Buy Unlimited Training licenses in June and get an extra 3 months for free! ☀️

What's on the Microsoft MD-102 Exam? Skills Explained

  • What skills are measured in MD-102?
  • Published by: André Hammer on Feb 06, 2024
Blog Alt EN

Do you want to learn more about managing Microsoft 365 and Windows 10? Consider taking the Microsoft MD-102 exam. This exam tests your skills in deploying operating systems, managing policies and profiles, and maintaining device security. Passing this exam can demonstrate your expertise to employers. Let's explore the skills and knowledge required to pass the exam.

Audience profile

The MD-102 exam is for IT professionals in Microsoft Endpoint Administration. They need to understand identity, device, and application management, as well as threat protection. They also need skills to implement Windows as a Service, co-management of Windows deployment, and Microsoft 365 security and compliance. Their responsibilities include configuring, deploying, and managing Windows, monitoring devices, and ensuring compliance.

This involves keeping devices secure, up-to-date, and troubleshooting issues.

Microsoft Endpoint Administrator role

The Microsoft Endpoint Administrator role focuses on various skills:

  • Identity management
  • Device updates
  • Monitoring devices
  • Compliance policies

This role involves implementing and managing Microsoft 365 security, threat management, and security reports. It also requires deploying Windows client, managing updates, apps, and devices, and configuring profiles for remote management.

The administrator needs to monitor Windows updates and device health, implement and manage remote access, and manage authentication and access via Azure AD. They must also be proficient in implementing device compliance and conditional access policies.

Furthermore, proficiency in monitoring and managing security and performance is essential. This includes tracking hardware and software inventory and managing and deploying applications.

Establishing and enforcing compliance policies is a significant aspect of this role, ensuring comprehensive and efficient device management.

What skills are measured in MD-102?

Manage identity

Managing user and device identity in the Microsoft Endpoint Administrator role involves following best practices. These include strong password policies, using multi-factor authentication, and enrolling devices. Compliance policies can be maintained by setting conditional access policies and enrolling devices in a mobile device management solution.

To effectively manage identity within the MD-102 certification, skills in Azure Active Directory, Windows Hello for Business, and Windows Autopilot are necessary, alongside knowledge of group policies, Active Directory Federation Services, and Windows Defender Credential Guard.

Device updates

  • It's important to regularly check and install updates for devices.
  • This ensures they perform well and stay secure.
  • Updating allows users to benefit from new features, bug fixes, and security enhancements.
  • For Windows Client devices, best practices include using a central management tool, scheduling updates during less busy times, and testing updates before rolling them out.
  • Reporting and compliance tools can help monitor updates and ensure devices meet company policies and security standards.
  • Being proactive with updates reduces security risks and keeps devices running smoothly.

Monitor devices

To measure the skills needed in MD-102, we focus on the best practices for monitoring devices in a Microsoft Endpoint Administrator role. This means understanding how to effectively enforce and monitor compliance policies on devices within an organization. It also requires knowledge of the tools and techniques available for monitoring and managing device updates in a Windows Client deployment.

For instance, making sure that the devices are up to date with the latest security and feature updates is a crucial part of this role. This can be achieved by using tools such as Windows Update for Business and Configuration Manager. These tools allow administrators to deploy and manage updates across their organization.

By understanding these best practices and having the ability to enforce compliance policies, a Microsoft Endpoint Administrator can effectively monitor and manage devices within their organization.

Compliance policies

Compliance policies are put in place and enforced through training, communication, and monitoring. This includes clear guidelines, regular training, and checks to ensure employees follow the policies.

To make sure employees know and follow these policies, there are mandatory training sessions, written guidelines, and regular communication from management. Also, assessments and audits are done to monitor and evaluate how well these measures work.

There are protocols to review and update compliance policies to match changes in regulations or industry standards. This means thoroughly assessing existing policies, finding areas for improvement, and making adjustments to meet the latest regulations and industry best practices. By always evaluating and updating compliance policies, organisations can lower risks and ensure ongoing adherence to legal requirements.

Detailed Skills Measured

Deploy Windows Client

When measuring skills in MD-102, deploying Windows Client includes:

  • Configuring Windows Update settings
  • Creating and managing provisioning packages
  • Configuring Windows Autopilot

Understanding Windows Autopilot is important for deploying Windows Client, enabling zero-touch, self-deploying scenarios, and cloud recovery. Updates can also be deployed using Windows Update for Business to obtain security and feature updates. Microsoft Endpoint Configuration Manager can be used for more extensive update management. These methods help users choose the best approach for their specific needs.

Windows Autopilot

The Microsoft Endpoint Administrator has an important role in Windows Autopilot.

In the MD-102 exam, specific skills related to Windows Autopilot are measured.

These include the ability to manage and deploy Windows clients, incorporate devices into device management solutions, and configure policies for devices.

Windows Autopilot makes it easier to deploy and manage Windows clients.

