MD-102 Endpoint Administrator Exam: Latest 2026 Practice Questions, Answers & Explanations (Intune, Autopilot, Defender)

MD-102: Endpoint Administrator

This section includes questions based on the latest skills measured for MD-102, effective as of January 23, 2026, focusing on preparing infrastructure, managing devices, applications, and protecting endpoints with tools like Microsoft Intune and Defender for Endpoint.

Question 1: Multiple Choice

You are configuring enrollment for a fleet of corporate-owned Android devices in Microsoft Intune. Which enrollment profile should you use to ensure devices are fully managed by the organization, including the ability to enforce corporate policies and remotely wipe data if needed?

A. Android Enterprise work profile
B. Android Enterprise dedicated
C. Android Enterprise fully managed
D. Android Enterprise corporate-owned work profile

Answer: C. Android Enterprise fully managed

Explanation: Android Enterprise fully managed profiles allow IT admins to have complete control over the device, including app management, security policies, and remote actions like wiping. This is ideal for corporate-owned devices, as per Intune’s enrollment options for Android.

Question 2: Scenario-Based

Scenario: Your organization is deploying Windows 11 devices using Windows Autopilot. You need to ensure that during enrollment, devices automatically receive a custom name based on the user’s department and a sequential number. Additionally, the deployment must include Microsoft 365 Apps pre-installed. Describe the steps to achieve this, including any tools or configurations required.

Answer:

1. In the Microsoft Intune admin center, create a device name template under Devices > Windows > Windows enrollment > Deployment Profiles. Use variables like %SERIAL% or custom attributes for department-based naming.
2. Configure a Windows Autopilot deployment profile, selecting “Self-Deploying” or “User-Driven” mode as appropriate.
3. For app deployment, use the Microsoft Office Deployment Tool (ODT) to create a configuration.xml file for Microsoft 365 Apps, then add it as a Win32 app in Intune and assign it to the Autopilot group. Alternatively, deploy via the Microsoft 365 Apps admin center and target the devices during ESP (Enrollment Status Page).

Explanation: This leverages Autopilot’s naming templates for automated naming and Intune’s app deployment capabilities to ensure apps are installed during provisioning, aligning with real-world hybrid work setups where efficient onboarding is critical.

Question 3: Troubleshooting

You notice that some Windows devices enrolled in Intune are not receiving updates from an assigned update ring, despite being compliant. Logs show errors related to delivery optimization. What are the likely causes and steps to resolve this?

Answer:
Likely causes: Firewall blocking peer-to-peer traffic, misconfigured delivery optimization settings, or network issues preventing access to Microsoft Update services.
Resolution steps:

1. In Intune, navigate to Devices > Update rings for Windows 10 and later, and verify the ring settings.
2. Configure Windows client delivery optimization policies in Intune to allow DO (Delivery Optimization) on the devices.
3. Use the Microsoft Intune admin center to run a device sync and check reports for update status. If needed, troubleshoot with KQL queries in Advanced Analytics to identify patterns.

Explanation: Delivery optimization reduces bandwidth by enabling peer downloads; misconfigurations often cause update failures. This reflects Intune’s integration with Windows Update for Business, emphasizing monitoring and policy management.

Question 4: Multiple Choice

In implementing Intune Suite add-on capabilities, which feature would you use to elevate user privileges temporarily for specific tasks without granting permanent admin rights?

A. Microsoft Tunnel for MAM
B. Endpoint Privilege Management
C. Cloud PKI
D. Remote Help

Answer: B. Endpoint Privilege Management

Explanation: Endpoint Privilege Management allows just-in-time elevation of privileges, reducing security risks from over-privileged users, as part of Intune’s advanced security features.

Question 5: Scenario-Based

Scenario: Your company is integrating Intune with Microsoft Defender for Endpoint. You need to onboard devices and configure policies to detect and respond to threats. Outline the key configurations and how they protect devices.

Answer:

1. In the Microsoft Defender portal, enable integration with Intune under Settings > Endpoints > Advanced features.
2. Onboard devices by deploying the Defender for Endpoint sensor via Intune (as a Win32 app or configuration profile).
3. Create antivirus, firewall, and attack surface reduction policies in Intune, targeting device groups.
4. Use security baselines to apply recommended settings. Protection: This enables automated threat detection, vulnerability management, and response actions like isolation, enhancing endpoint security in real-time.

Explanation: Integration ensures unified management, allowing Intune to enforce compliance based on Defender signals, crucial for modern threat landscapes involving ransomware and zero-days.

MS-102: Microsoft 365 Administrator

Questions here align with the skills measured effective November 10, 2025, covering tenant management, identity, security with Defender XDR, and compliance via Purview.

Question 1: Multiple Choice

When managing users in a Microsoft 365 tenant, which method allows you to assign licenses to a group of users dynamically based on attributes like department?

A. Direct assignment in the Microsoft 365 admin center
B. Group-based licensing in Microsoft Entra ID
C. Bulk user management via PowerShell
D. Administrative units delegation

Answer: B. Group-based licensing in Microsoft Entra ID

Explanation: Group-based licensing automates license assignment to security or Microsoft 365 groups, simplifying management for large organizations and ensuring compliance with user attributes.

Question 2: Scenario-Based

Scenario: Your organization is experiencing authentication issues after implementing multifactor authentication (MFA). Users report frequent lockouts. Describe how to investigate and resolve this using Microsoft Entra tools.

