The MD-102: Endpoint Administrator certification exam is tailored for professionals who specialize in managing devices and client applications within a Microsoft 365 environment, primarily using Microsoft Intune. This role is essential in ensuring smooth, secure, and scalable deployment and administration of endpoints across various platforms.

Key Responsibilities

As a certified Endpoint Administrator, your core duties include:

• Deploying and managing endpoints across diverse operating systems and device types efficiently.
• Utilizing tools like Microsoft Intune, Intune Suite, Windows Autopilot, Microsoft Defender for Endpoint, Microsoft Copilot for Security, Microsoft Entra ID, Azure Virtual Desktop, and Windows 365 to manage endpoints at scale.
• Implementing and maintaining policies related to identity, security, access controls, software updates, and application deployment.

Collaboration and Strategic Planning

Endpoint administrators work in close coordination with:

• Solution architects
• Microsoft 365 administrators
• Security and workload administrators

Together, they develop and execute a modern workplace strategy that supports organizational objectives, improves user productivity, and enhances security across all endpoints.

Required Skills and Experience

To succeed in this role, candidates should possess:

• Practical experience with Microsoft Entra ID and Microsoft 365 technologies, especially Intune.
• Proven expertise in deploying, configuring, and managing Windows and non-Windows client devices.
• A strong understanding of modern endpoint security, identity management, and compliance requirements.

Exam Details

The MD-102: Endpoint Administrator exam is designed for individuals at an intermediate level who are pursuing a role in system or endpoint administration. Candidates are given 100 minutes to complete the assessment, which is proctored and closed book, ensuring a secure and controlled testing environment. The exam may also include interactive tasks that assess hands-on skills and practical application of concepts. To accommodate a global audience, the exam is available in multiple languages, including English, Simplified Chinese, German, Spanish, French, Japanese, and Brazilian Portuguese.

Course Outline

The exam covers the following topics:

Prepare infrastructure for devices (25–30%)

Add devices to Microsoft Entra ID

• Choose an appropriate device join type
• Join devices to Microsoft Entra ID
• Register devices to Microsoft Entra ID
• Plan and implement groups for devices in Microsoft Entra ID

Enroll devices to Microsoft Intune

• Configure enrollment settings
• Configure automatic enrollment for Windows and bulk enrollment for iOS and Android
• Configure enrollment profiles for Android devices, including fully managed, dedicated, corporate owned, and work profile

Implement identity and compliance

• Manage roles in Intune
• Implement compliance policies for all supported device platforms by using Intune
• Implement Conditional Access policies that require a compliance status
• Configure Windows Hello for Business
• Implement and manage Local Administrative Passwords Solution (LAPS) for Microsoft Entra ID
• Manage the membership of local groups on Windows devices by using Intune

Manage and maintain devices (30–35%)

Deploy and upgrade Windows clients by using cloud-based tools

• Choose between Windows Autopilot and provisioning packages
• Choose a Windows Autopilot deployment mode
• Apply a device name template
• Implement Windows client deployment by using Windows Autopilot
• Create an Enrollment Status Page (ESP)
• Plan and implement provisioning packages
• Plan and implement device upgrades for Windows 11
• Implement a Windows 365 cloud PC deployment

Plan and implement device configuration profiles

• Create device configuration profiles for Windows devices, including importing ADMX files
• Create device configuration profiles for Android devices
• Create device configuration profiles for iOS devices
• Create device configuration profiles for Mac OS devices
• Create device configuration profiles for Enterprise multi-session devices
• Target a profile by using filters

Implement Intune Suite add-on capabilities

• Configure Endpoint Privilege Management
• Manage applications by using the Enterprise App Catalog
• Implement Microsoft Intune Advanced Analytics
• Configure Microsoft Intune Remote Help
• Identify use cases for Cloud PKI
• Implement Microsoft Tunnel for MAM

Perform remote actions on devices

• Sync, restart, retire, or wipe devices
• Perform bulk remote actions
• Update Windows Defender security intelligence
• Rotate BitLocker recovery keys
• Run a device query by using KQL

Manage applications (15–20%)

Deploy and update apps

• Prepare applications for deployment by using Intune
• Deploy apps by using Intune (Microsoft Documentation: Get started with your Microsoft Intune deployment)
• Deploy Microsoft 365 Apps by using Intune (Microsoft Documentation: Add Microsoft 365 Apps to Windows 10/11 devices with Microsoft Intune)
• Configure policies for Office apps (Microsoft Documentation: Policies for Office apps, App configuration policies for Microsoft Intune)
• Deploy Microsoft 365 Apps as part of a Windows Autopilot deployment by using the Microsoft Office Deployment Tool (ODT) or Office Customization Tool (OCT) (Microsoft Documentation: Overview of the Office Customization Tool, Overview of the Office Deployment Tool)
• Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center (Microsoft Documentation: Overview of the Microsoft 365 Apps admin center)
• Deploy apps from platform-specific app stores by using Intune (Microsoft Documentation: Add apps to Microsoft Intune, Windows 10/11 app deployment by using Microsoft Intune)