It streamlines the initial setup and deployment process, reducing the need for IT intervention and providing a user-friendly out-of-the-box experience.

It also simplifies the process of pre-configuring a Windows 10 environment, making it easier for end-users to get up and running quickly and efficiently.

Microsoft Deployment Toolkit

The MD-102 exam tests a wide range of skills related to Microsoft Deployment Toolkit. It includes planning and implementing a device strategy, managing apps and data, deploying Windows operating system, and maintaining and updating Windows clients.

As a Microsoft Endpoint Administrator, one is responsible for assessing business needs, managing and developing software for the endpoint, installing applications, and troubleshooting device configurations.

The detailed skills measured in deploying Windows Client using Microsoft Deployment Toolkit include evaluating Windows 10 deployment methods, performing Windows imaging and provisioning, and managing updates and device drivers.

Manage updates

The administrator can use Intune policies to control the deployment rings, deferral periods, maintenance windows, and feature updates for Windows Update for Business. They can also use Intune to streamline the deployment of updates, making sure they're tested and approved before applying to devices.

By following best practices like maintaining an update schedule, monitoring device health, and evaluating the impact of updates on device performance, the administrator can keep devices secure and operational. This includes setting up separate testing environments, automating update deployments, and using Intune reporting and analytics to assess update compliance and device health.

By adopting these best practices, the administrator can effectively manage updates to enhance both the security and performance of devices in the environment.

Configure Windows Update for Business

Windows Update for Business can be set up to make sure updates are deployed on time and efficiently. This can be done using Group Policy or Intune. With these tools, administrators can schedule updates, set maintenance windows, and prioritize specific devices or user groups for deployment.

Best practices for deploying updates using Intune in the context of Windows Update for Business include creating deployment rings to control the rollout of updates, specifying maintenance windows to prevent interruptions during critical activities, and testing updates in a pilot group before full deployment.

Compliance policies can be integrated with Windows Update for Business to ensure that devices are kept secure and up to date. This can be done using Configuration Manager or Microsoft Endpoint Manager. This allows administrators to enforce compliance rules for specific devices or user groups, ensuring that devices remain in line with the organization's security and update policies while minimizing disruptions to productivity.

Deploy updates using Intune

Updates can be deployed using Intune through a simple and efficient process. This involves creating and assigning an update ring policy. The policy manages the deployment of Windows Update for Business on Windows 10 devices managed by Intune.

By configuring Windows Update for Business in the Intune endpoint protection profile, IT administrators can gain control over how and when updates are applied to managed devices.

The Microsoft Deployment Toolkit plays a significant role in this process. It provides a unified end-to-end solution for deploying updates. It automates the deployment of Windows operating systems, as well as the installation of updates and applications.

The combination of these tools ensures that the updates are deployed seamlessly and without any disruptions. This safeguards the integrity and security of the managed devices.

Manage apps

Managing app protection as a Microsoft Endpoint Administrator role involves important considerations. This includes keeping app data secure with encryption and app-specific pinning. Compliance policies can be used to apply app configuration in device management, using conditional access to control app and data access based on specific conditions and policies.

Best practices for deploying updates using Intune for app management include creating and assigning app protection policies to protect data. Monitoring app protection status and compliance through Intune App Protection Status is also important. Regularly updating app protection policies to align with the latest threat landscape is crucial for effective app management.

Endpoint protection

Endpoint protection includes important components and features like antivirus, firewall, intrusion prevention, detection, and encryption.

These work together to protect endpoints from cyber threats. It also helps manage updates and monitor device compliance using software that automates patch management.

To effectively deploy and manage endpoint protection in an organisation, skills are needed to configure security settings, set up alerts for potential breaches, and conduct regular security assessments.

Tools like endpoint security management platforms and security information and event management (SIEM) systems are crucial for comprehensive security coverage and incident response.

App protection

One way to protect applications from security threats and vulnerabilities is to use strong encryption. This helps to keep sensitive data safe and stop unauthorized access.

App protection policies can also be enforced by using secure authentication methods, like multi-factor authentication. This makes sure that data within applications is secure and intact.

In addition, strategies like containerization and app sandboxing can be used to prevent unauthorized access and data leakage from applications on managed devices. By keeping applications and their data separate from other parts of the device, these strategies add extra security.

For instance, containerization can stop data from flowing between different apps, preventing unauthorized access.

These measures help to reduce potential security risks and vulnerabilities, making sure that sensitive information within applications is protected.

App configuration

When setting up apps for best performance and user experience, it's important to think about specific features and settings that will improve the app without making the user's experience worse.

This might involve customizing the app's look, turning on notifications, and making sure the app works well on different screen sizes. To handle and update app settings on different devices and systems, it's important to use mobile device management (MDM) tools. These tools let you manage app settings in one place, which keeps everything the same and secure on all devices.

For security, it's important to use MDM to set up user authentication and access controls, encrypt important data, and follow data protection rules. By thinking about these things, organizations can make sure their apps work well for users, while also keeping everything safe and following the rules.

