Microsoft has recently announced the new MD-102: Endpoint Administrator exam which will become the single exam for you to achieve the Microsoft 365 Certified: Modern Desktop Administrator Associate certification.
In this MD-102 exam study guide I am sharing with you all free learning resources which will aid you in passing the exam. The resources are made up from all relevant Microsoft documentation pages, as well as community blog posts.
About the MD-102 exam
The MD-102 exam is the single exam required for you to earn the Microsoft 365 Certified: Modern Desktop Administrator Associate certification and it is aimed at experts who have experience deploying, configuration and managing devices and client applications in Microsoft 365.
Here is the full exam description:
Candidates for this exam have subject matter expertise deploying, configuring, protecting, managing, and monitoring devices and client applications in a Microsoft 365 environment. They manage identity, security, access, policies, updates, and apps for endpoints. They implement solutions for efficient deployment and management of endpoints on various operating systems, platforms, and device types. They implement and manage endpoints at scale by using Microsoft Intune, Windows 365, Windows Autopilot, Microsoft Defender for Endpoint, and Azure Active Directory (Azure AD), part of Microsoft Entra.
Endpoint administrators collaborate with architects, Microsoft 365 administrators, security administrators, and other workload administrators to plan and implement a modern workplace strategy that meets the business needs of an organization.
Candidates for this exam have experience with Azure AD and Microsoft 365 technologies including Intune. They must have strong skills and experience in deploying, configuring, and maintaining Windows client and non-Windows devices.
MD-102 Exam Path
MD-102 Exam feedback
I sat the MD-102 exam personally this year so here is my feedback regarding the exam questioning and my recommended areas for study.
I found the exam quite well written, I could not make out any technical or grammatical issues during the exam which was a bonus, but sometimes expected! Especially as I took the exam during the beta phase. There were still some references to old technologies such as AD DS (Active Directory Domain Servers), but as they will not be going anywhere for a long time, I felt it appropriate to remain in the exam and the question scenarios justify its existence.
II did not get any questions on the new Windows LAPS technologies, however that doesn’t mean that you wont! I have plenty of tutorials on LAPS on this blog so check them out!
There were many different questions that came up on the exam. Of-course I cannot share details on the questions here, but what I can share is a list of some of the areas that were featured on the exam taken from the skills outline: (of-course you can expect all skills to be defined on the exam in some manner, but this list is quite long anyway so it may help you focus your study!).
Choose an imaging and/or provisioning strategy
Configure device registration for Autopilot
Create, validate, and assign deployment profiles
Set up the Enrollment Status Page (ESP)
Deploy Windows devices by using Autopilot
Plan and implement an MDT deployment infrastructure
Create, manage, and deploy images
Configure Remote Desktop on a Windows client
Configure the Windows Admin Center
Configure PowerShell remoting and Windows Remote Management (WinRM)
Implement user authentication on Windows devices, including Windows Hello for Business, passwordless, and tokens
Register devices in and join devices to Azure AD
Manage the membership of local groups on Windows devices
Implement Conditional Access policies that require a compliance status
Implement compliance policies
Monitor device compliance
Configure policy sets
Implement configuration profiles
Configure and implement Windows kiosk mode
Configure and implement profiles on Android devices, including fully managed, dedicated, corporate owned, and work profile
Monitor devices by using Intune
Plan for device updates
Create and manage update policies by using Intune
Monitor updates
Configure Windows client delivery optimization by using Intune
Create and manage update rings by using Intune
Implement and manage security baselines in Intune
Create and manage configuration policies for Endpoint security including antivirus, encryption, firewall, endpoint detection and response (EDR), and attack surface reduction (ASR)
Deploy apps by using Intune
Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center
Deploy Microsoft 365 Apps by using Intune
Plan and implement app protection policies for iOS and Android
Manage app protection policies
Implement Conditional Access policies for app protection policies
Plan and implement app configuration policies for managed apps and managed devices
Manage app configuration policies
How long is the MD-102 Exam
For the MD-102 exam, I was given 2 hours to complete 60 questions, which I found was plenty of time. However, due to the nature of Microsoft exams, your exam may have anywhere between 45 and 60 questions, so please bear that in mind.
