Updated Mar 06, 2026 Certification Exam MD-102 Dumps - Practice Test Questions
Updated Verified MD-102 dumps Q&As - Pass Guarantee or Full Refund
Microsoft MD-102 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION # 111
Case Study 1 - Litware inc
General Overview
Litware, Inc. is an international manufacturing company that has 3,000 employees. The company has sales, marketing, research, human resources (HR), development, and IT departments.
Litware has two main offices in New York and Los Angeles. Litware has five branch offices in Asia.
Existing Environment
Current Business Model
The Los Angeles office has 500 developers. The developers work flexible hours ranging from 11 AM to 10 PM.
Litware has a Microsoft Endpoint Configuration Manager deployment.
During discovery, the company discovers a process where users are emailing bank account information of its customers to internal and external recipients.
Current Environment
The network contains an Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD). The functional level of the forest and the domain is Windows Server 2012 R2. All domain controllers run Windows Server 2012 R2.
Litware has the computers shown in the following table.
The development department uses projects in Azure DevOps to build applications. Most of the employees in the sales department are contractors. Each contractor is assigned a computer that runs Windows 10. At the end of each contract, the computer is assigned to different contractor.
Currently, the computers are re-provisioned manually by the IT department.
Problem Statements
Litware identifies the following issues on the network:
- Employees in the Los Angeles office report slow Internet performance when updates are downloading. The employees also report that the updates frequently consume considerable resources when they are installed. The Update settings are configured as shown in the Updates exhibit. (Click the Updates button.)
- Management suspects that the source code for the proprietary applications in Azure DevOps in being shared externally.
- Re-provisioning the sales department computers is too time consuming.
Requirements
Business Goals
Litware plans to transition to co-management for all the company-owned Windows 10 computers.
Whenever possible, Litware wants to minimize hardware and software costs.
Device Management Requirements
Litware identifies the following device management requirements:
- Prevent the sales department employees from forwarding email that contains bank account information.
- Ensure that Microsoft Edge Favorites are accessible from all computers to which the developers sign in.
- Prevent employees in the research department from copying patented information from trusted applications to untrusted applications.
Technical Requirements
Litware identifies the following technical requirements for the planned deployment:
- Re-provision the sales department computers by using Windows AutoPilot.
- Ensure that the projects in Azure DevOps can be accessed from the corporate network only.
- Ensure that users can sign in to the Azure AD-joined computers by using a PIN. The PIN must expire every 30 days.
- Ensure that the company name and logo appears during the Out of Box Experience (OOBE) when using Windows AutoPilot.
Hotspot Question
You need to recommend a solution to meet the device management requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1:
Employees in the research department must be prevented from copying patented information from trusted applications to untrusted applications. This requires an App protection policy.
App protection policies make sure that the app-layer protections are in place. For example, you can:
- Require a PIN to open an app in a work context
- Control the sharing of data between apps
Prevent the saving of company app data to a personal storage location
Box 2:
Employees in the sales department must be prevented from forwarding email that contains bank account information.
Azure Information Protection is a cloud-based solution that helps an organization to classify and optionally, protect its documents and emails by applying labels.
Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations.
Reference:
https://docs.microsoft.com/en-us/intune/app-protection-policy
https://docs.microsoft.com/en-us/azure/information-protection/what-is-information-protection
NEW QUESTION # 112
You have an Azure Active Directory Premium Plan 2 subscription that contains the users shown in the following table.
You purchase the devices shown in the following table.
You configure automatic mobile device management (MDM) and mobile application management (MAM) enrollment by using the following settings:
* MDM user scope: Group1
* MAM user scope: Group2
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 113
You need a new conditional access policy that has an assignment for Office 365 Exchange Online.
You need to configure the policy to meet the technical requirements for Group4.
Which two settings should you configure in the policy? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
The policy needs to be applied to Group4 so we need to configure Users and Groups.
The Access controls are set to Block access
We therefore need to exclude compliant devices.
From the scenario:
* Ensure that the users in a group named Group4 can only access Microsoft Exchange Online from devices that are enrolled in Intune.
Note: When a device enrolls in Intune, the device information is updated in Azure AD to include the device compliance status. This compliance status is used by conditional access policies to block or allow access to e-mail and other organization resources.
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/conditions
https://docs.microsoft.com/en-us/intune/device-compliance-get-started
NEW QUESTION # 114
You have an Azure AD tenant named contoso.com that contains a user named Used. User! has a user principal name (UPN) of [email protected].
You join a Windows 11 device named Client 1 to contoso.com.
