Microsoft · MD-102
Validates expertise in managing devices and client applications in a Microsoft 365 tenant using Microsoft Intune, implementing endpoint deployment and management solutions across various platforms.
Questions
723
Duration
100 minutes
Passing Score
700/1000
Difficulty
AssociateLast Updated
Jan 2026
Use this MD-102 practice exam to prepare for Microsoft 365 Certified: Endpoint Administrator Associate (MD-102) with realistic questions, detailed explanations, and focused study modes. The practice bank includes 723 questions for Microsoft MD-102, so you can review the exam steadily instead of relying on one long cram session.
As you practice, pay extra attention to recurring topics such as Microsoft Intune, Windows Autopilot, Microsoft Defender for Endpoint, Microsoft Entra ID, and Azure Virtual Desktop. Start with short sessions to identify weak areas, then move into timed quizzes once your accuracy is consistent.
The explanations are especially useful when you want to connect exam wording to the responsibilities and scenarios described in the official certification guidance. Use the free preview first, then unlock the full question bank when you are ready to build a complete study routine.
The Microsoft 365 Certified: Endpoint Administrator Associate (MD-102) validates expertise in deploying, configuring, and managing devices and client applications within a Microsoft 365 tenant. Certified professionals demonstrate proficiency with Microsoft Intune, Microsoft Intune Suite, Windows Autopilot, Microsoft Defender for Endpoint, Microsoft Entra ID, Azure Virtual Desktop, Windows 365, and Microsoft Copilot for Security. The exam was last updated on January 23, 2026, consolidating endpoint management into four core domains covering infrastructure preparation, device management, application management, and device protection.
The certification reflects the modern enterprise reality of managing distributed, heterogeneous fleets of endpoints—Windows, iOS, Android, and macOS—across hybrid and remote work environments. It validates the ability to implement Zero Trust-aligned security postures through compliance policies, Conditional Access, security baselines, and Microsoft Defender for Endpoint integration, all managed at scale through cloud-native tooling. Candidates are expected to understand both cloud-native and co-managed endpoint strategies and to collaborate cross-functionally with Microsoft 365 administrators, security teams, and enterprise architects.
This certification is designed for IT professionals working as Endpoint Administrators, Modern Desktop Administrators, Intune Administrators, or Device Management Specialists in organizations running Microsoft 365. Ideal candidates have hands-on experience deploying and managing Windows client devices at scale, administering Microsoft Intune policies, and implementing endpoint security controls. Professionals targeting roles such as Systems Administrator, Cloud Infrastructure Engineer, or IT Security Administrator who work primarily with Microsoft 365 environments will also benefit.
Candidates typically have 1–3 years of experience managing enterprise endpoints and are familiar with Windows client operating systems, device enrollment workflows, application lifecycle management, and identity platforms such as Microsoft Entra ID. Those working in hybrid environments or organizations undergoing digital transformation to cloud-first endpoint management are the primary target for this associate-level credential.
Microsoft does not enforce formal prerequisites for MD-102, but recommends that candidates have working experience with Microsoft Entra ID and Microsoft 365 technologies—particularly Microsoft Intune—before attempting the exam. A solid foundation in deploying, configuring, and maintaining Windows client environments is strongly advised, along with familiarity with non-Windows platforms (iOS, Android, macOS) managed through Intune. Understanding of networking fundamentals, Active Directory, and Group Policy is helpful given the exam's co-management and hybrid identity scenarios.
Practical, hands-on experience is the most critical prerequisite. Candidates with at least six months of direct experience administering endpoints through Microsoft Intune, configuring Conditional Access policies in Microsoft Entra ID, and deploying devices via Windows Autopilot are well positioned for success. Microsoft recommends completing the official instructor-led course MD-102T00-A: Microsoft 365 Endpoint Administrator or equivalent self-paced learning paths on Microsoft Learn prior to sitting the exam.
MD-102 is a proctored exam with a 100-minute time limit, delivered through Pearson VUE either at an authorized testing center or via online proctoring. The exam may include interactive lab-style components in addition to standard question formats such as multiple choice, multiple select, drag-and-drop, and scenario-based case studies. The exact number of questions is not published by Microsoft and varies per exam session. A scaled score of 700 or greater on a scale of 100–1000 is required to pass.
