Exam MD-102: Endpoint Administrator
As a candidate for the Exam MD-102: Endpoint Administrator, you should be an expert in handling various tasks in a Microsoft 365 environment, such as setting up, configuring, securing, managing, and keeping an eye on devices and client applications. Your responsibilities include:
- Managing identity, security, access, policies, updates, and apps for endpoints.
- Putting in place solutions for deploying and managing endpoints efficiently, covering different operating systems, platforms, and device types.
- Scaling up the implementation and management of endpoints using tools like Microsoft Intune, Windows 365, Windows Autopilot, Microsoft Defender for Endpoint, and Microsoft Entra ID.
Working Areas:
As an endpoint administrator, collaboration is key. You’ll work with architects, Microsoft 365 administrators, security administrators, and other workload administrators to create and execute a modern workplace strategy that aligns with the organization’s business needs.
To excel in this role, you need hands-on experience with Microsoft Entra ID and Microsoft 365 technologies, including Intune. Strong skills and experience in deploying, configuring, and maintaining both Windows and non-Windows devices are essential for success in this field.
Exam Details
- The Microsoft MD-102 exam has 40-60 questions.
- These questions can be different, like scenarios where you pick one answer, multiple-choice questions, putting things in order, dragging and dropping, and marking for review.
- To pass, you need a score of 700 or higher.
- The exam is available in English, Chinese (Simplified), German, Spanish, French, Japanese, and Portuguese (Brazil).
- The exam cost is $165 USD.
Exam Course Outline
Preparing for the exam starts with understanding the course outline, serving as a guide to acquiring crucial skills and knowledge. Delving into the exam curriculum ensures a comprehensive grasp of the topics at hand. Now, let’s understand the key components of the MD-102 exam.
Prepare infrastructure for devices (25–30%)
Add devices to Microsoft Entra ID
- Choose an appropriate device join type
- Join devices to Microsoft Entra ID
- Register devices to Microsoft Entra ID
- Plan and implement groups for devices in Microsoft Entra ID
Enroll devices to Microsoft Intune
- Configure enrollment settings
- Configure automatic enrollment for Windows and bulk enrollment for iOS and Android
- Configure enrollment profiles for Android devices, including fully managed, dedicated, corporate owned, and work profile
Implement identity and compliance
- Manage roles in Intune
- Implement compliance policies for all supported device platforms by using Intune
- Implement Conditional Access policies that require a compliance status
- Configure Windows Hello for Business
- Implement and manage Local Administrative Passwords Solution (LAPS) for Microsoft Entra ID
- Manage the membership of local groups on Windows devices by using Intune
Manage and maintain devices (30–35%)
Deploy and upgrade Windows clients by using cloud-based tools
- Choose between Windows Autopilot and provisioning packages
- Choose a Windows Autopilot deployment mode
- Apply a device name template
- Implement Windows client deployment by using Windows Autopilot
- Create an Enrollment Status Page (ESP)
- Plan and implement provisioning packages
- Plan and implement device upgrades for Windows 11
- Implement a Windows 365 cloud PC deployment
Plan and implement device configuration profiles
- Create device configuration profiles for Windows devices, including importing ADMX files
- Create device configuration profiles for Android devices
- Create device configuration profiles for iOS devices
- Create device configuration profiles for Mac OS devices
- Create device configuration profiles for Enterprise multi-session devices
- Target a profile by using filters
Implement Intune Suite add-on capabilities
- Configure Endpoint Privilege Management
- Manage applications by using the Enterprise App Catalog
- Implement Microsoft Intune Advanced Analytics
- Configure Microsoft Intune Remote Help
- Identify use cases for Cloud PKI
- Implement Microsoft Tunnel for MAM