You need to add User1 to the local Administrators group of Client1.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
net localgroup Administrators /add "AzureAD\[email protected]"
This command will add the Azure AD user with the UPN of [email protected] to the local Administrators group of the device1. You need to use the AzureAD prefix and double backslashes to specify the user's domain2. You also need to enclose the user's name in quotation marks if it contains special characters like
@1.
You can run this command from an elevated command prompt on Client1, or remotely by using PowerShell or other tools1. You can also use the Intune Role Administrator role or the Additional local administrators on all Azure AD joined devices setting to manage the local administrators group on Azure AD joined devices34.
NEW QUESTION # 115
You have a Microsoft 365 subscription that contains 500 computers that run Windows 11. The computers are Azure AD joined and are enrolled in Microsoft Intune.
You plan to manage Microsoft Defender Antivirus on the computers.
You need to prevent users from disabling Microsoft Defender Antivirus,
What should you do?
- A. From the Microsoft 365 Defender portal, enable tamper protection.
- B. From the Microsoft Intune admin center, create an endpoint detection and response (EDR) policy.
- C. From the Microsoft Intune admin center, create an account protection policy.
- D. From the Microsoft Intune admin center, create a security baseline.
Answer: A
Explanation:
Explanation
Tamper protection is a feature of Microsoft Defender Antivirus that prevents users or malicious software from disabling or modifying the antivirus settings. Tamper protection can be enabled from the Microsoft 365 Defender portal for devices that are Azure AD joined and enrolled in Microsoft Intune. This will prevent users from turning off Microsoft Defender Antivirus or changing its configuration through Windows Security, PowerShell, Registry, or Group Policy. References: [Enable tamper protection]
NEW QUESTION # 116
You have an on-premises Active Directory domain that syncs to Azure AD tenant.
The tenant contains computers that run Windows 10. The computers are hybrid Azure AD joined and enrolled in Microsoft Intune. The Microsoft Office settings on the computers are configured by using an Group Policy Object (GPO).
You need to migrate the GPO to Intune.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
1 - Create a configuration profile.
2 - Configure the Administrative Templates settings.
3 - Assign the profile.
NEW QUESTION # 117
Hotspot Question
You have computers that run Windows 10 as shown in the following table.
Computer2 and Computer3 are enrolled in Microsoft Intune. In a Group Policy object (GPO) linked to the domain, you enable the Computer Configuration/Administrative Templates/Windows Components/Search/Allow Cortana setting. In an Intune device configuration profile, you configure the following:
- Device/Vendor/MSFT/Policy/Config/ControlPolicyConflict/MDMWinsOverGP
to a value of 1
- Experience/AllowCortana to a value of 0.
Each of the following statement, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
https://blogs.technet.microsoft.com/cbernier/2018/04/02/windows-10-group-policy-vs-intune- mdm-policy-who-wins/
NEW QUESTION # 118
You have 200 computers that run Windows 10. The computers are joined to Azure AD and enrolled in Microsoft Intune. You need to set a custom image as the wallpaper and sign-in screen.
Which two settings should you configure in the Device restrictions configuration profile? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 119
Your network contains an Active Directory domain. Active Directory is synced with Microsoft Azure Active Directory (Azure AD).
There are 500 Active Directory domain-joined computers that run Windows 10 and are enrolled in Microsoft Intune.
You plan to implement Microsoft Defender Exploit Guard.
You need to create a custom Microsoft Defender Exploit Guard policy, and then distribute the policy to all the computers.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
A screenshot of a computer Description automatically generated
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/import-export-explo
https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-prote
NEW QUESTION # 120
You have a Microsoft 365 subscription that contains 1,000 iOS devices. The devices are enrolled in Microsoft Intune as follows:
* Two hundred devices are enrolled by using the Intune Company Portal.
* Eight hundred devices are enrolled by using Apple Automated Device Enrollment (ADE).
You create an iOS/iPadOS software updates policy named Policy 1 that is configured to install iOS/iPadOS
15.5.
How many iOS devices will Policy1 update, and what should you configure to ensure that only iOS/iPadOS
15.5 is installed? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Policy 1 will update 800 iOS devices that are enrolled by using Apple Automated Device Enrollment (ADE). This is because ADE devices are supervised devices that support software update policies in Intune1. Devices that are enrolled by using the Intune Company Portal are not supervised devices and do not support software update policies2.
To ensure that only iOS/iPadOS 15.5 is installed, you should configure a device restriction policy that restricts visibility of software updates. This will prevent users from manually updating the OS to a newer version than the one you specified in Policy 11. You can use the Deployment Workbench to create and assign a device restriction profile to your ADE devices3.
