentation: Use compliance policies to set rules for devices you manage with Intune)
- Implement compliance policies (Microsoft Documentation: Create a compliance policy in Microsoft Intune)
- Implement Conditional Access policies that require a compliance status (Microsoft Documentation: Building a Conditional Access policy)
- Manage notifications for compliance policies (Microsoft Documentation: Use compliance policies to set rules for devices you manage with Intune)
- Monitor device compliance
- Troubleshoot compliance policies (Microsoft Documentation: Troubleshooting policies and profiles in Microsoft Intune)
Manage, maintain, and protect devices (40–45%)
Manage the device lifecycle in Intune
- Configure enrollment settings (Microsoft Documentation: Set up the Enrollment Status Page)
- Configure automatic and bulk enrollment, including Windows, Apple, and Android (Microsoft Documentation: Enrollment guide: Enroll Windows client devices in Microsoft Intune)
- Configure policy sets (Microsoft Documentation: Use policy sets to group collections of management objects)
- Restart, retire, or wipe devices (Microsoft Documentation: Remove devices by using wipe, retire, or manually unenrolling the device)
Manage device configuration for all supported device platforms by using Intune
- Specify configuration profiles to meet requirements (Microsoft Documentation: Create a device profile in Microsoft Intune)
- Implement configuration profiles
- Monitor and troubleshoot configuration profiles (Microsoft Documentation: Monitor device configuration profiles in Microsoft Intune)
- Configure and implement Windows kiosk mode (Microsoft Documentation: Set up a multi-app kiosk on Windows 10 devices, Set up a single-app kiosk on Windows 10/11)
- Configure and implement profiles on Android devices, including fully managed, dedicated, corporate owned, and work profile (Microsoft Documentation: Enroll your Android Enterprise dedicated, fully managed, or corporate-owned with work profile devices)
- Plan and implement Microsoft Tunnel for Intune (Microsoft Documentation: Configure Microsoft Tunnel for Intune)
Monitor devices
- Monitor devices by using Intune (Microsoft Documentation: Monitor device encryption with Intune, Manage devices with Microsoft Intune)
- Monitor devices by using Azure Monitor (Microsoft Documentation: Azure Monitor overview)
- Analyze and respond to issues identified in Endpoint analytics and Adoption Score (Microsoft Documentation: Endpoint analytics in Microsoft Adoption Score)
Manage device updates for all supported device platforms by using Intune
- Plan for device updates (Microsoft Documentation: Plan for software updates in Configuration Manager)
- Create and manage update policies by using Intune (Microsoft Documentation: Create a compliance policy in Microsoft Intune)
- Manage Android updates by using configuration profiles (Microsoft Documentation: What’s new in Microsoft Intune)
- Monitor updates (Microsoft Documentation: Monitor software updates in Configuration Manager)
- Troubleshoot updates in Intune (Microsoft Documentation: Troubleshooting policies and profiles in Microsoft Intune)
- Configure Windows client delivery optimization by using Intune (Microsoft Documentation: Delivery Optimization settings in Microsoft Intune, Delivery Optimization settings for Windows devices in Intune)
- Create and manage update rings by using Intune (Microsoft Documentation: Update rings for Windows 10 and later policy in Intune)
Implement endpoint protection for all supported device platforms
- Implement and manage security baselines in Intune (Microsoft Documentation: Use security baselines to configure Windows devices in Intune)
- Create and manage configuration policies for Endpoint security including antivirus, encryption, firewall, endpoint detection and response (EDR), and attack surface reduction (ASR) (Microsoft Documentation: Attack surface reduction policy for endpoint security in Intune, Endpoint detection and response policy for endpoint security in Intune)
- Onboard devices to Microsoft Defender for Endpoint (Microsoft Documentation: Migrate to Microsoft Defender for Endpoint – Phase 3: Onboard)
- Implement automated response capabilities in Microsoft Defender for Endpoint (Microsoft Documentation: Microsoft Defender for Endpoint, Configure automated investigation and response capabilities in Microsoft Defender XDR)
- Review and respond to device issues identified in the Microsoft Defender Vulnerability Management dashboard (Microsoft Documentation: What is Microsoft Defender Vulnerability Management, Use your vulnerability management dashboard in Microsoft Defender for Business)
Manage applications (10–15%)
Deploy and update apps for all supported device platforms
- Deploy apps by using Intune (Microsoft Documentation: Get started with your Microsoft Intune deployment)
- Configure Microsoft 365 Apps deployment by using the Microsoft Office Deployment Tool or Office Customization Tool (OCT) (Microsoft Documentation: Overview of the Office Customization Tool, Overview of the Office Deployment Tool)
- Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center (Microsoft Documentation: Overview of the Microsoft 365 Apps admin center)
- Deploy Microsoft 365 Apps by using Intune (Microsoft Documentation: Add Microsoft 365 Apps to Windows 10/11 devices with Microsoft Intune)
- Configure policies for Office apps by using Group Policy or Intune (Microsoft Documentation: Policies for Office apps, App configuration policies for Microsoft Intune)
- Deploy apps from platform-specific app stores by using Intune (Microsoft Documentation: Add apps to Microsoft Intune, Windows 10/11 app deployment by using Microsoft Intune)
Plan and implement app protection and app configuration policies
- Plan and implement app protection policies for iOS and Android (Microsoft Documentation: App protection policies overview)
- Manage app protection policies (Microsoft Documentation: App protection policies overview)
- Implement Conditional Access policies for app protection policies (Microsoft Documentation: Use app-based Conditional Access policies with Intune)
- Plan and implement app configuration policies for managed apps and managed devices (Microsoft Documentation: Add app configuration policies for managed iOS/iPadOS devices)
- Manage app configuration policies
Exam MD-102: Endpoint Administrator FAQs
Exam Policies
All the info about the exam, like how it works, is in the Microsoft Certification exam policies. It’s important to follow these rules during the exam or when you’re at the test center. Let’s check out a couple of them:
- Retake: If you don’t pass the first time, wait for 24 hours before trying again. During this time, you can pick a new exam date on the certification dashboard. For the second try, there’s a 14-day wait. After the third attempt, there are 14-day waits between each try. You can only give it a shot five times a year, and the 12-month period starts from your first attempt.
