Study guide for Exam MD-102: Endpoint Administrator
Purpose of this document
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
| Useful links | Description |
|---|---|
| Review the skills measured as of September 17, 2024 | This list represents the skills measured AFTER the date provided. Study this list if you plan to take the exam AFTER that date. |
| Review the skills measured prior to September 17, 2024 | Study this list of skills if you take your exam PRIOR to the date provided. |
| Change log | You can go directly to the change log if you want to see the changes that will be made on the date provided. |
| How to earn the certification | Some certifications only require passing one exam, while others require passing multiple exams. |
| Certification renewal | Microsoft associate, expert, and specialty certifications expire annually. You can renew by passing a free online assessment on Microsoft Learn. |
| Your Microsoft Learn profile | Connecting your certification profile to Microsoft Learn allows you to schedule and renew exams and share and print certificates. |
| Exam scoring and score reports | A score of 700 or greater is required to pass. |
| Exam sandbox | You can explore the exam environment by visiting our exam sandbox. |
| Request accommodations | If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an accommodation. |
| Take a free Practice Assessment | Test your skills with practice questions to help you prepare for the exam. |
Updates to the exam
Our exams are updated periodically to reflect skills that are required to perform a role. We have included two versions of the Skills Measured objectives depending on when you are taking the exam.
We always update the English language version of the exam first. Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. While Microsoft makes every effort to update localized versions as noted, there may be times when the localized versions of an exam are not updated on this schedule. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn't available in your preferred language, you can request an additional 30 minutes to complete the exam.
Note
The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
Note
Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.
Skills measured as of September 17, 2024
Audience profile
As a candidate for this exam, you have subject matter expertise managing devices and client applications in a Microsoft 365 tenant by using Microsoft Intune. You’re responsible for:
Implementing solutions for efficient deployment and management of endpoints on various operating systems, platforms, and device types.
Implementing and managing endpoints at scale by using Microsoft Intune, Microsoft Intune Suite, Windows Autopilot, Microsoft Copilot for Security, Microsoft Defender for Endpoint, Microsoft Entra ID, Azure Virtual Desktop, and Windows 365.
Implementing identity, security, access, policies, updates, and apps for endpoints.
As an endpoint administrator, you collaborate with architects, Microsoft 365 administrators, security administrators, and other workload administrators to plan and implement a modern workplace strategy that meets the business needs of an organization.
You must have experience with Microsoft Entra ID and Microsoft 365 technologies, including Intune, as well as strong skills and experience in deploying, configuring, and maintaining Windows client and non-Windows devices.
Skills at a glance
Prepare infrastructure for devices (25–30%)
Manage and maintain devices (30–35%)
Manage applications (15–20%)
Protect devices (15–20%)
Prepare infrastructure for devices (25–30%)
Add devices to Microsoft Entra ID
Choose an appropriate device join type
Join devices to Microsoft Entra ID
Register devices to Microsoft Entra ID
Plan and implement groups for devices in Microsoft Entra ID
Enroll devices to Microsoft Intune
Configure enrollment settings
Configure automatic enrollment for Windows and bulk enrollment for iOS and Android
Configure enrollment profiles for Android devices, including fully managed, dedicated, corporate owned, and work profile
Implement identity and compliance
Manage roles in Intune
Implement compliance policies for all supported device platforms by using Intune
Implement Conditional Access policies that require a compliance status
Configure Windows Hello for Business
Implement and manage Local Administrative Passwords Solution (LAPS) for Microsoft Entra ID
Manage the membership of local groups on Windows devices by using Intune
Manage and maintain devices (30–35%)
Deploy and upgrade Windows clients by using cloud-based tools
Choose between Windows Autopilot and provisioning packages
Choose a Windows Autopilot deployment mode
Apply a device name template
Implement Windows client deployment by using Windows Autopilot
Create an Enrollment Status Page (ESP)
Plan and implement provisioning packages
Plan and implement device upgrades for Windows 11
Implement a Windows 365 cloud PC deployment
Plan and implement device configuration profiles
Create device configuration profiles for Windows devices, including importing ADMX files
Create device configuration profiles for Android devices
Create device configuration profiles for iOS devices
Create device configuration profiles for Mac OS devices
Create device configuration profiles for Enterprise multi-session devices
Target a profile by using filters
Implement Intune Suite add-on capabilities
