Free MD-102 Practice Test Questions 2026

You have a Microsoft Entra tenant.

You are creating a dynamic device group named Group1.

Group1 will include only Windows devices that are Microsoft Entra registered.

How should you configure the dynamic membership rule for Group1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.

After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.

You have a Microsoft Entra tenant named contoso.com.

You purchase an Android device named Devtce1.

You need to register Devtce1 in contoso.com.

Solution; You use the Google Chrome app.

Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 subscription.

You create a retention label named Retention1 as shown in the following exhibit.



You apply Retention1 to all the Microsoft OneDrive content.

On January 1, 2020, a user stores a file named File1 in OneDrive.

On January 10, 2020, the user modifies File1.

On February 1, 2020, the user deletes File1.

When will File1 be removed permanently and unrecoverable from OneDrive?

A. February 1, 2020

B. July 1, 2020

C. July 10, 2020

D. August 1, 2020

You have a Microsoft 365 E5 subscription that contains 500 macOS devices enrolled in Microsoft Intune.

You need to ensure that you can apply Microsoft Defender for Endpoint antivirus policies to the macOS devices. The solution must minimize administrative effort.

What should you do?

A. From the Microsoft Endpoint Manager admin center, create a configuration profile.

B. From the Microsoft Endpoint Manager admin center, create a security baseline.

C. Onboard the macOS devices to the Microsoft 365 compliance center.

D. Install Defender for Endpoint on the macOS devices.

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices.

You need to configure an update ring that meets the following requirements:

• Fixes and improvements to existing Windows functionality can be deferred for 14 days but will install automatically seven days after that date.

• The installation of new Windows features can be deferred for 90 days but will install automatically 10 days after that date.

• Devices must restart automatically three days after an update is installed.

How should you configure the update ring? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You have an Azure AD tenant named contoso.com.

You need to ensure that users are not added automatically to the local Administrators group when they join their Windows 11 device to contoso.com.

What should you configure?

A. Windows Autopilot

B. provisioning packages for Windows

C. Security defaults in Azure AD

D. Device settings in Azure AD

You have a Microsoft 365 E5 subscription that contains a user named User1.

You need to perform the following tasks for User1:

Set the Usage location to Canada.

Configure the Phone and Email authentication contact info for self-service password reset (SSPR).

Which two settings should you configure in the Azure Active Directory admin center? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices.

You plan to deploy two apps named App1 and App2 to all Windows devices. App1 must be installed before App2.

From the Intune admin center, you create and deploy two Windows app (Win32) apps.

You need to ensure that App1 is installed before App2 on every device.

What should you configure?

A. the App1 deployment configurations

B. a dynamic device group

C. a detection rule

D. the App2 deployment configurations

Your company implements Azure AD, Microsoft 365, Microsoft Intune, and Azure Information Protection. The company's security policy states the following:

• Personal devices do not need to be enrolled in Intune.

• Users must authenticate by using a PIN before they can access corporate email data.

• Users can use their personal iOS and Android devices to access corporate cloud services.

• Users must be prevented from copying corporate email data to a cloud storage service other than Microsoft OneDrive for Business.

You need to configure a solution to enforce the security policy.

What should you create?

A. a device configuration profile from the Microsoft Intune admin center

B. a data loss prevention (DIP) policy from the Microsoft Purview compliance portal

C. an insider risk management policy from the Microsoft Purview compliance portal

D. an app protection policy from the Microsoft Intune admin center

You have a Microsoft 365 subscription. The subscription contains computers that run Windows 11 and are enrolled in Microsoft Intune. You need to create a compliance policy that meets the following requirements:



• Requires BitLocker Drive Encryption (BitLocker) on each device

• Requires a minimum operating system version

Which setting of the compliance policy should you configure for each requirement? To answer, drag the appropriate settings to the correct requirements. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point,

You have 1,000 computers that run Windows 10 and are members of an Active Directory domain.

You need to capture the event togs from the computers to Azure.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Your network contains an on-premises Active Directory domain and an Azure AD tenant.

The Default Domain Policy Group Policy Object (GPO) contains the settings shown in the following table.



Which device configuration profile type template should you use?

A. Administrative Templates

B. Endpoint protection

C. Device restrictions

D. Custom