Study guide for Exam MD-102: Endpoint Administrator

  • Article

Purpose of this document

This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.

Useful links Description
Review the skills measured as of April 26, 2024 This list represents the skills measured AFTER the date provided. Study this list if you plan to take the exam AFTER that date.
Review the skills measured prior to April 26, 2024 Study this list of skills if you take your exam PRIOR to the date provided.
Change log You can go directly to the change log if you want to see the changes that will be made on the date provided.
How to earn the certification Some certifications only require passing one exam, while others require passing multiple exams.
Certification renewal Microsoft associate, expert, and specialty certifications expire annually. You can renew by passing a free online assessment on Microsoft Learn.
Your Microsoft Learn profile Connecting your certification profile to Microsoft Learn allows you to schedule and renew exams and share and print certificates.
Exam scoring and score reports A score of 700 or greater is required to pass.
Exam sandbox You can explore the exam environment by visiting our exam sandbox.
Request accommodations If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an accommodation.
Take a free Practice Assessment Test your skills with practice questions to help you prepare for the exam.

Updates to the exam

Our exams are updated periodically to reflect skills that are required to perform a role. We have included two versions of the Skills Measured objectives depending on when you are taking the exam.

We always update the English language version of the exam first. Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. While Microsoft makes every effort to update localized versions as noted, there may be times when the localized versions of an exam are not updated on this schedule. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn't available in your preferred language, you can request an additional 30 minutes to complete the exam.

Note

The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.

Note

Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Skills measured as of April 26, 2024

Audience profile

As a candidate for this exam, you have subject matter expertise deploying, configuring, protecting, managing, and monitoring devices and client applications in a Microsoft 365 environment. You’re responsible for:

  • Managing identity, security, access, policies, updates, and apps for endpoints.

  • Implementing solutions for efficient deployment and management of endpoints on various operating systems, platforms, and device types.

  • Implementing and managing endpoints at scale by using Microsoft Intune, Windows 365, Windows Autopilot, Microsoft Defender for Endpoint, and Microsoft Entra ID.

As an endpoint administrator, you collaborate with architects, Microsoft 365 administrators, security administrators, and other workload administrators to plan and implement a modern workplace strategy that meets the business needs of an organization.

You must have experience with Microsoft Entra ID and Microsoft 365 technologies, including Intune, as well as strong skills and experience in deploying, configuring, and maintaining Windows client and non-Windows devices.

Skills at a glance

  • Deploy Windows client (20–25%)

  • Manage identity and compliance (15–20%)

  • Manage, maintain, and protect devices (40–45%)

  • Manage applications (15–20%)

Deploy Windows client (20–25%)

Prepare for a Windows client deployment

  • Select a deployment tool based on requirements

  • Choose between migrate and rebuild

  • Choose an imaging and/or provisioning strategy

  • Select a Windows edition based on requirements

  • Implement subscription-based activation

  • Deploy Windows 365

Plan and implement a Windows client deployment by using Windows Autopilot

  • Configure device registration for Autopilot

  • Create, validate, and assign deployment profiles

  • Set up the Enrollment Status Page (ESP)

  • Deploy Windows devices by using Autopilot

  • Troubleshoot an Autopilot deployment

Configure remote management

  • Configure Remote Help in Intune

  • Configure Remote Desktop on a Windows client

  • Configure the Windows Admin Center

  • Configure PowerShell remoting and Windows Remote Management (WinRM)

Manage identity and compliance (15–20%)

Manage identity

  • Implement user authentication on Windows devices, including Windows Hello for Business, passwordless, and tokens

  • Manage role-based access control (RBAC) for Intune

  • Register devices in and join devices to Microsoft Entra

  • Implement the Intune Connector for Active Directory

  • Manage the membership of local groups on Windows devices

  • Implement and manage Local Administrative Passwords Solution (LAPS) for Microsoft Entra

Implement compliance policies for all supported device platforms by using Intune

  • Specify compliance policies to meet requirements

  • Implement compliance policies

  • Implement Conditional Access policies that require a compliance status

  • Manage notifications for compliance policies

  • Monitor device compliance

  • Troubleshoot compliance policies

Manage, maintain, and protect devices (40–45%)

Manage the device lifecycle in Intune

  • Configure enrollment settings

  • Configure automatic and bulk enrollment, including Windows, iOS, and Android

  • Configure policy sets

  • Restart, retire, or wipe devices

Manage device configuration for all supported device platforms by using Intune

  • Specify configuration profiles to meet requirements

  • Implement configuration profiles

  • Monitor and troubleshoot configuration profiles

  • Configure and implement Windows kiosk mode

  • Configure and implement profiles on Android devices, including fully managed, dedicated, corporate owned, and work profile

