Free MD-102 Practice Test Questions 2026

You have SOO Windows 10 devices enrolled in Microsoft Intune.

You plan to use Exploit protection in Microsoft Intune to enable the following system settings on the devices:

• Data Execution Prevention (DEP)

• Force randomization for images (Mandatory ASlR)

You need to configure a Windows 10 device that will be used to create a template file.

Which protection areas on the device should you configure in the Windows Security app before you create the template file? To answer, drag the appropriate protection areas to the correct settings. Each protection area may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

You have a Microsoft 365 subscription that contains a user named User1. User! is assigned a Windows 10/11 Enterprise E3 license. You use Microsoft Intune Suite to manage devices. User1 activates the following devices:

• Device1: Windows 11 Enterprise

• Device2: Windows 10 Enterprise

• Device3: Windows 11 Enterprise

How many more devices can User1 activate?

A. 2

B. 3

C. 7

D. 8

You have a computer that runs Windows 10 and contains two local users named User! and User2. You need to ensure that the users can perform the following anions:

• User 1 must be able to adjust the date and time.

• User2 must be able to clear Windows logs.

The solution must use the principle of least privilege.

To which group should you add each user? To answer, drag the appropriate groups to the correct users. Each group may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that contains the devices shown in the following table.



All the devices will be reimaged and licensed by using subscription activation.

The devices are assigned to the users shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point

You have a Microsoft 365 subscription that uses Microsoft Intune.

You plan to use Windows Autopilot to provision 25 Windows 11 devices.

You need to meet the following requirements during device provisioning:

• Display the progress of app and profile deployments.

• Join the devices to Azure AD.

What should you configure to meet each requirement? To answer drag the appropriate settings to the correct requirements. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

You use the Microsoft Deployment Toolkit (MDT) to deploy Windows 11.

You create a new task sequence by using the Standard Client Task Sequence template to deploy Windows 11 Enterprise to new computers. The computers have a single hard disk.

You need to modify the task sequence to create a system volume and a data volume.

Which phase should you modify in the task sequence?

A. Initialization

B. State Restore

C. Preinstall

D. Postinstall

You have a Windows 10 device named Device! that is joined to Active Directory and enrolled in Microsoft Intune.

Device1 is managed by using Group Policy and Intune.

You need to ensure that the Intune settings override the Group Policy settings.

What should you configure?

A. a device configuration profile

B. a device compliance policy

C. an MDM Security Baseline profile

D. a Group Policy Object (GPO)

You have a Microsoft 365 subscription and use Microsoft Intune.

You have the Endpoint Privilege Management (EPM) elevation settings policy shown in the following exhibit.



No EPM elevation rules policies are configured.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 tenant and an internal certification authority (CA).

You need to use Microsoft Intune to deploy the root CA certificate to managed devices.

Which type of Intune policy and profile should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that includes Microsoft Intune.

You have an update ring named UpdateRing1 that contains the following settings:

• Automatic update behavior: Auto install and restart at a scheduled time

• Automatic behavior frequency: First week of the month

• Scheduled install day: Tuesday

• Scheduled install time: 3 AM

From the Microsoft Intone admin center, you select Uninstall for the feature updates of UpdateRing1. When will devices start to remove the feature updates?

A. when a user approves the uninstall

B. as soon as the policy is received

C. next Tuesday

D. the first Tuesday of the next month

You have a Microsoft 365 subscription that contains 1,000 Android devices enrolled in Microsoft Intune. You create an app configuration policy that contains the following settings:

• Device enrollment type: Managed devices

• Profile Type: All Profile Types

• Platform: Android Enterprise

Which two types of apps can be associated with the policy? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A. Built-in Android app

B. Managed Google Play store app

C. Web link

D. Android Enterprise system app

E. Android store app

You have a Microsoft 365 E5 subscription that contains 100 iOS devices enrolled in Microsoft Intune.

You need to deploy a custom line-of-business (LOB) app to the devices by using Intune.

Which extension should you select for the app package file?

A. .intunemac

B. apk

C. jpa

D. appx