60 Essential MD-102 Study Questions: Windows Autopilot, Intune Enrollment, and Device Management Explained

By /

MD-102 Study Guide – Windows Autopilot and Intune Administration

This detailed guide includes 60 comprehensive questions and answers divided into two key sections. Each item includes explanations, real-world examples, and Microsoft Learn references for in-depth understanding and exam preparation.

🧭 Section 1 – Windows Autopilot & Enrollment (Questions 1–30)

1.

Question: What must be configured for Windows Autopilot devices to automatically enroll in Microsoft Intune during setup?
Answer: Enable MDM Auto-Enrollment in Microsoft Entra ID.
Explanation: MDM auto-enrollment links Entra ID with Intune, allowing devices registered in Autopilot to enroll automatically during the Out-of-Box Experience (OOBE).
Portal Path: Microsoft Entra admin center → Mobility (MDM and MAM) → Microsoft Intune → Configure.
Reference: Windows Autopilot Overview

2.

Question: Before deploying devices, how can an administrator ensure devices join Entra ID and are managed by Intune?
Answer: Assign an Autopilot Deployment Profile to the device group.
Explanation: Deployment profiles determine join type (Entra or Hybrid), enrollment settings, and configuration behavior. Assigning profiles ensures seamless setup for users.
Reference: Create and assign Autopilot profiles

3.

Question: How can existing Windows 11 devices be prepared for Autopilot enrollment?
Answer: Use Windows Configuration Designer to create a provisioning package.
Explanation: This tool enables the extraction of device information (hardware hash) for Autopilot registration on devices already deployed.
Reference: Create provisioning packages

4.

Question: Which identity method supports BYOD enrollment without full device management?
Answer: Microsoft Entra Registration (Workplace Join)
Explanation: Registered devices allow app-level control via App Protection Policies while maintaining user privacy on personal devices.
Reference: Register devices with Microsoft Entra ID

5.

Question: Which Autopilot mode is best for remote workers where minimal IT involvement is needed?
Answer: Self-Deploying Mode
Explanation: This mode provisions devices automatically and enrolls them in Intune without user credentials.
Reference: Self-deploying mode overview

6.

Question: Which connector must be set up to manage hybrid-joined devices in Intune?
Answer: Intune Connector for Active Directory
Explanation: This connector supports hybrid Autopilot deployments by syncing on-premises AD with Entra ID.
Reference: Hybrid Azure AD join with Autopilot

7.

Question: How can Autopilot profiles be assigned automatically based on device details?
Answer: Use Dynamic Device Groups in Entra ID.
Explanation: Dynamic rules (like “devicePhysicalIDs -contains”) automate assignment for large-scale deployments.
Reference: Dynamic groups in Entra ID

8.

Question: Which deployment mode should schools use for shared student devices?
Answer: Self-Deploying Mode
Explanation: This mode enables shared device setup without individual user logins, ideal for classrooms and kiosks.

9.

Question: Which two configurations ensure devices ship directly to users with enforced policies?
Answer: Windows Autopilot Registration and MDM Auto-Enrollment
Explanation: Devices must be registered and linked to Intune for automatic setup and policy application.

10.

Question: What tool should be used to create provisioning packages for offline devices?
Answer: Windows Configuration Designer
Explanation: Used for offline deployment of Autopilot profiles or network settings on devices with no internet.

11.

Question: How are devices provisioned in an offline factory environment with no internet?
Answer: Use local provisioning packages created via Windows Configuration Designer.

12.

Question: How can healthcare staff use kiosk-mode devices without sign-in?
Answer: Deploy Self-Deploying Autopilot Profiles
Explanation: Ideal for frontline workers or shared stations.

13.

Question: Which infrastructure is needed for Hybrid Azure AD Join during Autopilot setup?
Answer: Intune Connector for Active Directory

14.

Question: What feature allows IT to preconfigure devices before delivery to users?
Answer: Pre-provisioning (White Glove)
Explanation: IT can install apps, settings, and policies before user sign-in.
Reference: Autopilot pre-provisioning

15.

Question: What ensures policies apply when users first sign in to new devices?
Answer: MDM Auto-Enrollment
Explanation: Automatically registers devices into Intune during OOBE.

16.

Question: How can BYOD users access Outlook and Teams securely without full enrollment?
Answer: Apply App Protection Policies (APP)
Explanation: APPs secure corporate data at the app level on personal devices.
Reference: App protection policies overview

17.

Question: What is the role of the Get-WindowsAutopilotInfo script?
Answer: Exports hardware hashes for Autopilot registration
Explanation: The script generates device information needed for Autopilot imports.
Command Example:

Get-WindowsAutopilotInfo.ps1 -OutputFile AutoPilotHWID.csv

18.

Question: Which feature lets users restore a device to a preconfigured state without IT help?
Answer: Windows Autopilot Reset

19.

Question: What ensures newly imported devices via CSV get the right profile automatically?
Answer: Dynamic Group Assignment

20.