Plan and implement app protection and app configuration policies

• Plan and implement app protection policies (Microsoft Documentation: App protection policies overview)
• Manage app protection policies (Microsoft Documentation: App protection policies overview)
• Implement Conditional Access policies for app protection policies (Microsoft Documentation: Use app-based Conditional Access policies with Intune)
• Plan and implement app configuration policies for managed apps and managed devices (Microsoft Documentation: Add app configuration policies for managed iOS/iPadOS devices)

Protect devices (15–20%)

Configure endpoint security

• Create antivirus policies
• Create disk encryption policies
• Create firewall policies
• Configure Attack surface reduction policies
• Plan and implement security baselines
• Integrate Intune with Microsoft Defender for Endpoint
• Onboard devices to Microsoft Defender for Endpoint (Microsoft Documentation: Migrate to Microsoft Defender for Endpoint – Phase 3: Onboard)

Manage device updates by using Intune

• Plan for device updates (Microsoft Documentation: Plan for software updates in Configuration Manager)
• Create and manage update rings by using Intune (Microsoft Documentation: Update rings for Windows 10 and later policy in Intune)
• Create and manage update policies by using Intune, including iOS and Mac OS (Microsoft Documentation: Create a compliance policy in Microsoft Intune)
• Manage Android updates by using configuration profiles or firmware-over-the-air (FOTA) deployments (Microsoft Documentation: What’s new in Microsoft Intune)
• Configure Windows client delivery optimization by using Intune (Microsoft Documentation: Delivery Optimization settings in Microsoft Intune, Delivery Optimization settings for Windows devices in Intune)
• Monitor updates (Microsoft Documentation: Monitor software updates in Configuration Manager)

Microsoft MD-102 Exam FAQs

Click here for FAQs!

Exam Policies

Microsoft has established a set of certification exam policies to maintain a consistent, fair, and secure testing experience for all candidates. These guidelines apply whether the exam is taken online or at an authorized testing center and are designed to uphold the integrity and standardization of the certification process.

Retake Policy

Candidates who do not pass the exam on their initial attempt must wait at least 24 hours before reattempting. This allows adequate time to access the Microsoft Certification Dashboard and schedule the next sitting. If a second attempt is also unsuccessful, the waiting period increases to 14 days, which also applies to subsequent attempts between the third and fifth. Microsoft limits candidates to five exam attempts within a 12-month period, beginning from the date of their first attempt.

Rescheduling and Cancellation Policy

Microsoft offers flexibility for exam appointments, allowing candidates to reschedule or cancel up to six business days before the scheduled date without penalty. If changes are made within five business days, a fee will be charged. Failing to cancel or reschedule at least 24 hours in advance, or missing the exam entirely, will result in the loss of the full exam fee. In special cases—such as emergencies or accessibility requirements—Microsoft may waive these fees at their discretion.

Microsoft MD-102 Exam Study Guide

1. Understand the Exam Objectives

To effectively prepare for the MD-102: Endpoint Administrator exam, it’s essential to have a clear understanding of the exam objectives. These objectives outline the core areas of knowledge and skills that candidates are expected to demonstrate during the assessment. Key focus areas include deploying Windows client systems, managing identity and access, configuring and protecting devices, and managing applications. Familiarity with tools such as Microsoft Intune, Windows Autopilot, and Microsoft Entra ID is also crucial. Reviewing these objectives not only helps in identifying knowledge gaps but also ensures that study efforts are aligned with the topics that will be tested in the exam.

2. Use the Microsoft Official Learning Path

Utilizing the Microsoft Official Learning Path is a highly effective way to prepare for the MD-102: Endpoint Administrator exam. Microsoft designs this structured resource to align directly with the skills and knowledge areas assessed in the certification. It offers a series of interactive modules, hands-on labs, and real-world scenarios that guide learners through essential topics such as device deployment, endpoint security, identity management, and app configuration. By following this official path, candidates can build a strong foundation, stay up to date with Microsoft’s best practices, and gain confidence in their ability to succeed on the exam. The modules are:

• Explore endpoint management
• Executing device enrollment
• Configure profiles for user and devices
• Examining application management
• Managing authentication and compliance
• Managing endpoint security
• Deploying using on-premises based tools

3. Use Microsoft Docs

Microsoft Docs is an essential resource for anyone preparing for the MD-102: Endpoint Administrator exam. It provides in-depth, up-to-date technical documentation on all the tools and services covered in the exam, including Microsoft Intune, Windows Autopilot, Microsoft Entra ID, and more. By studying directly from Microsoft Docs, you gain accurate insights into how these technologies work in real-world scenarios. The documentation includes step-by-step guides, configuration examples, and troubleshooting tips that can help reinforce your understanding and support hands-on practice. Integrating this resource into your study plan ensures you’re learning from the most reliable and official source.

4. Join Study Groups

Participating in study groups can significantly enhance your preparation for the MD-102 exam. These groups provide a collaborative environment where you can share knowledge, ask questions, and gain insights from others who are also preparing for the same certification. Engaging in discussions and solving problems together helps reinforce learning, clarify complex topics, and keep you motivated throughout your study journey.

5. Take MD-102 Exam Practice Tests

Practice exams are a valuable tool for assessing your readiness before the actual test. They help familiarize you with the exam format, question types, and time constraints. By taking multiple practice tests, you can identify areas where you need improvement and adjust your study plan accordingly. This approach not only builds confidence but also improves your chances of performing well on the certification exam.