Review the Microsoft Endpoint Administrator (MD-102) scope, Microsoft Intune, enrollment, compliance, Autopilot, app deployment, endpoint security, updates, and troubleshooting traps before practicing.
MD-102 is an endpoint-management exam. Use this cheat sheet to separate enrollment, configuration, compliance, application delivery, security baselines, updates, and troubleshooting before practicing.
Use this with practice. Review the endpoint-management checkpoints, then return to the MD-102 exam page for sample questions and update tracking.
| Field | Detail |
|---|---|
| Issuer | Microsoft |
| Certification lane | Microsoft Endpoint Administrator |
| Exam code | MD-102 |
| Main scope | Endpoint deployment, Intune management, compliance, application deployment, security, updates, and troubleshooting |
| IT Mastery status | Sample questions available |
| Area | What to know | Common trap |
|---|---|---|
| Enrollment and identity | Microsoft Entra join, hybrid join, Intune enrollment, device ownership, and enrollment restrictions | Troubleshooting policy before confirming enrollment state |
| Windows Autopilot | Deployment profiles, device registration, user-driven setup, reset, and provisioning | Treating Autopilot as traditional imaging |
| Configuration profiles | Settings catalog, templates, baselines, filters, assignment, and conflicts | Assigning a policy to the wrong user or device group |
| Compliance and access | Compliance policies, device health, Conditional Access, remediation, and reporting | Assuming a compliant policy applies before the device checks in |
| Application management | Required, available, uninstall, detection rules, supersedence, and app protection | Ignoring detection logic when an app appears not installed |
| Endpoint security and updates | Defender, firewall, attack-surface reduction, security baselines, update rings, and monitoring | Patching everything at once with no staged rollout |
| Distinction | How to decide |
|---|---|
| Enrollment profile vs configuration profile | Enrollment controls onboarding; configuration controls settings after management begins. |
| Compliance policy vs configuration profile | Compliance reports whether a device meets rules; configuration enforces settings. |
| Required app vs available app | Required apps install automatically; available apps are user-selectable. |
| User assignment vs device assignment | User targeting follows the person; device targeting follows the managed endpoint. |
| Autopilot vs imaging | Autopilot provisions cloud-managed devices without a traditional image refresh in many scenarios. |
| Device management vs app protection | Device management controls the whole device; app protection can protect data in managed apps. |
For MD-102 misses, state the device lifecycle stage: enroll, configure, secure, deploy app, update, monitor, or retire. Then check whether the scenario is asking for a policy, profile, assignment, report, or troubleshooting step.