Perform remote actions on devices
- Sync, restart, retire, or wipe devices
- Perform bulk remote actions
- Update Windows Defender security intelligence
- Rotate BitLocker recovery keys
- Run a device query by using KQL
Manage applications (15–20%)
Deploy and update apps
- Prepare applications for deployment by using Intune
- Deploy apps by using Intune (Microsoft Documentation: Get started with your Microsoft Intune deployment)
- Deploy Microsoft 365 Apps by using Intune (Microsoft Documentation: Add Microsoft 365 Apps to Windows 10/11 devices with Microsoft Intune)
- Configure policies for Office apps (Microsoft Documentation: Policies for Office apps, App configuration policies for Microsoft Intune)
- Deploy Microsoft 365 Apps as part of a Windows Autopilot deployment by using the Microsoft Office Deployment Tool (ODT) or Office Customization Tool (OCT) (Microsoft Documentation: Overview of the Office Customization Tool, Overview of the Office Deployment Tool)
- Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center (Microsoft Documentation: Overview of the Microsoft 365 Apps admin center)
- Deploy apps from platform-specific app stores by using Intune (Microsoft Documentation: Add apps to Microsoft Intune, Windows 10/11 app deployment by using Microsoft Intune)
Plan and implement app protection and app configuration policies
- Plan and implement app protection policies (Microsoft Documentation: App protection policies overview)
- Manage app protection policies (Microsoft Documentation: App protection policies overview)
- Implement Conditional Access policies for app protection policies (Microsoft Documentation: Use app-based Conditional Access policies with Intune)
- Plan and implement app configuration policies for managed apps and managed devices (Microsoft Documentation: Add app configuration policies for managed iOS/iPadOS devices)
Protect devices (15–20%)
Configure endpoint security
- Create antivirus policies
- Create disk encryption policies
- Create firewall policies
- Configure Attack surface reduction policies
- Plan and implement security baselines
- Integrate Intune with Microsoft Defender for Endpoint
- Onboard devices to Microsoft Defender for Endpoint (Microsoft Documentation: Migrate to Microsoft Defender for Endpoint – Phase 3: Onboard)
Manage device updates by using Intune
- Plan for device updates (Microsoft Documentation: Plan for software updates in Configuration Manager)
- Create and manage update rings by using Intune (Microsoft Documentation: Update rings for Windows 10 and later policy in Intune)
- Create and manage update policies by using Intune, including iOS and Mac OS (Microsoft Documentation: Create a compliance policy in Microsoft Intune)
- Manage Android updates by using configuration profiles or firmware-over-the-air (FOTA) deployments (Microsoft Documentation: What’s new in Microsoft Intune)
- Configure Windows client delivery optimization by using Intune (Microsoft Documentation: Delivery Optimization settings in Microsoft Intune, Delivery Optimization settings for Windows devices in Intune)
- Monitor updates (Microsoft Documentation: Monitor software updates in Configuration Manager)
Exam MD-102: Endpoint Administrator FAQs
Exam Policies
All the info about the exam, like how it works, is in the Microsoft Certification exam policies. It’s important to follow these rules during the exam or when you’re at the test center. Let’s check out a couple of them:
- Retake: If you don’t pass the first time, wait for 24 hours before trying again. During this time, you can pick a new exam date on the certification dashboard. For the second try, there’s a 14-day wait. After the third attempt, there are 14-day waits between each try. You can only give it a shot five times a year, and the 12-month period starts from your first attempt.
- Changing Exam Date or Cancelling: If you need to change or cancel your exam, make sure to do it at least 24 hours before your scheduled time. If you do it less than 24 hours before, you’ll lose the money you paid for the exam. Also, if your company got a voucher for you, they might face penalties if you change or cancel with less than 24 hours’ notice.