Microsoft Learn paths
Although Microsoft have not released an official Microsoft learning path yet for the MD-102 exam, I have added all the relevant learning paths from Microsoft learn to a collection which you can access below:
Deploy Windows client (25–30%)
Prepare for a Windows client deployment
- Select a deployment tool based on requirements
- Choose between migrate and rebuild
- Choose an imaging and/or provisioning strategy
- Select a Windows edition based on requirements
- Implement subscription-based activation
Plan and implement a Windows client deployment by using Windows Autopilot
- Configure device registration for Autopilot
- Create, validate, and assign deployment profiles
- Set up the Enrollment Status Page (ESP)
- Deploy Windows devices by using Autopilot
- Troubleshoot an Autopilot deployment
Plan and implement a Windows client deployment by using the Microsoft Deployment Toolkit (MDT)
- Plan and implement an MDT deployment infrastructure
- Create, manage, and deploy images
- Monitor and troubleshoot a deployment
- Plan and configure user state migration
Configure remote management
- Configure Remote Help in Intune
- Configure Remote Desktop on a Windows client
- Configure the Windows Admin Center
- Configure PowerShell remoting and Windows Remote Management (WinRM)
Manage identity and compliance (15–20%)
Manage identity
- Implement user authentication on Windows devices, including Windows Hello for Business, passwordless, and tokens
- Windows Hello for Business Deployment Overview (Ms doc)
- Passwordless authentication options for Azure Active Directory (Ms doc)
- Plan a passwordless authentication deployment in Azure Active Directory (Ms doc)
- Authentication methods in Azure Active Directory – OATH tokens (Ms doc)
- Enable passwordless security key sign-in (Ms doc)
- Manage role-based access control (RBAC) for Intune
- Register devices in and join devices to Azure AD
- Implement the Intune Connector for Active Directory
- Manage the membership of local groups on Windows devices
- Implement and manage Local Administrative Passwords Solution (LAPS) for Azure AD
Implement compliance policies for all supported device platforms by using Intune
- Specify compliance policies to meet requirements
- Implement compliance policies
- Implement Conditional Access policies that require a compliance status
- Manage notifications for compliance policies
- Monitor device compliance
- Troubleshoot compliance policies
Manage, maintain, and protect devices (40–45%)
Manage the device lifecycle in Intune
- Configure enrollment settings
- Configure automatic and bulk enrollment, including Windows, Apple, and Android
- Configure policy sets
- Restart, retire, or wipe devices
Manage device configuration for all supported device platforms by using Intune
- Specify configuration profiles to meet requirements
- Implement configuration profiles
- Monitor and troubleshoot configuration profiles
- Configure and implement Windows kiosk mode
- Configure and implement profiles on Android devices, including fully managed, dedicated, corporate-owned, and work profile
- Plan and implement Microsoft Tunnel for Intune
Monitor devices
- Monitor devices by using Intune
- Monitor devices by using Azure Monitor
- Analyze and respond to issues identified in Endpoint analytics and Adoption Score
Manage device updates for all supported device platforms by using Intune
- Plan for device updates
- Create and manage update policies by using Intune
- Manage Android updates by using configuration profiles
- Monitor updates
- Troubleshoot updates in Intune
- Configure Windows client delivery optimization by using Intune
- Create and manage update rings by using Intune
Implement endpoint protection for all supported device platforms
- Implement and manage security baselines in Intune
- Create and manage configuration policies for Endpoint security including antivirus, encryption,
firewall, endpoint detection and response (EDR), and attack surface reduction (ASR) - Onboard devices to Defender for Endpoint
- Implement automated response capabilities in Defender for Endpoint
- Review and respond to device issues identified in the Microsoft Defender Vulnerability
Management dashboard
Manage applications (10–15%)
Implement endpoint protection for all supported device platforms
- Deploy apps by using Intune
- Configure Microsoft 365 Apps deployment by using the Microsoft Office Deployment Tool or
Office Customization Tool (OCT) - Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center
- Deploy Microsoft 365 Apps by using Intune
- Configure policies for Office apps by using Group Policy or Intune
- Deploy apps to platform-specific app stores by using Intune
Implement endpoint protection for all supported device platforms
- Plan and implement app protection policies for iOS and Android
- Manage app protection policies
- Implement Conditional Access policies for app protection policies
- Plan and implement app configuration policies for managed apps and managed devices
- Manage app configuration policies
Wow thanks for all the links. Massive help in starting to prepare for the exam without having to spend a lot of time scrambling around finding the proper documentation
Thank you a lot for your work on this study guide. It’s beneficial.