Manage devices

To effectively manage identity within a device management system, one should consider implementing three security measures:

  1. Multi-factor authentication.
  2. Role-based access control.
  3. Conditional access policies

These measures help protect sensitive data from unauthorized access.

Strategies such as Mobile Device Management and endpoint protection solutions can ensure that devices are regularly updated and secure, contributing to a more secure environment.

Enforcing and monitoring compliance policies can be achieved through:

  • Implementation of configuration baselines
  • Access control policies
  • Compliance reporting tools

These measures play a role in ensuring that the organization's devices adhere to security and compliance standards. These skills are vital for IT professionals in managing and maintaining the security and compliance of device management systems, and are essential for the MD-102 assessment.

Configure remote management

To set up remote management for devices, there are different tools and methods available.

For example, IT admins can use Windows Update for Business to manage and distribute updates remotely. Another approach is to configure compliance policies in Microsoft Intune to uphold company standards for security and compliance.

Additionally, IT admins can use the Microsoft Endpoint Manager console to monitor and manage devices remotely, ensuring they stay compliant and secure.

These steps are important for MD-102 as they assess an IT professional's ability to configure and manage remote devices effectively for compliance and security. Understanding these tools and methods can help IT professionals maintain device security and compliance within an organization.

Device configuration profiles

A Microsoft Endpoint Administrator is responsible for managing device configuration profiles. These profiles help manage identity, device updates, monitor devices, and enforce compliance policies.

To effectively handle this task in a Windows client environment, specific skills and tools are needed. This includes understanding group policies, Microsoft Intune, and Microsoft Endpoint Configuration Manager. Knowledge of managing security and identity using solutions such as Azure AD and Active Directory is also important.

Familiarity with Network Connectivity, Cloud Services, and Data Storage solutions is essential for effective profile management. Expertise in monitoring, managing, and troubleshooting Windows devices and its related infrastructure is also crucial.

Proficiency in these areas is necessary for successfully implementing device configuration profiles in a Windows client environment.


The Microsoft MD-102 exam covers different skills related to modern Windows operating systems. This includes configuring connectivity, maintaining Windows, managing identity, and managing devices. Candidates need to demonstrate their abilities in implementing Windows 10, monitoring and securing Windows 10, and deploying and updating Windows.

The exam also evaluates knowledge of troubleshooting Windows and application installations, configuring and managing updates, and implementing Windows Defender.

Readynez offers a 5-day Microsoft 365 Certified Endpoint Administrator Course and Certification Program, providing you with all the learning and support you need to successfully prepare for the exam and certification. The Microsoft 365 Endpoint Administrator course, and all our other Microsoft courses, are also included in our unique Unlimited Microsoft Training offer, where you can attend the Microsoft 365 Endpoint Administrator and 60+ other Microsoft courses for just €199 per month, the most flexible and affordable way to get your Microsoft Certifications.

Please reach out to us with any questions or if you would like a chat about your opportunity with the Microsoft 365 Endpoint Administrator certification and how you best achieve it. 


What are the skills measured on the Microsoft MD-102 Exam?

The skills measured on the Microsoft MD-102 Exam include deploying and managing modern desktops and devices, configuring connectivity, and maintaining Windows. This includes skills such as deploying Windows 10, managing policies and profiles, and troubleshooting device issues.

What topics are covered in the Microsoft MD-102 Exam?

The Microsoft MD-102 Exam covers topics such as managing modern desktops, deploying and updating operating systems, managing policies and profiles, and managing identity.

Can you explain the skills tested in the Microsoft MD-102 Exam?

The skills tested in the Microsoft MD-102 Exam include deploying Windows, managing devices and data, configuring connectivity, and maintaining Windows. For example, you may be asked to demonstrate proficiency in setting up and managing Windows 10 devices in an enterprise environment.

What are the key areas of knowledge needed for the Microsoft MD-102 Exam?

The key areas of knowledge needed for the Microsoft MD-102 Exam include deploying, managing, and maintaining Windows, as well as planning and implementing a Windows 10 deployment strategy. This includes topics like configuring and supporting core Windows 10 services, and managing updates and device authentication.

What are the main objectives of the Microsoft MD-102 Exam?

The main objectives of the Microsoft MD-102 Exam are to test knowledge and skills in deploying, managing, and maintaining Windows. It also aims to assess the ability to configure connectivity, users, and devices. For example, troubleshooting user issues and implementing endpoint security measures.

A group of people discussing the latest Microsoft Azure news

Unlimited Microsoft Training

Get Unlimited access to ALL the LIVE Instructor-led Microsoft courses you want - all for the price of less than one course. 

  • 60+ LIVE Instructor-led courses
  • Money-back Guarantee
  • Access to 50+ seasoned instructors
  • Trained 50,000+ IT Pro's



Price: {{item.ItemPriceExVatFormatted}} {{item.Currency}}