NEW QUESTION # 121
You have computers that run Windows 10 and are configured by using Windows AutoPilot.
A user performs the following tasks on a computer named Computer1:
Creates a VPN connection to the corporate network
Installs a Microsoft Store app named App1
Connects to a Wi-Fi network
You perform a Windows AutoPilot Reset on Computer1.
What will be the state of the computer when the user signs in? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-reset
NEW QUESTION # 122
You have a Microsoft 365 ES subscription that uses Microsoft Intune.
Devices are enrolled in Intune as shown in the following table.
The devices are the members of groups as shown in the following table.
You create an JOS/iPadOS update profile as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 123
You have a Microsoft 365 subscription.
You need to enable passwordless authentication for all users. The solution must meet the following requirements:
* Users in the research department cannot use mobile devices and must authenticate from unmanaged Linux devices by using an alternative method.
* To access services, users in the sales department must authenticate by using their mobile phone.
* Administrative effort must be minimized.
Which authentication method should you use for each department? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 124
You have an Azure AD tenant that contains the users shown in the following table.
You have the devices shown in the following table.
You have a Conditional Access policy named CAPolicy1 that has the following settings:
* Assignments
o Users or workload identities: User 1. User1
o Cloud apps or actions: Office 365 Exchange Online
o Conditions: Device platforms: Windows, iOS
* Access controls
o Grant Require multi-factor authentication
You have a Conditional Access policy named CAPolicy2 that has the following settings:
Assignments
* Users or workload identities: Used, User2
* Cloud apps or actions: Office 365 Exch
* Conditions
* Device platforms: Android, iOS
* Filter for devices
* Device matching the rule: Exclude filtered devices from policy
* Rule syntax: device. displayName- contains "1"
* Access controls
* Grant Block access
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Explanation:
NEW QUESTION # 125
You have a Microsoft 365 E5 subscription.
You create a new update rings policy named Policy1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point,
Answer:
Explanation:
Explanation:
*Updates that contain fixes and improvements to existing Windows functionality can be deferred for 30 days.
This is because the update rings policy named Policy1 has the "Quality updates deferral period (days)" setting set to 30. This means that quality updates, which include fixes and improvements to existing Windows functionality, can be deferred for up to 30 days from the date they are released by Microsoft. After 30 days, the devices will automatically install the quality updates. References:
https://docs.microsoft.com/en-us/mem/intune/protect/windows-update-for-business-configure
*Updates that contain new Windows functionality will be installed within 60 days of release.
This is because the update rings policy named Policy1 has the "Feature updates deferral period (days)" setting set to 60. This means that feature updates, which include new Windows functionality, can be deferred for up to
60 days from the date they are released by Microsoft. After 60 days, the devices will automatically install the feature updates. References:
https://docs.microsoft.com/en-us/mem/intune/protect/windows-update-for-business-configure
NEW QUESTION # 126
You have 100 computers that run Windows 8.1.
You need to create a report that will assess the Windows 10 readiness of the computers.
What should you use?
- A. Microsoft Assessment and Planning (MAP) Toolkit
- B. Microsoft Desktop Optimization Pack (MDOP)
- C. Windows Assessment and Deployment Kit (Windows ADK)
- D. Windows Deployment Services (WDS)
Answer: A
Explanation:
The MAP Toolkit is used for multi-product assessment and planning. It assesses a network environment using agentless data collection technologies to gather inventory and performance information. Then provides assessment reports to aid organizations with their IT infrastructure planning.
NEW QUESTION # 127
You have a Microsoft 365 subscription that includes Microsoft Intune and Microsoft Defender for Endpoint.
Users have devices that run Windows 11.
You deploy a connection from Defender for Endpoint to Intune.
You need to ensure that when a device is enrolled in Intune, the device is onboarded automatically to Defender for Endpoint What should you configure, and which portal should you use? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 128
You have a Microsoft Entra tenant that contains the devices shown in the following table.
The tenant contains the groups shown in the following table.
You create a Windows Autopilot deployment profile as shown in the Deployment Profile exhibit (Click the Deployment Profile tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 129
......
Exam Engine for MD-102 Exam Free Demo & 365 Day Updates: https://www.vce4plus.com/Microsoft/MD-102-valid-vce-dumps.html
MD-102 PDF Questions and Testing Engine With 354 Questions: https://drive.google.com/open?id=1fEEWLqFL0iJiOTYTn_F169KYAZkfomco