- Changing Exam Date or Cancelling: If you need to change or cancel your exam, make sure to do it at least 24 hours before your scheduled time. If you do it less than 24 hours before, you’ll lose the money you paid for the exam. Also, if your company got a voucher for you, they might face penalties if you change or cancel with less than 24 hours’ notice.
Exam MD-102: Endpoint Administrator Study Guide
1. Get Familiar with the Exam Objectives
To begin preparing for the Microsoft MD-102 exam, it’s essential to understand the exam goals. These objectives delve into crucial topics that form the core of what you need to know. The exam assesses your technical skills in completing the following tasks:
- Deploy Windows client
- Manage identity and compliance
- Manage, maintain, and protect devices
- Manage applications
2. Use Microsoft Learning Paths
Microsoft offers special learning routes with study modules to prepare you for your exams. For a comprehensive guide and study materials for the MD-102 test, visit the official Microsoft website. The modules in this course not only enhance your understanding of the subjects but also guarantee success in the exams. Here’s what the learning path for the test involves:
Explore endpoint management:
For more: https://learn.microsoft.com/en-us/training/paths/explore-endpoint-management/
This learning path is crafted to offer a thorough grasp of enterprise desktops, various Windows editions, and Microsoft Entra ID. It involves exploring different Windows editions, and understanding their features and installation methods. The focus extends to Microsoft Entra ID, emphasizing both its similarities and differences with AD DS and the synchronization process between them. Additionally, learners will gain insights into effectively managing Microsoft Entra identities. In summary, this learning path provides the essential knowledge and skills needed to proficiently support enterprise desktops and handle Microsoft Entra identities.
Prerequisites:
- Robust technical skills in installing, maintaining, and troubleshooting Windows 10 OS or later.
- A solid understanding of computer networking, client security, and application concepts.
- Experience using Active Directory Domain Services.
Modules in this learning path:
- Explore the Enterprise Desktop
- Explore Windows Editions
- Understand Microsoft Entra ID
- Manage Microsoft Entra identities
Execute device enrollment:
For more: https://learn.microsoft.com/en-us/training/paths/execute-device-enrollment/
In this learning path, we’ll explore Microsoft Entra join and introduce you to Microsoft Endpoint Manager. Additionally, we’ll delve into configuring policies for enrolling devices to Configuration Manager and Microsoft Intune.
Prerequisites:
- Proficient technical skills in installing, maintaining, and troubleshooting the Windows 10 OS or later.
- Understanding of computer networking, client security, and application concepts.
- Prior experience using Active Directory Domain Services.
Modules in this learning path:
- Manage device authentication
- Enroll devices using Microsoft Configuration Manager
- Enroll devices using Microsoft Intune
Configure profiles for user and devices
For more: https://learn.microsoft.com/en-us/training/paths/configure-profiles-user-device/
In this learning path, we’ll delve into Intune device profiles, uncover the advantages of user profiles, and learn the process of synchronizing profile data across various devices.
Prerequisites:
- Proficient technical skills in installing, maintaining, and troubleshooting the Windows 10 OS or later.
- Understanding of computer networking, client security, and application concepts.
- Previous experience using Active Directory Domain Services.
Modules in this learning path:
- Execute device profiles
- Oversee device profiles
- Maintain user profiles
Examine application management:
For more: https://learn.microsoft.com/en-us/training/paths/examine-application-management/
In this course, participants will explore how to manage applications using both on-premises and cloud-based solutions.
Prerequisites:
- Proficient technical skills in installing, maintaining, and troubleshooting the Windows 10 OS or later.