The exam is available in English, Chinese (Simplified), German, Spanish, French, Japanese, and Portuguese (Brazil). Candidates who take the exam in a non-English language may request an additional 30 minutes if their language version lags behind the English update cycle. The certification earned upon passing expires after 12 months and must be renewed annually at no cost through a free online renewal assessment on Microsoft Learn. The exam costs $165 USD, though pricing varies by country and region.
The MD-102 certification positions holders for roles including Endpoint Administrator, Modern Desktop Administrator, Intune Administrator, Systems Administrator, and Cloud Infrastructure Engineer in Microsoft 365 environments. With over 45,000 active job openings in the US market as of early 2026 and 78% of enterprises running Microsoft 365, demand for credentialed endpoint management professionals is strong and growing. According to salary aggregators, certified Endpoint Administrators in the US earn between $85,000 and $145,000 annually depending on experience, geography, and scope of responsibility, with mid-level professionals averaging approximately $95,000–$110,000.
Compared to the MS-102 Microsoft 365 Administrator credential, MD-102 is more narrowly focused on device and endpoint management, making it the preferred credential for professionals specializing in Intune, Autopilot, and endpoint security rather than broader Microsoft 365 administration. The certification's annual renewal requirement ensures that certified professionals stay current with the rapidly evolving Microsoft endpoint management stack. Organizations implementing Zero Trust security architectures and hybrid work strategies place high value on MD-102-certified staff who can manage and secure distributed device fleets across Windows, iOS, Android, and macOS platforms.
5 sample questions with answers and explanations. Start a practice session to test yourself across all 723 questions.
Preview — answers shown1. Litware Corp. plans to use Azure Virtual Desktop with Windows 11 Enterprise. Which prerequisite must be in the same Azure region as the session hosts for connectivity?
Explanation
The virtual network must be in the same Azure region as the session hosts to enable proper connectivity between virtual machines. An Azure Active Directory user account is needed for connection but not region-specific. An Azure subscription provides access globally. The PowerShell module is a tool for management, not a region-dependent prerequisite.
2. Litware Inc needs to create a profile in Intune to ensure that Android devices can securely connect to the company VPN for remote access. Which profile type should they select for this purpose?
Explanation
VPN profile assigns VPN settings to users and devices, allowing secure connections to the corporate network, which fits the requirement for Android devices. Certificate profile handles trusted, SCEP, and PKCS certificates for authentication but does not configure VPN connections. Custom profile is for settings not built into Intune, not specifically for VPN. Management template contains hundreds of settings for various features but is not tailored to VPN.
3. Fabrikam needs to create provisioning policies for Windows 365 to assign cloud PCs based on user groups and select from custom images. Which edition enables this?
Explanation
Windows 365 Enterprise allows creating custom provisioning policies with custom images and group assignments. Windows 365 Business uses simplified provisioning with standard images. Microsoft Intune is a management tool integrated with Enterprise. Azure Active Directory is identity, not the edition.
4. Blue Yonder Airlines uses Intune to create app protection policies. They want to restrict printing from managed apps. In which policy tab is this setting configured?
Explanation
The Data Protection tab includes settings like restricting printing to prevent data leaks. Access Requirements handles PINs and credentials. Conditional Launch manages launch conditions like jailbreak detection. Assignments is for policy deployment to groups.
5. Alpine Ski House wants to sync user settings across devices. Which feature preserves themes and ease of access?
Explanation
Enterprise State Roaming syncs personalization settings like themes and ease of access across devices. User Experience Virtualization reaches end of life. Mandatory profiles revert changes. Temporary profiles are deleted after sessions.
Microsoft Dynamics 365 Supply Chain Management Functional Consultant Expert (MB-335)
MB-335 · 2039 questions
Microsoft Dynamics 365 Business Central Functional Consultant (MB-800)
MB-800 · 1899 questions
Microsoft Certified: Azure AI Engineer Associate (AI-102)
AI-102 · 1392 questions
Microsoft Certified: Windows Server Hybrid Administrator Associate (AZ-801)
AZ-801 · 1376 questions
Microsoft Dynamics 365 Finance Functional Consultant (MB-310)
MB-310 · 1299 questions
Microsoft 365 Certified: Fundamentals (MS-900)
MS-900 · 1201 questions
$17.99
One-time access to this exam