Cloud-managed microsoft-md-102-vs-ms-102-a-comparison" data-autoinject="link_injection">endpoint administration is the current operating model for Windows client teams, using Microsoft Intune, Microsoft Entra ID, Windows Autopilot, Windows Update for Business, and integrated security controls instead of on-premises imaging and local policy as the centre of desktop administration.
Last updated: 2026. MD-101: Managing Modern Desktops and MD-100: Windows Client are retired, and the former Microsoft 365 Certified: Modern Desktop Administrator Associate certification is no longer the active path. The current Microsoft endpoint administration route is MD-102: Windows Client; passing MD-102 earns Microsoft 365 Certified: Endpoint Administrator Associate. Anyone preparing from older MD-101 materials should treat them as background knowledge, then redirect their study plan toward the active MD-102 exam objectives published on Microsoft Learn.
Older MD-101 guidance often focused on how to pass the exam, how MD-100 and MD-101 worked together, and how the Modern Desktop Administrator Associate credential fit into Microsoft’s certification portfolio. That advice made sense when both exams were live. It is now more important to avoid spending time on a retired exam than to perfect a legacy study routine.
The practical skills behind MD-101 still matter. Endpoint administrators still deploy Windows devices, apply policies, manage applications, enforce compliance, and protect organisational data. What has changed is the certification structure and the emphasis of the exam. MD-102 brings those skills into a more cloud-first endpoint management model, with Intune, Autopilot, Windows Update for Business, Microsoft Entra ID, and security integrations playing a central role.
This distinction matters for working administrators. A technician who can troubleshoot Group Policy, local profiles, and Windows imaging already has useful foundations, but MD-102 expects fluency in modern management patterns: device enrolment, configuration profiles, compliance policy, Conditional Access dependencies, update rings, feature update policies, endpoint security baselines, and reporting. The exam is less about memorising product names and more about knowing which management control should be used in a given operational scenario.
MD-101 tested enterprise management of Windows desktops. Candidates were expected to understand deployment, device and app management, security, monitoring, and modern desktop services such as Autopilot and Microsoft Endpoint Manager, the product name then used for what is now commonly discussed as Microsoft Intune and related endpoint management capabilities.
MD-102 keeps much of the operational intent but changes the centre of the work. The active exam is built around managing Windows client devices across their lifecycle, especially through Intune. That means legacy MD-101 preparation can still help, but only if it is translated into the current operating model rather than repeated unchanged.
| Legacy MD-101 area | How to reinterpret it for MD-102 | Practical study focus |
|---|---|---|
| Deploy and upgrade Windows devices | Plan modern provisioning and enrolment using Intune and Windows Autopilot where appropriate. | Build enrolment profiles, understand Autopilot requirements, and compare user-driven deployment with other provisioning approaches. |
| Manage policies and profiles | Move from Group Policy-first thinking to cloud configuration through Intune profiles, settings catalog, security baselines, and endpoint security policies. | Create test policies, review conflicts, and learn how Intune reports policy success, error, and pending states. |
| Manage applications | Package, assign, update, and monitor applications through Intune, including Microsoft Store apps and Win32 app deployment patterns. | Test assignment groups, detection rules, installation context, and rollback options. |
| Protect devices and data | Use compliance policy, Conditional Access integration, BitLocker policy, local administrator controls, and Microsoft Defender for Endpoint onboarding where licensing and configuration allow. | Trace how a non-compliant device affects access, remediation, and reporting. |
| Monitor devices | Use Intune reports, Windows update reports, device actions, and security signals to understand fleet health. | Practise diagnosing why a device has not received a policy, update, or app assignment. |
The most valuable study move is to convert every old MD-101 topic into a task that can be performed and verified in Intune. Reading about compliance policy is useful; creating a compliance policy, watching a device fail it, fixing the condition, and confirming access behaviour teaches the skill that appears in real work.
A useful MD-102 lab does not need to resemble a large enterprise. It does need enough structure to expose the relationships between users, devices, groups, policies, apps, updates, and access controls. A Microsoft 365 Developer tenant, where available and appropriate, can provide a safe place to practise without touching production systems. The learner should still confirm current subscription terms and available services directly with Microsoft, because tenant features and eligibility can change.
The basic lab pattern is straightforward. Create a small set of test users, separate device groups for pilot and broad deployment, and one or more Windows 10 or Windows 11 virtual machines. Enrol the devices into Intune, assign policies to groups, then observe how long changes take to apply and how the admin centre reports success or failure. This teaches the delay, dependency, and troubleshooting behaviour that purely theoretical study misses.
Autopilot deserves special care. It is central to modern Windows provisioning, but virtual machines do not always represent the full physical-device experience, especially around hardware hash collection, OEM registration, and deployment at scale. A VM can still help with enrolment concepts and provisioning behaviour, but candidates should understand where Autopilot testing needs real hardware, imported device identities, or a controlled pilot device to reflect production accurately.
A strong practice environment should include several concrete exercises: enrol a Windows device, apply a configuration profile, enforce BitLocker through policy, deploy Microsoft Edge settings, create Windows Update for Business rings, configure a feature update policy, test compliance behaviour, and review device reporting. Where Defender for Endpoint is part of the environment, onboarding and security signal integration should be studied as an operational workflow rather than as a one-click feature.