  • Plan and implement Microsoft Tunnel for Intune

Monitor devices

  • Monitor devices by using Intune

  • Monitor devices by using Azure Monitor

  • Analyze and respond to issues identified in Endpoint analytics and Adoption Score

Manage device updates for all supported device platforms by using Intune

  • Plan for device updates

  • Create and manage update policies by using Intune

  • Manage Android updates by using configuration profiles

  • Monitor updates

  • Troubleshoot updates in Intune

  • Configure Windows client delivery optimization by using Intune

  • Create and manage update rings by using Intune

Implement endpoint protection for all supported device platforms

  • Implement and manage security baselines in Intune

  • Create and manage configuration policies for Endpoint security including antivirus, encryption, firewall, endpoint detection and response (EDR), and attack surface reduction (ASR)

  • Onboard devices to Microsoft Defender for Endpoint

  • Implement automated response capabilities in Microsoft Defender for Endpoint

  • Review and respond to device issues identified in the Microsoft Defender Vulnerability Management dashboard

Manage applications (15–20%)

Deploy and update apps for all supported device platforms

  • Deploy apps by using Intune

  • Configure Microsoft 365 Apps deployment by using the Microsoft Office Deployment Tool or Office Customization Tool (OCT)

  • Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center

  • Deploy Microsoft 365 Apps by using Intune

  • Configure policies for Office apps by using Group Policy or Intune

  • Deploy apps from platform-specific app stores by using Intune

Plan and implement app protection and app configuration policies

  • Plan and implement app protection policies for iOS and Android

  • Manage app protection policies

  • Implement Conditional Access policies for app protection policies

  • Plan and implement app configuration policies for managed apps and managed devices

  • Manage app configuration policies

Study resources

We recommend that you train and get hands-on experience before you take the exam. We offer self-study options and classroom training as well as links to documentation, community sites, and videos.

Study resources Links to learning and documentation
Get trained Choose from self-paced learning paths and modules or take an instructor-led course
Find documentation Windows Documentation
Windows client documentation for IT Pros
Configure Windows client
Windows client deployment resources and documentation
Manage Windows client
Windows security
Windows Autopilot documentation
Microsoft Intune documentation
Microsoft Endpoint Manager documentation
Windows application management
Ask a question Microsoft Q&A | Microsoft Docs
Get community support Windows - Microsoft Tech Community
Follow Microsoft Learn Microsoft Learn - Microsoft Tech Community
Find a video Exam Readiness Zone
Browse other Microsoft Learn shows

Change log

Key to understanding the table: The topic groups (also known as functional groups) are in bold typeface followed by the objectives within each group. The table is a comparison between the two versions of the exam skills measured and the third column describes the extent of the changes.

Skill area prior to April 26, 2024 Skill area as of April 26, 2024 Change
Audience profile No change
Deploy Windows client Deploy Windows client % of exam decreased
Prepare for a Windows client deployment Prepare for a Windows client deployment No change
Plan and implement Windows client deployment by using Windows Autopilot Plan and implement Windows client deployment by using Windows Autopilot No change
Plan and implement a Windows client deployment by using Microsoft Deployment Toolkit (MDT) Deleted
Configure remote management Configure remote management No change
Manage identity and compliance Manage identity and compliance No change
Manage identity Manage identity No change
Implement compliance policies for all supported device platforms by using Intune Implement compliance policies for all supported device platforms by using Intune No change
Manage, maintain, and protect devices Manage, maintain, and protect devices No change
Manage device lifecycle in Intune Manage device lifecycle in Intune No change
Manage device configuration for all supported device platforms by using Intune Manage device configuration for all supported device platforms by using Intune No change
Monitor devices Monitor devices No change
Manage device updates for all supported device platforms by using Intune Manage device updates for all supported device platforms by using Intune No change
Implement endpoint protection for all supported device platforms Implement endpoint protection for all supported device platforms No change
Manage applications Manage applications % of exam increased
Deploy and update apps for all supported device platforms Deploy and update apps for all supported device platforms No change
Plan and implement app protection and app configuration policies Plan and implement app protection and app configuration policies No change

Skills measured prior to April 26, 2024

Audience profile

As a candidate for this exam, you have subject matter expertise deploying, configuring, protecting, managing, and monitoring devices and client applications in a Microsoft 365 environment. You’re responsible for:

  • Managing identity, security, access, policies, updates, and apps for endpoints.

  • Implementing solutions for efficient deployment and management of endpoints on various operating systems, platforms, and device types.

  • Implementing and managing endpoints at scale by using Microsoft Intune, Windows 365, Windows Autopilot, Microsoft Defender for Endpoint, and Microsoft Entra ID.