Configure Endpoint Privilege Management
Manage applications by using the Enterprise App Catalog
Implement Microsoft Intune Advanced Analytics
Configure Microsoft Intune Remote Help
Identify use cases for Cloud PKI
Implement Microsoft Tunnel for MAM
Perform remote actions on devices
Sync, restart, retire, or wipe devices
Perform bulk remote actions
Update Windows Defender security intelligence
Rotate BitLocker recovery keys
Run a device query by using KQL
Manage applications (15–20%)
Deploy and update apps
Prepare applications for deployment by using Intune
Deploy apps by using Intune
Deploy Microsoft 365 Apps by using Intune
Configure policies for Office apps
Deploy Microsoft 365 Apps as part of a Windows Autopilot deployment by using the Microsoft Office Deployment Tool (ODT) or Office Customization Tool (OCT)
Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center
Deploy apps from platform-specific app stores by using Intune
Plan and implement app protection and app configuration policies
Plan and implement app protection policies
Implement Conditional Access policies for app protection policies
Plan and implement app configuration policies for managed apps and managed devices
Protect devices (15–20%)
Configure endpoint security
Create antivirus policies
Create disk encryption policies
Create firewall policies
Configure Attack surface reduction policies
Plan and implement security baselines
Integrate Intune with Microsoft Defender for Endpoint
Onboard devices into Microsoft Defender for Endpoint
Manage device updates by using Intune
Plan for device updates
Create and manage update rings by using Intune
Create and manage update policies by using Intune, including iOS and Mac OS
Manage Android updates by using configuration profiles or firmware-over-the-air (FOTA) deployments
Configure Windows client delivery optimization by using Intune
Monitor updates
Study resources
We recommend that you train and get hands-on experience before you take the exam. We offer self-study options and classroom training as well as links to documentation, community sites, and videos.
| Study resources | Links to learning and documentation |
|---|---|
| Get trained | Choose from self-paced learning paths and modules or take an instructor-led course |
| Find documentation | Windows Documentation Windows client documentation for IT Pros Configure Windows client Windows client deployment resources and documentation Manage Windows client Windows security Windows Autopilot documentation Microsoft Intune documentation Microsoft Endpoint Manager documentation Windows application management |
| Ask a question | Microsoft Q&A | Microsoft Docs |
| Get community support | Windows - Microsoft Tech Community |
| Follow Microsoft Learn | Microsoft Learn - Microsoft Tech Community |
| Find a video | Exam Readiness Zone Browse other Microsoft Learn shows |
Change log
Key to understanding the table: The topic groups (also known as functional groups) are in bold typeface followed by the objectives within each group. The table is a comparison between the two versions of the exam skills measured and the third column describes the extent of the changes.
| Skill area prior to September 17, 2024 | Skill area as of September 17, 2024 | Change |
|---|---|---|
| Audience profile | Major | |
| Deploy Windows client | Deleted | |
| Prepare for a Windows client deployment | Deleted | |
| Plan and implement Windows client deployment by using Windows Autopilot | Removed | |
| Configure remote management | Deleted | |
| Prepare infrastructure for devices | New | |
| Add devices to Microsoft Entra ID | New | |
| Enroll devices to Microsoft Intune | New | |
| Implement identity and compliance | Added | |
| Manage identity and compliance | Deleted | |
| Manage identity | Removed | |
| Implement compliance policies for all supported device platforms by using Intune | Removed | |
| Manage and maintain devices | Added | |
| Deploy and upgrade Windows clients by using cloud-based tools | Added | |
| Plan and implement device configuration profiles | Added | |
| Implement Intune Suite add-on capabilities | New | |
| Perform remote actions on devices | New | |
| Manage, maintain, and protect devices | Removed | |
| Manage device lifecycle in Intune | Deleted | |
| Manage device configuration for all supported device platforms by using Intune | Removed | |
| Monitor devices | Deleted | |
| Manage device updates for all supported device platforms by using Intune | Removed | |
| Implement endpoint protection for all supported device platforms | Removed | |
| Manage applications | Added | |
| Deploy and update apps | Added | |
| Plan and implement app protection and app configuration policies | Added | |
| Manage applications | Removed | |
| Deploy and update apps for all supported device platforms | Removed | |
| Plan and implement app protection and app configuration policies | Removed | |
| Protect devices | New | |
| Configure endpoint security | Added | |
| Manage device updates by using Intune | Added |
Skills measured prior to September 17, 2024
Audience profile
As a candidate for this exam, you have subject matter expertise deploying, configuring, protecting, managing, and monitoring devices and client applications in a Microsoft 365 environment. You’re responsible for:
Managing identity, security, access, policies, updates, and apps for endpoints.