Exam MD-102: Endpoint Administrator Study Guide
1. Get Familiar with the Exam Objectives
To begin preparing for the Microsoft MD-102 exam, it’s essential to understand the exam goals. These objectives delve into crucial topics that form the core of what you need to know. The exam assesses your technical skills in completing the following tasks:
- Deploy Windows client
- Manage identity and compliance
- Manage, maintain, and protect devices
- Manage applications
2. Use Microsoft Learning Paths
Microsoft offers special learning routes with study modules to prepare you for your exams. For a comprehensive guide and study materials for the MD-102 test, visit the official Microsoft website. The modules in this course not only enhance your understanding of the subjects but also guarantee success in the exams. Here’s what the learning path for the test involves:
Explore endpoint management:
For more: https://learn.microsoft.com/en-us/training/paths/explore-endpoint-management/
This learning path is crafted to offer a thorough grasp of enterprise desktops, various Windows editions, and Microsoft Entra ID. It involves exploring different Windows editions, and understanding their features and installation methods. The focus extends to Microsoft Entra ID, emphasizing both its similarities and differences with AD DS and the synchronization process between them. Additionally, learners will gain insights into effectively managing Microsoft Entra identities. In summary, this learning path provides the essential knowledge and skills needed to proficiently support enterprise desktops and handle Microsoft Entra identities.
Prerequisites:
- Robust technical skills in installing, maintaining, and troubleshooting Windows 10 OS or later.
- A solid understanding of computer networking, client security, and application concepts.
- Experience using Active Directory Domain Services.
Modules in this learning path:
- Explore the Enterprise Desktop
- Explore Windows Editions
- Understand Microsoft Entra ID
- Manage Microsoft Entra identities
Execute device enrollment:
For more: https://learn.microsoft.com/en-us/training/paths/execute-device-enrollment/
In this learning path, we’ll explore Microsoft Entra join and introduce you to Microsoft Endpoint Manager. Additionally, we’ll delve into configuring policies for enrolling devices to Configuration Manager and Microsoft Intune.
Prerequisites:
- Proficient technical skills in installing, maintaining, and troubleshooting the Windows 10 OS or later.
- Understanding of computer networking, client security, and application concepts.
- Prior experience using Active Directory Domain Services.
Modules in this learning path:
- Manage device authentication
- Enroll devices using Microsoft Configuration Manager
- Enroll devices using Microsoft Intune
Configure profiles for user and devices
For more: https://learn.microsoft.com/en-us/training/paths/configure-profiles-user-device/
In this learning path, we’ll delve into Intune device profiles, uncover the advantages of user profiles, and learn the process of synchronizing profile data across various devices.
Prerequisites:
- Proficient technical skills in installing, maintaining, and troubleshooting the Windows 10 OS or later.
- Understanding of computer networking, client security, and application concepts.
- Previous experience using Active Directory Domain Services.
Modules in this learning path:
- Execute device profiles
- Oversee device profiles
- Maintain user profiles
Examine application management:
For more: https://learn.microsoft.com/en-us/training/paths/examine-application-management/
In this course, participants will explore how to manage applications using both on-premises and cloud-based solutions.
Prerequisites:
- Proficient technical skills in installing, maintaining, and troubleshooting the Windows 10 OS or later.
- A solid understanding of computer networking, client security, and application concepts.
- Previous experience using Active Directory Domain Services.
Modules in this learning path:
- Execute mobile application management
- Deploy and update applications
- Administer endpoint applications
Manage authentication and compliance:
For more: https://learn.microsoft.com/en-us/training/paths/authentication-compliance/
This learning path explores the different options available for handling authentication. Participants will also gain knowledge about various types of VPNs, along with an understanding of compliance and conditional access policies.
Prerequisites:
- Proficient technical skills in installing, maintaining, and troubleshooting the Windows 10 OS or later.
- A solid understanding of computer networking, client security, and application concepts.
- Previous experience using Active Directory Domain Services.
Modules in this learning path:
- Protect identities in Microsoft Entra ID
- Enable organizational access
- Implement device compliance
- Generate inventory and compliance reports
Manage endpoint security:
For more: https://learn.microsoft.com/en-us/training/paths/manage-endpoint-security/
This learning path will teach students about safeguarding data and protecting endpoints from potential threats. Additionally, the course will delve into the essential features of Microsoft Defender solutions.
