Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. MD-102

Microsoft MD-102 Exam Questions
Endpoint Administrator (Page 15 )

Updated On: 9-Apr-2026
Page 10 of 53
PDF with 409 Questions

You have a workgroup computer named Client1 that runs Windows 11 and connects to a public network.

You need to enable PowerShell remoting on Client1. The solution must ensure that PowerShell remoting connections are accepted from the local subnet only.

Which PowerShell command should you run?

  1. Set-PSSessionConfiguration AccessMode Local
  2. Enable-PSRemoting SkipNetworkProfileCheck
  3. Enable-PSRemoting Force
  4. Set-NetFirewallRule Name "WINRM-HTTP-In-TCP-PUBLIC" RemoteAddress Any

Answer(s): B

Explanation:

The Enable-PSRemoting cmdlet configures the computer to receive PowerShell remote commands that are sent by using the WS-Management technology. WS-Management based PowerShell remoting is currently supported only on Windows platform.
Syntax
Enable-PSRemoting
[-Force]
[-SkipNetworkProfileCheck]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Parameters include:
* -SkipNetworkProfileCheck
Indicates that this cmdlet enables remoting on client versions of the Windows operating system when the computer is on a public network. This parameter enables a firewall rule for public networks that allows remote access only from computers in the same local subnet.


Reference:

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enable-psremoting



You have a Microsoft Intune subscription associated to a Microsoft Entra tenant named contoso.com.

Users use one of the following three suffixes when they sign in to the tenant: us.contoso.com, eu.contoso.com, or contoso.com.

You need to ensure that the users are NOT required to specify the mobile device management (MDM) enrollment URL as part of the enrollment process. The solution must minimize the number of changes.

Which DNS records do you need?

  1. one TXT record only
  2. three CNAME records
  3. three TXT records
  4. one CNAME record only

Answer(s): B

Explanation:

To simplify enrollment, create a domain name server (DNS) alias (CNAME record type) that redirects enrollment requests to Intune servers. Otherwise, users trying to connect to Intune must enter the Intune server name during enrollment.
If the company uses more than one UPN suffix, you need to create one CNAME for each domain name and point each one to EnterpriseEnrollment-s.manage.microsoft.com. For example, users at Contoso use the following formats as their email/UPN:
name@contoso.com
name@us.contoso.com
name@eu.contoso.com


Reference:

https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enroll#simplify-windows-enrollment-without- azure-ad-premium



HOTSPOT (Drag and Drop is not supported)

You have a Microsoft 365 subscription.

You plan to enroll devices in Microsoft Intune that have the platforms and versions shown in the following table.



You need to configure device enrollment to meet the following requirements:

Ensure that only devices that have approved platforms and versions can enroll in Microsoft Intune.



Ensure that devices are added to Microsoft Entra groups based on a selection made by users during the



enrollment.

Which device enrollment setting should you configure for each requirement? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Enrollment restrictions
As an Intune administrator, you can create and manage enrollment restrictions that define what devices can enroll into management with Intune, including the:

Number of devices.
Operating systems and versions.

Box 2: Device categories
To make managing devices easier, you can use Microsoft Intune device categories to automatically add devices to groups based on categories that you define.

Device categories use the following workflow:

Create categories that users can choose from when they enroll their device.

When users of iOS/iPadOS and Android devices enroll a device, they must choose a category from the list of categories you configured. To assign a category to a Windows device, users must use the Company Portal website.

You can then deploy policies and apps to these groups.

You can create any device categories you want. For example:
- Point-of-sale device
- Demonstration device
- Sales
- Accounting
- Manager


Reference:

https://docs.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set https://docs.microsoft.com/en-us/mem/intune/enrollment/device-group-mapping



HOTSPOT (Drag and Drop is not supported)

Your network contains an on-premises Active Directory domain that contains the locations shown in the following table.



In Microsoft Intune, you enroll the Windows 11 deviYou need to review the servicing status of a computeces shown in the following table.



You have a Delivery Optimization device configuration profile applied to all the devices. The profile is configured as shown in the following exhibit.



From which devices can Device1 and Device2 get updates? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Reference:

https://garvis.ca/2021/06/01/delivery-optimization-know-your-options/



You have a Microsoft Entra tenant named contoso.com.

You plan to purchase 25 computers that run Windows 11. You plan to deliver the computers directly to users.

You need to ensure that during the out-of-box experience (OBE), users are prompted to sign in, and then the computers are configured to use Microsoft Intune.

Which two components should you configure? Each correct answer presents part of the solution.

Note: Each correct selection is worth one point.