As an endpoint administrator, you collaborate with architects, Microsoft 365 administrators, security administrators, and other workload administrators to plan and implement a modern workplace strategy that meets the business needs of an organization.

You must have experience with Microsoft Entra ID and Microsoft 365 technologies, including Intune, as well as strong skills and experience in deploying, configuring, and maintaining Windows client and non-Windows devices.

Skills at a glance

  • Deploy Windows client (25–30%)

  • Manage identity and compliance (15–20%)

  • Manage, maintain, and protect devices (40–45%)

  • Manage applications (10–15%)

Deploy Windows client (25–30%)

Prepare for a Windows client deployment

  • Select a deployment tool based on requirements

  • Choose between migrate and rebuild

  • Choose an imaging and/or provisioning strategy

  • Select a Windows edition based on requirements

  • Implement subscription-based activation

  • Deploy Windows 365

Plan and implement a Windows client deployment by using Windows Autopilot

  • Configure device registration for Autopilot

  • Create, validate, and assign deployment profiles

  • Set up the Enrollment Status Page (ESP)

  • Deploy Windows devices by using Autopilot

  • Troubleshoot an Autopilot deployment

Plan and implement a Windows client deployment by using the Microsoft Deployment Toolkit (MDT)

  • Plan and implement an MDT deployment infrastructure

  • Create, manage, and deploy images

  • Monitor and troubleshoot a deployment

  • Plan and configure user state migration

Configure remote management

  • Configure Remote Help in Intune

  • Configure Remote Desktop on a Windows client

  • Configure the Windows Admin Center

  • Configure PowerShell remoting and Windows Remote Management (WinRM)

Manage identity and compliance (15–20%)

Manage identity

  • Implement user authentication on Windows devices, including Windows Hello for Business, passwordless, and tokens

  • Manage role-based access control (RBAC) for Intune

  • Register devices in and join devices to Microsoft Entra

  • Implement the Intune Connector for Active Directory

  • Manage the membership of local groups on Windows devices

  • Implement and manage Local Administrative Passwords Solution (LAPS) for Microsoft Entra

Implement compliance policies for all supported device platforms by using Intune

  • Specify compliance policies to meet requirements

  • Implement compliance policies

  • Implement Conditional Access policies that require a compliance status

  • Manage notifications for compliance policies

  • Monitor device compliance

  • Troubleshoot compliance policies

Manage, maintain, and protect devices (40–45%)

Manage the device lifecycle in Intune

  • Configure enrollment settings

  • Configure automatic and bulk enrollment, including Windows, iOS, and Android

  • Configure policy sets

  • Restart, retire, or wipe devices

Manage device configuration for all supported device platforms by using Intune

  • Specify configuration profiles to meet requirements

  • Implement configuration profiles

  • Monitor and troubleshoot configuration profiles

  • Configure and implement Windows kiosk mode

  • Configure and implement profiles on Android devices, including fully managed, dedicated, corporate owned, and work profile

  • Plan and implement Microsoft Tunnel for Intune

Monitor devices

  • Monitor devices by using Intune

  • Monitor devices by using Azure Monitor

  • Analyze and respond to issues identified in Endpoint analytics and Adoption Score

Manage device updates for all supported device platforms by using Intune

  • Plan for device updates

  • Create and manage update policies by using Intune

  • Manage Android updates by using configuration profiles

  • Monitor updates

  • Troubleshoot updates in Intune

  • Configure Windows client delivery optimization by using Intune

  • Create and manage update rings by using Intune

Implement endpoint protection for all supported device platforms

  • Implement and manage security baselines in Intune

  • Create and manage configuration policies for Endpoint security including antivirus, encryption, firewall, endpoint detection and response (EDR), and attack surface reduction (ASR)

  • Onboard devices to Microsoft Defender for Endpoint

  • Implement automated response capabilities in Microsoft Defender for Endpoint

  • Review and respond to device issues identified in the Microsoft Defender Vulnerability Management dashboard

Manage applications (10–15%)

Deploy and update apps for all supported device platforms

  • Deploy apps by using Intune

  • Configure Microsoft 365 Apps deployment by using the Microsoft Office Deployment Tool or Office Customization Tool (OCT)

  • Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center

  • Deploy Microsoft 365 Apps by using Intune

  • Configure policies for Office apps by using Group Policy or Intune

  • Deploy apps from platform-specific app stores by using Intune

Plan and implement app protection and app configuration policies

  • Plan and implement app protection policies for iOS and Android

  • Manage app protection policies

  • Implement Conditional Access policies for app protection policies

  • Plan and implement app configuration policies for managed apps and managed devices

  • Manage app configuration policies