Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Purpose of this document
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
| Useful links | Description |
|---|---|
| Certification renewal | Microsoft associate, expert, and specialty certifications expire annually. You can renew by passing a free online assessment on Microsoft Learn. |
| Your Microsoft Learn profile | Connecting your certification profile to Microsoft Learn allows you to schedule and renew exams and share and print certificates. |
| Exam scoring and score reports | A score of 700 or greater is required to pass. |
| Exam sandbox | You can explore the exam environment by visiting our exam sandbox. |
| Request accommodations | If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an accommodation. |
| Take a free Practice Assessment | Test your skills with practice questions to help you prepare for the exam. |
Updates to the exam
Our exams are updated periodically to reflect skills that are required to perform a role. We have included two versions of the Skills Measured objectives depending on when you are taking the exam.
We always update the English language version of the exam first. Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. While Microsoft makes every effort to update localized versions as noted, there may be times when the localized versions of an exam are not updated on this schedule. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn't available in your preferred language, you can request an additional 30 minutes to complete the exam.
Note
The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
Note
Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.
Skills measured as of July 24, 2026
Audience profile
As a candidate for this exam, you have subject matter expertise managing devices and client applications in a Microsoft 365 tenant by using Microsoft Intune and agentic tools and workflows. You’re responsible for:
Implementing solutions for efficient deployment and management of endpoints on various platforms and device types
Implementing and managing endpoints at scale by using Microsoft Intune, Microsoft Intune Suite, Windows Autopilot, Microsoft Defender for Endpoint, Microsoft Entra ID, PowerShell, Microsoft Graph, and Windows 365
Implementing identity, security, access, policies, updates, and apps for endpoints
Optimizing endpoint operations through automation, monitoring, and reporting
As an endpoint administrator, you collaborate with architects, Microsoft 365 administrators, security administrators, and other workload administrators to plan and implement a modern workplace strategy that meets the business needs of an organization.
You must have experience with Microsoft Entra ID and Microsoft 365 technologies, including Intune, as well as strong skills and experience in deploying, configuring, and maintaining Windows client and non-Windows devices. You should also have an understanding of Microsoft Security Copilot, Intune agents, and Microsoft Defender XDR.
Skills at a glance
Prepare infrastructure for devices (20–25%)
Manage and maintain devices (25–30%)
Protect devices (15–20%)
Manage and secure applications (15–20%)
Optimize endpoint operations by using automation, monitoring, and reporting (10–15%)
Prepare infrastructure for devices (20–25%)
Add devices to Microsoft Entra ID
Choose an appropriate device join type, including considerations such as device registration and Microsoft Entra join
Join devices to Microsoft Entra ID
Register devices to Microsoft Entra ID
Plan and implement groups for devices in Microsoft Entra ID, including dynamic group membership rules
Enroll devices to Microsoft Intune
Configure enrollment settings in Microsoft Intune
Configure automatic enrollment for Windows
Configure personal enrollment for macOS, iOS, iPadOS
Configure enrollment profiles for Android devices, including fully managed, dedicated, corporate owned, work profile, enrollment restrictions and troubleshooting enrollment failures
Configure corporate enrollment for macOS and iOS devices by integrating Intune with Apple Business Manager
Configure enrollment for Android devices by integrating Intune with Samsung Knox Mobile Enrollment or Google Zero Touch
Implement identity and compliance
Manage built-in and custom roles for Intune and Windows 365, including role assignments
Configure scope tags and scoped administration for multi-admin environments
Implement and manage multi-admin approval
Implement compliance policies for all supported device platforms by using Intune
Implement Microsoft Entra Conditional Access policies that require a compliance status
Configure Windows Hello for Business by using Intune