One educational option is to use a structured MD-102 preparation programme from Readynez alongside the lab, especially when a learner needs a guided route through Intune enrolment, compliance, Autopilot, Windows Update for Business, BitLocker, Defender for Endpoint onboarding, and co-management concepts. The important point is that guided learning should reinforce hands-on administration rather than replace it.
The first mistake is treating Intune as a cloud copy of Group Policy. Some settings overlap in purpose, but the operating model differs. Intune depends heavily on assignment groups, device check-in, policy precedence, platform scope, enrolment state, and reporting. Candidates who search for a one-to-one replacement for every GPO often miss the broader design question: which cloud management control is appropriate for the device type, ownership model, and risk level?
A second mistake is skipping Windows Update for Business. Update rings, feature update policies, quality update behaviour, safeguard holds, deadlines, and reporting are part of day-to-day endpoint operations. In practice, weak update planning creates support noise, compliance gaps, and inconsistent user experience. For exam preparation, update management should be practised as a lifecycle process, not read as a product feature list.
Conditional Access is another area where learners underestimate dependencies. A compliance policy does not operate in isolation; it often matters because access decisions use compliance state. Testing should include what happens when a device is enrolled but non-compliant, when a user is outside the targeted group, and when policy assignments conflict. This prevents a common real-world problem: blocking users unintentionally during enrolment or pilot rollout.
Local administrator management is also easy to ignore because it feels less visible than enrolment or app deployment. Even so, endpoint administrators are increasingly expected to reduce standing local admin rights, understand privilege controls, and know how device security posture is maintained after deployment. MD-102 preparation should therefore include operational questions such as who can advance, how recovery works, and how exceptions are documented.
A learner with older MD-101 notes should not discard them immediately. The better approach is to separate durable concepts from retired exam mechanics. Deployment planning, policy intent, app lifecycle, update control, and device security remain useful. Exam names, retired requirements, older product branding, and MD-100 plus MD-101 credential rules should be removed from the active plan.
During the first month, the main measure of progress is whether the learner can explain why a policy was assigned, where it applies, and how to confirm the result. During the second month, the emphasis should shift from configuration to diagnosis. A useful exercise is to create a deliberate policy conflict or an app deployment failure, then use device status, user status, error messages, and logs to identify the cause.
By the final month, exam preparation should feel closer to operating a small endpoint environment. Candidates should keep a change log for lab tasks, record expected and actual results, and practise reversing changes safely. This habit builds the kind of reasoning needed for scenario questions, where the correct answer often depends on constraints such as device ownership, enrolment method, licensing, security requirements, or user impact.
Microsoft Learn should be the primary source for current exam details. The MD-102 exam page, the Endpoint Administrator Associate certification page, and the retired MD-100 and MD-101 pages provide the official status, skills outline, and certification relationship. Microsoft’s exam policies explain areas such as item types, scoring, rescheduling, and retake rules. Those details should be checked directly before booking because exam policies and skills measured can change.
Product documentation should be used in parallel with the exam outline. Intune documentation explains enrolment, configuration profiles, compliance, app deployment, reporting, and device actions. Windows Autopilot documentation clarifies provisioning concepts and hardware identity requirements. Windows Update for Business documentation explains rings, deadlines, feature updates, and reporting. Microsoft Entra ID documentation is also relevant because identity, groups, and Conditional Access frequently determine whether endpoint policies have the intended effect.
Good preparation avoids copying Microsoft documentation into notes verbatim. A better method is to turn each exam objective into an administrative question: what would need to be configured, what dependency must exist, what could fail, and where would the administrator verify the outcome? This approach creates a study record that is easier to revise and more useful at work.
This guide treats Microsoft’s published exam and certification pages as the authority for retirement status and active certification paths. Because Microsoft exams can be revised, renamed, or retired, any booking decision should be checked against Microsoft Learn at the time of study. Historical exams such as MD-100 and MD-101 are referenced here only to help readers translate older preparation material into the current MD-102 path.
Unverified claims about pay rises, hiring speed, pass guarantees, or promotion outcomes should not drive certification planning. A Microsoft certification can provide a recognised structure for learning and a credible signal of skills, but the career value depends on the role, the employer, and the person’s ability to apply the skills in real endpoint environments. The stronger case for MD-102 preparation is that its topics align with common operational responsibilities for Windows client and Intune administrators.
MD-101 is no longer an exam to pass, but its underlying themes still point toward useful work: deploying Windows devices, managing configuration, securing endpoints, updating clients, and monitoring health. The difference is that the active path now expects those capabilities to be expressed through MD-102 and the Microsoft 365 Certified: Endpoint Administrator Associate credential.
The most effective next step is to verify the current MD-102 objectives, build a small lab, and convert study time into repeatable administrative tasks. Readynez may support that process with structured MD-102 training, but the decisive preparation comes from doing the work: enrolling devices, applying policies, breaking configurations safely, reading the reports, and explaining how to recover.
Get Unlimited access to ALL the LIVE Instructor-led Security courses you want - all for the price of less than one course.
Discover the science and thoughts of leaders in the Skills-First Economy. Fill in your email to subscribe to monthly updates.
Through years of experience working with more than 1000 top companies in the world, we ́ve architected the Readynez method for learning. Choose IT courses and certifications in any technology using the award-winning Readynez method and combine any variation of learning style, technology and place, to take learning ambitions from intent to impact.
You're viewing our global site from United States
Would you like to view the site in
English
with prices in
Dollar?