Question: How can Apple devices be pre-enrolled in Intune before activation?
Answer: Integrate Apple Business Manager (ABM) with Intune.
Reference: Apple enrollment integration

21.

Question: Why might devices fail to provision during Autopilot setup?
Answer: MDM auto-enrollment or deployment profile misconfiguration

22.

Question: How can a multinational company assign localized configurations?
Answer: Create multiple Autopilot profiles and assign via regional dynamic groups.

23.

Question: How can users register their own personal Windows devices?
Answer: Microsoft Entra Registration

24.

Question: What must be done to prepare new devices for Autopilot provisioning?
Answer: Import hardware hashes or serial numbers

25.

Question: What feature applies all apps and settings before devices ship to users?
Answer: Pre-Provisioning (White Glove)

26.

Question: How do you assign a custom wallpaper and start menu layout across devices?
Answer: Device Configuration Policy (Settings Catalog)

27.

Question: What prevents unauthorized software installations on corporate PCs?
Answer: App Control for Business Policy

28.

Question: What allows IT to remotely troubleshoot a user’s device?
Answer: Remote Help in Intune
Reference: Remote Help overview

29.

Question: How can updates be scheduled weekly while minimizing disruptions?
Answer: Windows Update for Business (WUfB) Rings
Reference: Configure WUfB

30.

Question: How can non-compliant devices be blocked from accessing resources?
Answer: Device Compliance Policy with Conditional Access

🛡️ Section 2 – Intune Device Management & Security (Questions 31–60)

31.

Question: How do you ensure Defender Antivirus and Firewall are enabled across all devices?
Answer: Use Endpoint Security Policies in Intune.
Path: Endpoint Security → Antivirus / Firewall → Create Policy.

32.

Question: How can IT exclude a pilot group from receiving policies temporarily?
Answer: Exclude group from profile assignments

33.

Question: Which report helps track overall device compliance status?
Answer: Device Compliance Reports in Intune Admin Center.

34.

Question: How do you configure Wi-Fi and VPN settings for enrolled devices?
Answer: Use Device Configuration Profiles (Settings Catalog)

35.

Question: What Intune feature helps deploy security baselines for Windows 11?
Answer: Security Baselines (Windows 11)
Reference: Apply security baselines

36.

Question: What policy type enforces BitLocker drive encryption?
Answer: Endpoint Security → Disk Encryption Policy

37.

Question: How can IT remotely restart or wipe a lost device?
Answer: Remote Actions in Intune (Restart, Wipe, Retire)

38.

Question: What feature allows you to customize the Intune Company Portal branding?
Answer: Tenant Customization Settings

39.

Question: What helps monitor app installations across devices?
Answer: Intune App Install Status Report

40.

Question: What feature provides in-depth endpoint analytics and performance data?
Answer: Endpoint Analytics

41.

Question: What tool allows querying devices using KQL?
Answer: Device Query in Intune (Advanced Endpoint Analytics)

42.

Question: How can administrators track Intune policy deployment errors?
Answer: Monitor → Configuration Profiles → Per-Device Status

43.

Question: What ensures devices receive regular quality updates?
Answer: Feature and Quality Update Policies (WUfB)

44.

Question: What protects corporate emails on unmanaged devices?
Answer: App Protection Policies (MAM)

45.

Question: What allows organizations to enforce password complexity across all devices?
Answer: Device Compliance Policy

46.

Question: Which setting prevents USB drives on managed endpoints?
Answer: Endpoint Security → Attack Surface Reduction (ASR) Rule

47.

Question: How can you manage Windows Hello for Business rollout?
Answer: Create a Device Configuration Policy (Identity Protection)

48.

Question: What tool detects device health anomalies using AI insights?
Answer: Advanced Endpoint Analytics (Device Timeline)

49.

Question: How do you deploy MSI or EXE applications via Intune?
Answer: Use Win32 App Deployment

50.

Question: Which report provides insight into update compliance across devices?
Answer: Windows Update for Business Reports

51.

Question: What helps define least-privilege access for IT admins in Intune?
Answer: Role-Based Access Control (RBAC)

52.

Question: How can organizations enforce multi-factor authentication for administrators?
Answer: Configure Conditional Access for Admin Roles

53.

Question: What provides just-in-time admin access for privileged roles?
Answer: Privileged Identity Management (PIM)

54.

Question: What detects and isolates potentially compromised devices?
Answer: Microsoft Defender for Endpoint Integration

55.

Question: How can IT audit all device management activity in Intune?
Answer: Intune Audit Logs

56.

Question: What ensures devices not meeting compliance policies are flagged?
Answer: Noncompliance Notifications

57.

Question: What limits Intune policy visibility to specific admin scopes?
Answer: Scope Tags

58.

Question: What feature allows automation for common repetitive admin tasks?
Answer: Power Automate with Intune Graph API

59.

Question: How can you block untrusted applications from running on Windows devices?
Answer: App Control for Business Policy

60.

Question: What dashboard provides overall visibility into device health and policy status?
Answer: Intune Reports → Endpoint Security Dashboard

LinkedInCopyPinterestRedditTelegram

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by
Scroll to Top