Implementing solutions for efficient deployment and management of endpoints on various operating systems, platforms, and device types.
Implementing and managing endpoints at scale by using Microsoft Intune, Windows 365, Windows Autopilot, Microsoft Defender for Endpoint, and Microsoft Entra ID.
As an endpoint administrator, you collaborate with architects, Microsoft 365 administrators, security administrators, and other workload administrators to plan and implement a modern workplace strategy that meets the business needs of an organization.
You must have experience with Microsoft Entra ID and Microsoft 365 technologies, including Intune, as well as strong skills and experience in deploying, configuring, and maintaining Windows client and non-Windows devices.
Skills at a glance
Deploy Windows client (20–25%)
Manage identity and compliance (15–20%)
Manage, maintain, and protect devices (40–45%)
Manage applications (15–20%)
Deploy Windows client (20–25%)
Prepare for a Windows client deployment
Select a deployment tool based on requirements
Choose between migrate and rebuild
Choose an imaging and/or provisioning strategy
Select a Windows edition based on requirements
Implement subscription-based activation
Deploy Windows 365
Plan and implement a Windows client deployment by using Windows Autopilot
Configure device registration for Autopilot
Create, validate, and assign deployment profiles
Set up the Enrollment Status Page (ESP)
Deploy Windows devices by using Autopilot
Troubleshoot an Autopilot deployment
Configure remote management
Configure Remote Help in Intune
Configure Remote Desktop on a Windows client
Configure the Windows Admin Center
Configure PowerShell remoting and Windows Remote Management (WinRM)
Manage identity and compliance (15–20%)
Manage identity
Implement user authentication on Windows devices, including Windows Hello for Business, passwordless, and tokens
Manage role-based access control (RBAC) for Intune
Register devices in and join devices to Microsoft Entra
Implement the Intune Connector for Active Directory
Manage the membership of local groups on Windows devices
Implement and manage Local Administrative Passwords Solution (LAPS) for Microsoft Entra
Implement compliance policies for all supported device platforms by using Intune
Specify compliance policies to meet requirements
Implement compliance policies
Implement Conditional Access policies that require a compliance status
Manage notifications for compliance policies
Monitor device compliance
Troubleshoot compliance policies
Manage, maintain, and protect devices (40–45%)
Manage the device lifecycle in Intune
Configure enrollment settings
Configure automatic and bulk enrollment, including Windows, iOS, and Android
Configure policy sets
Restart, retire, or wipe devices
Manage device configuration for all supported device platforms by using Intune
Specify configuration profiles to meet requirements
Implement configuration profiles
Monitor and troubleshoot configuration profiles
Configure and implement Windows kiosk mode
Configure and implement profiles on Android devices, including fully managed, dedicated, corporate owned, and work profile
Plan and implement Microsoft Tunnel for Intune
Monitor devices
Monitor devices by using Intune
Monitor devices by using Azure Monitor
Analyze and respond to issues identified in Endpoint analytics and Adoption Score
Manage device updates for all supported device platforms by using Intune
Plan for device updates
Create and manage update policies by using Intune
Manage Android updates by using configuration profiles
Monitor updates
Troubleshoot updates in Intune
Configure Windows client delivery optimization by using Intune
Create and manage update rings by using Intune
Implement endpoint protection for all supported device platforms
Implement and manage security baselines in Intune
Create and manage configuration policies for Endpoint security including antivirus, encryption, firewall, endpoint detection and response (EDR), and attack surface reduction (ASR)
Onboard devices to Microsoft Defender for Endpoint
Implement automated response capabilities in Microsoft Defender for Endpoint
Review and respond to device issues identified in the Microsoft Defender Vulnerability Management dashboard
Manage applications (15–20%)
Deploy and update apps for all supported device platforms
Deploy apps by using Intune
Configure Microsoft 365 Apps deployment by using the Microsoft Office Deployment Tool or Office Customization Tool (OCT)
Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center
Deploy Microsoft 365 Apps by using Intune
Configure policies for Office apps by using Group Policy or Intune
Deploy apps from platform-specific app stores by using Intune
Plan and implement app protection and app configuration policies
Plan and implement app protection policies for iOS and Android
Manage app protection policies
Implement Conditional Access policies for app protection policies
Plan and implement app configuration policies for managed apps and managed devices
Manage app configuration policies