Answer:

1. In the Microsoft Entra admin center, review sign-in logs under Monitoring > Sign-ins to identify failure reasons (e.g., incorrect MFA methods).
2. Check Microsoft Entra ID Protection for risk events and configure policies to block high-risk sign-ins.
3. Implement self-service password reset (SSPR) and Password Protection to prevent weak passwords. Resolution: Adjust Conditional Access policies to exclude trusted locations or refine MFA requirements, then monitor with reports.

Explanation: This uses Entra’s monitoring and protection features to troubleshoot, reflecting real-world hybrid identity challenges where balancing security and usability is key.

Question 3: Troubleshooting

Alerts in Microsoft Defender for Office 365 indicate phishing attempts via email. However, some legitimate emails are being quarantined. What steps should you take to investigate and remediate?

Answer:

1. In the Microsoft Defender portal, review incidents under Incidents & alerts > Incidents to analyze affected emails.
2. Check threat policies in Defender for Office 365 (e.g., anti-phishing rules) and adjust safe sender lists or thresholds.
3. Use the Explorer tool to investigate email traces and release false positives from quarantine. Remediation: Run attack simulations to test and refine policies, ensuring minimal disruption.

Explanation: Defender XDR’s unified portal allows granular investigation; false positives often stem from overly strict policies, a common issue in enterprise email protection.

Question 4: Multiple Choice

To prevent data exfiltration in SharePoint and OneDrive, which Microsoft Purview feature would you configure to block sharing of sensitive information like credit card numbers?

A. Retention labels
B. Sensitivity labels
C. Data loss prevention (DLP) policies
D. Communication compliance

Answer: C. Data loss prevention (DLP) policies

Explanation: DLP policies detect and block actions on sensitive data types (e.g., via keywords or regex), applying to endpoints, Exchange, SharePoint, OneDrive, and Teams for comprehensive protection.

Question 5: Scenario-Based

Scenario: You need to set up identity synchronization for a new Microsoft 365 tenant with on-premises Active Directory. Outline the preparation and implementation steps, including tools for troubleshooting.

Answer:

1. Prepare: Run IdFix to identify and fix directory issues; ensure domain verification.
2. Implement: Install Microsoft Entra Connect Sync or Cloud Sync, configure synchronization scopes.
3. Monitor/Troubleshoot: Use Microsoft Entra Connect Health for sync errors; resolve with logs or PowerShell cmdlets like Get-MsolDirSyncProvisioningError.

Explanation: This follows best practices for hybrid identity, ensuring seamless user access while addressing common sync issues like attribute conflicts.

MS-700: Managing Microsoft Teams

Based on skills effective January 23, 2026, questions cover Teams environment configuration, management of teams/channels/apps, meetings/calling, and monitoring/troubleshooting.

Question 1: Multiple Choice

To allow external users from specific domains to collaborate in Teams while restricting others, which setting should you configure?

A. Guest access in the Microsoft Teams admin center
B. External access by domain in the Microsoft Teams admin center
C. Conditional Access policies in Microsoft Entra ID
D. Information barrier policies

Answer: B. External access by domain in the Microsoft Teams admin center

Explanation: External access controls federation with other tenants by domain allow/block lists, enabling targeted collaboration without full guest access.

Question 2: Scenario-Based

Scenario: Your organization is planning a large virtual event with interactive Q&A. Recommend the appropriate meeting type and key configurations for security and engagement.

Answer: Recommend Teams Town hall for large audiences with moderated Q&A. Configurations:

1. In the Teams admin center, create event policies to enable Town halls.
2. Set up organizers with production roles; configure attendee visibility and recording options.
3. Apply sensitivity labels for compliance and Conditional Access for secure access.

Explanation: Town halls support scalable events with features like raised hands and reactions, ideal for corporate communications, integrating with Microsoft 365 security.

Question 3: Troubleshooting

Users report poor audio quality during Teams meetings. Logs show high packet loss. What are potential causes and resolution steps?

Answer: Causes: Insufficient bandwidth, network congestion, or firewall blocking ports (e.g., UDP 3478-3481).
Resolution:

1. Use the Microsoft Teams Network Assessment Tool to test connectivity.
2. Analyze Call Quality Dashboard (CQD) in the Teams admin center for metrics.
3. Optimize network with QoS policies or recommend wired connections/VPN bypass for Teams traffic.

Explanation: Teams relies on real-time media; tools like CQD provide insights for troubleshooting, common in remote work scenarios.

Question 4: Multiple Choice

Which feature allows you to automate the deletion of inactive Microsoft 365 groups associated with Teams?

A. Naming policy
B. Expiration policy
C. Access reviews
D. Retention policy

Answer: B. Expiration policy

Explanation: Expiration policies set a lifespan for groups, prompting renewal or automatic deletion, helping manage governance and reduce sprawl.

Question 5: Scenario-Based

Scenario: You need to manage apps in Teams to ensure only approved apps are used. Describe how to control app permissions and deployment.

Answer:

1. In the Teams admin center, under Teams apps > Manage apps, block unapproved apps and set permission policies.
2. Create app setup policies to pin approved apps to the app bar.
3. Use app assignment policies to target specific users/groups; monitor usage via reports.

Explanation: This enforces security by preventing risky apps, aligning with governance needs in Teams extensibility.