Prerequisites:
- Proficient technical skills in installing, maintaining, and troubleshooting the Windows 10 OS or later.
- A solid understanding of computer networking, client security, and application concepts.
- Previous experience using Active Directory Domain Services.
Modules in this learning path:
- Deploy device data protection
- Manage Microsoft Defender for Endpoint
- Manage Microsoft Defender in Windows client
- Manage Microsoft Defender for Cloud Apps
Deploy using on-premises based tools:
For more: https://learn.microsoft.com/en-us/training/paths/deploy-on-premise-based-tools/
In this course, students will be introduced to deployment methods using both the Microsoft Deployment Toolkit and Configuration Manager.
Prerequisites:
- Proficient technical skills in installing, maintaining, and troubleshooting the Windows 10 OS or later.
- A solid understanding of computer networking, client security, and application concepts.
- Previous experience using Active Directory Domain Services.
Modules in this learning path:
- Assess deployment readiness
- Deploy using the Microsoft Deployment Toolkit
- Deploy using Microsoft Configuration Manager
Deploy using cloud based tools:
For more: https://learn.microsoft.com/en-us/training/paths/deploy-cloud-based-tools/
In this course, students will explore the utilization of Windows Autopilot and deployment through Microsoft Intune. The curriculum will also cover how co-management can facilitate the shift to modern management.
Prerequisites:
- Proficient technical skills in installing, maintaining, and troubleshooting the Windows 10 OS or later.
- A solid understanding of computer networking, client security, and application concepts.
- Previous experience using Active Directory Domain Services.
Modules in this learning path:
- Deploy Devices using Windows Autopilot
- Implement dynamic deployment methods
- Plan a transition to modern endpoint management
- Manage Windows 365
- Manage Azure Virtual Desktop
3. Instructor-led Training
In this course, students will gain knowledge and skills to plan and implement an endpoint deployment strategy using modern deployment techniques and update strategies. The curriculum introduces crucial elements of modern management, co-management approaches, and integration with Microsoft Intune. Topics covered include app deployment, managing browser-based applications, and key security concepts like authentication, identities, access, and compliance policies. Technologies such as Microsoft Entra ID, Azure Information Protection, and Microsoft Defender for Endpoint will be explored to safeguard devices and data.
Target Audience:
The Microsoft 365 Endpoint Administrator is tasked with deploying, configuring, securing, managing, and monitoring devices and client applications within a corporate environment. Their responsibilities encompass managing identity, access, policies, updates, and apps. Collaborating with the M365 Enterprise Administrator, they develop and execute a device strategy aligned with the needs of a modern organization. Microsoft 365 Endpoint Administrators should possess extensive skills and experience in deploying, configuring, and maintaining both Windows 11 and later, as well as non-Windows devices. Their role emphasizes expertise in cloud services rather than on-premises management technologies.
4. Join Study Groups
Getting ready for exams becomes simpler when you become a part of online study communities. These communities connect you with experienced individuals who have faced similar challenges. It’s a chance to talk about any queries you may have regarding the test and get ready for the MD-102 exam. So, it’s not just about studying—it’s about learning from those who have already gone through the process. Being involved in these groups can greatly smooth out your exam journey!
5. Use Practice Tests
Practice tests are crucial for improving your understanding of the study material. By taking Microsoft MD-102 practice exams, you can pinpoint your strengths and areas that need more focus. It’s like getting a sneak peek into your study progress. Additionally, these tests boost your speed in answering questions, providing a significant advantage on the actual exam day. Once you’ve covered a substantial amount of material, incorporating these practice tests into your MD-102 exam preparation is a wise choice. It’s not just about practicing; it’s about making your study time highly effective. So, seize the opportunity and choose top-notch practice exams to excel in that certification test!