Implement and manage Windows Local Administrator Password Solution (Windows LAPS) by using Microsoft Intune and Microsoft Entra ID
Manage the membership of local groups on Windows devices by using Intune
Manage and maintain devices (25–30%)
Deploy and upgrade Windows clients by using cloud-based tools
Choose between Windows Autopilot deployment profiles and device preparation policies
Choose between Windows Autopilot deployment modes, including user-driven, pre-provisioning, and self-deploying
Apply a device name template by using Windows Autopilot
Implement Windows client deployment by using Windows Autopilot
Create an Enrollment Status Page (ESP)
Plan and implement device upgrades for Windows 11 by using Intune
Provision and configure Windows 365 Cloud PCs by using Intune, including provisioning policies, network connections, and image management
Implement Windows Backup and Restore by using Intune
Plan and implement device configuration profiles
Create device configuration profiles for Windows devices, including importing ADMX files and using Group Policy analytics
Create device configuration profiles for Android devices
Create device configuration profiles for iOS/iPadOS devices
Create device configuration profiles for macOS devices
Create device configuration profiles for specialty devices, including Teams Rooms, HoloLens 2, and Zebra
Target a profile by using assignment filters and enrollment time grouping
Implement Intune Suite add-on capabilities
Configure Endpoint Privilege Management including configuring elevation policies, monitoring elevated actions, and adjusting EPM settings
Manage applications by using the Enterprise App Catalog
Configure Microsoft Intune Remote Help
Plan and implement Microsoft Cloud PKI, including setting up cloud-based PKI, automating certificate issuance, and monitoring certificate health
Implement Microsoft Tunnel for Mobile Application Management, including configuring Tunnel Gateway, extending support to MAM devices, and monitoring tunnel connections
Implement Microsoft Intune Advanced Analytics, including anomaly detection, proactive insights, and risk-based policy recommendations
Perform remote actions on devices
Sync, restart, retire, or wipe devices
Perform bulk remote actions
Update Microsoft Defender Antivirus security intelligence
Rotate BitLocker recovery keys
Rotate locate administrator passwords
Run a device query by using KQL
Collect device diagnostics and logs by using Microsoft Intune, including using the Troubleshooting blade for user-based diagnostics
Protect devices (15–20%)
Configure endpoint security
Create antivirus policies by using Microsoft Intune
Create and manage disk encryption policies by using Microsoft Intune, including managing BitLocker recovery keys, configuring user self-service recovery, and monitoring encryption compliance status
Create firewall policies by using Microsoft Intune
Configure Attack surface reduction policies by using Microsoft Intune, including applying Zero Trust principles for endpoint protection
Plan and implement security baselines by using Microsoft Intune
Integrate Intune with Microsoft Defender for Endpoint, including configuring Endpoint Detection and Response (EDR) policies, investigating endpoint threats, and triaging incidents
Onboard devices into Microsoft Defender for Endpoint
Configure App Control for Business policies by using Microsoft Intune
Manage device updates
Plan for device updates by using Intune
Create and manage update rings, feature updates, and quality updates for Windows devices by using Intune
Implement Windows Autopatch and configure Hotpatch policies
Create and manage update policies for iOS/iPadOS and macOS devices by using the Settings Catalog in Microsoft Intune
Manage Android updates by using configuration profiles or firmware-over-the-air (FOTA) deployments
Configure Windows client Delivery Optimization by using Intune
Monitor device updates by using Intune
Manage and secure applications (15–20%)
Deploy and update apps
Prepare applications for deployment by using Intune
Deploy apps by using Intune, including Win32 apps, line-of-business (LOB) apps, and Microsoft Store apps
Configure Quiet Time policies for Android and iOS apps
Deploy Microsoft 365 Apps by using Intune
Configure policies for Office apps by using Microsoft Intune or the Microsoft 365 Apps admin center
Deploy Microsoft 365 Apps as part of a Windows Autopilot deployment, including using the Office Deployment Tool (ODT) or Microsoft Intune
Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center
Deploy apps from platform-specific app stores by using Intune, including Apple Volume Purchase Program and Google Play
Monitor app deployment status and troubleshoot installation failures by using Microsoft Intune
