Free MD-102 Practice Test Questions 2026

You have a Microsoft 365 subscription that includes Microsoft Intune and Microsoft

Defender for Endpoint.

Users have devices that run Windows 11.

You deploy a connection from Defender for Endpoint to Intune.

You need to ensure that when a device is enrolled in Intune, the device is onboarded automatically to Defender for Endpoint

What should you configure, and which portal should you use? To answer, select the appropriate options in the answer area

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription. All devices run Windows 10.

You need to prevent users from enrolling the devices in the Windows Insider Program.

What two configurations should you perform from the Microsoft Intune admin center? Each correct answer is a complete solution.

NOTE: Each correct selection is worth one point.

A. a device restrictions device configuration profile

B. an app configuration policy

C. a Windows 10 and later security baseline

D. a custom device configuration profile

E. a Windows 10 and later update ring

Your company uses Microsoft Intune to manage devices.

You need to ensure that only Android devices that use Android work profiles can enroll in intune.

Which two configurations should you perform in the device enrollment restrictions? Each correct answer presents part of the solution.

NOTE Each correct selection is worth one point.

A. From Platform Settings, set Android device administrator Personally Owned to Block.

B. From Platform Settings, set Android Enterprise (work profile) to Allow.

C. From Platform Settings, set Android device administrator Personally Owned to Allow

D. From Platform Settings, set Android device administrator to Block.

You have an Azure AD tenant and 100 Windows 10 devices that are Azure AD joined and managed by using Microsoft Intune.

You need to configure Microsoft Defender Firewall and Microsoft Defender Antivirus on the devices. The solution must minimize administrative effort.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. To configure Microsoft Defender Antivirus, create a Group Policy Object (GPO) and configure the Windows Defender Antivirus settings.

B. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Device restrictions settings.

C. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Endpoint protection settings.

D. To configure Microsoft Defender Antivirus, create a device configuration profile and configure the Device restrictions settings.

E. To configure Microsoft Defender Firewall, create a device configuration profile and configure the Endpoint protection settings.

F. To configure Microsoft Defender Firewall, create a Group Policy Object (GPO) and configure Windows Defender Firewall with Advanced Security.

You have a Microsoft 365 E5 subscription and use Microsoft Intune.

You need to use a Sync bulk device action on all corporate-owned Windows devices.

What is the maximum number of devices you can include the action?

A. 25

B. 50

C. 100

D. 500

E. 1000

You have a Microsoft Deployment Toolkit (MDT) solution that is used to manage Windows 11 deployment tasks.

MDT contains the operating system images shown in the following table.



You need to perform a Windows 11 in-place upgrade on several computers that run Windows 10.

From the Deployment Workbench, you open the New Task Sequence Wizard.

You need to identify which task sequence template and which operating system image to use for the task sequence. The solution must minimize administrative effort.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1. User1 has a user principal name (UPN) of user1 @contoso.com.

You join a Windows 10 device named Client1 to contoso.com.

You need to add User1 to the local Administrators group of Client1.

How should you complete the command? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 ES subscription that uses Microsoft Intune.

You have the apps shown in the following exhibit.

Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. You have the groups shown in the following table.



Which groups can you add to Group4?

A. Group2only

B. Group1 and Group2 only

C. Group2 and Group3 only

D. Group1, Group2, and Group3

You have a Microsoft 365 tenant that contains the devices shown in the following table.



The devices are managed by using Microsoft Intune.

You create a compliance policy named Policy1 and assign Policy1 to Group1. Policy1 is configured to mark a device as Compliant only if the device security settings match the settings specified in the policy.

You discover that devices that are not members of Group1 are shown as Compliant.

You need to ensure that only devices that are assigned a compliance policy can be shown as Compliant. All other devices must be shown as Not compliant.

What should you do from the Microsoft Intune admin center?

A. From Device compliance, configure the Compliance policy settings.

B. From Endpoint security, configure the Conditional access settings.

C. From Tenant administration, modify the Diagnostic settings.

D. From Policy1, modify the actions for noncompliance.From Policy1, modify the actions for noncompliance.

You have a Microsoft 365 E5 subscription. The subscription contains devices that are Microsoft Entra joined and enrolled in Microsoft Intune.

You create a user named User1.

You need to ensure that User1 can rotate Bitlocker recovery keys by using Intune.

Solution: From the Microsoft Intune admin center, you assign the Help Desk Operator role to User1.

Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices enrolled in Microsoft Intune.

You plan to use Endpoint analytics.

You need to create baseline metrics.

What should you do first?

A. Create an Azure Monitor workbook.

B. Onboard 10 devices to Endpoint analytics.

C. Create a Log Analytics workspace.

D. Modify the Baseline regression threshold.