- A solid understanding of computer networking, client security, and application concepts.
- Previous experience using Active Directory Domain Services.
Modules in this learning path:
- Execute mobile application management
- Deploy and update applications
- Administer endpoint applications
Manage authentication and compliance:
For more: https://learn.microsoft.com/en-us/training/paths/authentication-compliance/
This learning path explores the different options available for handling authentication. Participants will also gain knowledge about various types of VPNs, along with an understanding of compliance and conditional access policies.
Prerequisites:
- Proficient technical skills in installing, maintaining, and troubleshooting the Windows 10 OS or later.
- A solid understanding of computer networking, client security, and application concepts.
- Previous experience using Active Directory Domain Services.
Modules in this learning path:
- Protect identities in Microsoft Entra ID
- Enable organizational access
- Implement device compliance
- Generate inventory and compliance reports
Manage endpoint security:
For more: https://learn.microsoft.com/en-us/training/paths/manage-endpoint-security/
This learning path will teach students about safeguarding data and protecting endpoints from potential threats. Additionally, the course will delve into the essential features of Microsoft Defender solutions.
Prerequisites:
- Proficient technical skills in installing, maintaining, and troubleshooting the Windows 10 OS or later.
- A solid understanding of computer networking, client security, and application concepts.
- Previous experience using Active Directory Domain Services.
Modules in this learning path:
- Deploy device data protection
- Manage Microsoft Defender for Endpoint
- Manage Microsoft Defender in Windows client
- Manage Microsoft Defender for Cloud Apps
Deploy using on-premises based tools:
For more: https://learn.microsoft.com/en-us/training/paths/deploy-on-premise-based-tools/
In this course, students will be introduced to deployment methods using both the Microsoft Deployment Toolkit and Configuration Manager.
Prerequisites:
- Proficient technical skills in installing, maintaining, and troubleshooting the Windows 10 OS or later.
- A solid understanding of computer networking, client security, and application concepts.
- Previous experience using Active Directory Domain Services.
Modules in this learning path:
- Assess deployment readiness
- Deploy using the Microsoft Deployment Toolkit
- Deploy using Microsoft Configuration Manager
Deploy using cloud based tools:
For more: https://learn.microsoft.com/en-us/training/paths/deploy-cloud-based-tools/
In this course, students will explore the utilization of Windows Autopilot and deployment through Microsoft Intune. The curriculum will also cover how co-management can facilitate the shift to modern management.
Prerequisites:
- Proficient technical skills in installing, maintaining, and troubleshooting the Windows 10 OS or later.
- A solid understanding of computer networking, client security, and application concepts.
- Previous experience using Active Directory Domain Services.
Modules in this learning path:
- Deploy Devices using Windows Autopilot
- Implement dynamic deployment methods
- Plan a transition to modern endpoint management
- Manage Windows 365
- Manage Azure Virtual Desktop
3. Instructor-led Training
In this course, students will gain knowledge and skills to plan and implement an endpoint deployment strategy using modern deployment techniques and update strategies. The curriculum introduces crucial elements of modern management, co-management approaches, and integration with Microsoft Intune. Topics covered include app deployment, managing browser-based applications, and key security concepts like authentication, identities, access, and compliance policies. Technologies such as Microsoft Entra ID, Azure Information Protection, and Microsoft Defender for Endpoint will be explored to safeguard devices and data.
Target Audience:
The Microsoft 365 Endpoint Administrator is tasked with deploying, configuring, securing, managing, and monitoring devices and client applications within a corporate environment. Their responsibilities encompass managing identity, access, policies, updates, and apps. Collaborating with the M365 Enterprise Administrator, they develop and execute a device strategy aligned with the needs of a modern organization. Microsoft 365 Endpoint Administrators should possess extensive skills and experience in deploying, configuring, and maintaining both Windows 11 and later, as well as non-Windows devices. Their role emphasizes expertise in cloud services rather than on-premises management technologies.
4. Join Study Groups
Getting ready for exams becomes simpler when you become a part of online study communities. These communities connect you with experienced individuals who have faced similar challenges. It’s a chance to talk about any queries you may have regarding the test and get ready for the MD-102 exam. So, it’s not just about studying—it’s about learning from those who have already gone through the process. Being involved in these groups can greatly smooth out your exam journey!
5. Use Practice Tests
Practice tests are crucial for improving your understanding of the study material. By taking Microsoft MD-102 practice exams, you can pinpoint your strengths and areas that need more focus. It’s like getting a sneak peek into your study progress. Additionally, these tests boost your speed in answering questions, providing a significant advantage on the actual exam day. Once you’ve covered a substantial amount of material, incorporating these practice tests into your MD-102 exam preparation is a wise choice. It’s not just about practicing; it’s about making your study time highly effective. So, seize the opportunity and choose top-notch practice exams to excel in that certification test!