Plan and implement app protection and app configuration policies
Plan and implement app protection policies for managed and unmanaged (BYOD) devices by using Microsoft Intune
Implement Microsoft Entra Conditional Access policies for app protection policies
Plan and implement app configuration policies for managed apps and managed devices
Optimize endpoint operations by using automation, monitoring, and reporting (10–15%)
Automate management tasks
Automate Intune management tasks by using PowerShell and Microsoft Graph
Investigate threats identified by Security Copilot agents in Intune
Analyze device performance by using Security Copilot agents in Intune
Review and respond to Security Copilot agent recommendations to make management decisions
Extend device compliance by using PowerShell
Monitor and optimize health
Implement reporting and data visibility in Microsoft Intune, including customizing reports and filters, using workbooks and dashboards, and exporting reporting data
Monitor endpoint performance by using Endpoint Analytics, including proactive remediations, device health scores, and app startup performance
Configure and manage proactive remediation scripts, including detecting and fixing common device issues, and scheduling remediation runs
Analyze endpoint reliability and user experience scores, including startup performance, restart frequency, and application reliability metrics
Monitor tenant health and Intune service communications, including reviewing service health dashboards, message center notifications, and establishing operational baselines
Configure alerts and notifications for policy and compliance changes, including setting up alert rules for compliance drift, enrollment failures, and configuration conflicts
Study resources
We recommend that you train and get hands-on experience before you take the exam. We offer self-study options and classroom training as well as links to documentation, community sites, and videos.
| Study resources | Links to learning and documentation |
|---|---|
| Get trained | Choose from self-paced learning paths and modules or take an instructor-led course |
| Find documentation | Windows Documentation Windows client documentation for IT Pros Configure Windows client Windows client deployment resources and documentation Manage Windows client Windows security Windows Autopilot documentation Microsoft Intune documentation Microsoft Endpoint Manager documentation Windows application management |
| Ask a question | Microsoft Q&A | Microsoft Docs |
| Get community support | Windows - Microsoft Tech Community |
| Follow Microsoft Learn | Microsoft Learn - Microsoft Tech Community |
| Find a video | Exam Readiness Zone Browse other Microsoft Learn shows |
Change log
The table below summarizes the changes between the current and previous version of the skills measured. The functional groups are in bold typeface followed by the objectives within each group. The table is a comparison between the previous and current version of the exam skills measured and the third column describes the extent of the changes.
| Skill area prior to July 24, 2026 | Skill area as of July 24, 2026 | Change |
|---|---|---|
| Audience profile | Minor | |
| Prepare infrastructure for devices | Prepare infrastructure for devices | % of the exam increased |
| Add devices to Microsoft Entra | Add devices to Microsoft Entra ID | Minor |
| Enroll devices to Microsoft Intune | Enroll devices to Microsoft Intune | Major |
| Implement identity and compliance | Implement identity and compliance | Minor |
| Manage and maintain devices | Manage and maintain devices | % of the exam decreased |
| Deploy and upgrade Windows clients by using cloud-based tools | Deploy and upgrade Windows clients by using cloud-based tools | Major |
| Plan and implement device configuration profiles | Plan and implement device configuration profiles | Minor |
| Implement Intune Suite add-on capabilities | Implement Intune Suite add-on capabilities | Minor |
| Perform remote actions on devices | Perform remote actions on devices | Major |
| Manage applications | Manage and secure applications | No change |
| Deploy and update apps | Deploy and update apps | Minor |
| Plan and implement app protection and app configuration policies | Plan and implement app protection and app configuration policies | Minor |
| Protect devices | Protect devices | No change |
| Configure endpoint security | Configure endpoint security | Major |
| Manage device updates by using Intune | Manage device updates | Minor |
| Optimize endpoint operations by using automation, monitoring, and reporting | New | |
| Automate management tasks | New | |
| Monitor and optimize health | New |