  1. a provisioning package
  2. automatic enrollment
  3. an unattend.xml answer file
  4. a Windows Autopilot deployment profile for self-deploying mode
  5. a Windows Autopilot deployment profile for user-driven mode

Answer(s): B,E

Explanation:

B: Automatic MDM enrollment in the Intune admin center
Windows devices can be enrolled in to Intune automatically when they join or register with Azure Active Directory. Automatic enrollment can be configured in Azure portal.
1. Go to your Azure AD portal.
2. Select Mobility (MDM and MAM), and find the Microsoft Intune app.
3. Select Microsoft Intune and configure the enrollment options. You can specify settings to allow All users to
enroll a device, or choose to allow Some users (and specify a group).



4. Select Save to configure MDM autoenrollment for Azure AD joined devices and bring-your-own-device scenarios.
E, not D: Windows Autopilot user-driven mode
Windows Autopilot user-driven mode lets you configure new Windows devices to automatically transform them from their factory state to a ready-to-use state. This process doesn't require that IT personnel touch the device.
The process is simple. Devices can be shipped or distributed to the end user directly with the following instructions:
1. Unbox the device, plug it in, and turn it on.
2. If it uses multiple languages, choose a language, locale, and keyboard.
3. Connect it to a wireless or wired network with internet access. If using wireless, first connect to the wi-fi network.
4. Specify your e-mail address and password for your organization account.
The rest of the process is automated. The device does the following steps:
1. Join the organization.
2. Enroll in Microsoft Intune or another MDM service.
3. Get configured as defined by the organization.
You can suppress any other prompts during the out-of-box experience (OOBE).


Reference:

https://learn.microsoft.com/en-us/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm- enrollment-in-the-new-portal
https://learn.microsoft.com/en-us/autopilot/user-driven



You need to assign the same deployment profile to all the computers that are configured by using Windows Autopilot.

Which two actions should you perform? Each correct answer presents part of the solution.

Note: Each correct selection is worth one point.

  1. Create a Microsoft Entra group that has dynamic membership rules and uses the ZTDID tag.
  2. Create a Microsoft Entra group that has dynamic membership rules and uses the operatingSystem tag.
  3. Assign a Windows Autopilot deployment profile to a group.
  4. Join the computers to Microsoft Entra.
  5. Create a Group Policy object (GPO) that is linked to a domain.
  6. Join the computers to an on-premises Active Directory domain.

Answer(s): A,C

Explanation:

A: ZTDId: A unique value assigned to all imported Windows AutoPilot devices.
C: It is possibly to automatically assign a Windows AutoPilot deployment profile to Windows AutoPilot devices.
That makes it a lot easier for administrators, as this prevents the administrators from potentially forgetting to assign the deployment profile to newly imported devices.


Reference:

https://www.petervanderwoude.nl/post/automatically-assign-windows-autopilot-deployment-profile-to-windows- autopilot-devices/



DRAG DROP (Drag and Drop is not supported) (Drag and Drop is not supported)

You have a Microsoft Deployment Toolkit (MDT) deployment share that has a path of D:\MDTShare.

You need to add a feature pack to the boot image.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Step 1: Copy the feature pack to D:\MDTShare\Tools\x86
Add a feature pack, DaRT 10 (part of MDOP 2015), to the boot images.
1. Copy the CAB files to the deployment share: MDTShare\Tools\x86
2. In the Deployment Workbench, right-click the MDTShare deployment share and select Properties.

Step 2: Modify the Windows PE properties of the deployment share

3. On the Windows PE tab, in the Platform drop-down list, make sure x86 is selected.
4. On the Features sub tab, select the Microsoft Diagnostics and Recovery Toolkit (DaRT) checkbox.

Etc.

Step 3: Update the deployment share
Like the MDT Build Lab deployment share, the MDT Production deployment share needs to be updated after it has been configured. This is the process during which the Windows PE boot images are created.


Reference:

https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using- mdt



You plan to deploy Windows 11 Pro to 200 new computers by using the Microsoft Deployment Toolkit (MDT) and Windows Deployment Services (WDS).

The company has a Volume Licensing Agreement and uses a product key to activate Windows 11.

You need to ensure that the new computers will be configured to have the correct product key during the installation.

What should you configure?

  1. an MDT task sequence
  2. the Device settings in Azure AD
  3. a WDS boot image
  4. a Windows Autopilot deployment profile

Answer(s): A

Explanation:

Create the deployment task sequence.
The task sequence used to deploy your production Windows 10 reference image. You will then configure the task sequence to enable patching via a Windows Server Update Services (WSUS) server.
This includes: Specify Product Key: Do not specify a product key at this time


Reference:

https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using- mdt#a-href-idsec08astep-8-deploy-the-windows-10-client-image



Viewing page 15 of 53
Viewing questions 113 - 120 out of 409 questions



Post your Comments and Discuss Microsoft MD-102 exam dumps with other Community members:

MD-102 Exam Discussions & Posts

AI Tutor AI Tutor 👋 I’m here to help!