Microsoft Endpoint Administrator
Updated 28-Apr-2026
You have a Microsoft Entra tenant named contoso.com.You plan to use Windows Autopilot to configure the Windows 10 devices shown in the following table.Which devices can be configured by using Windows Autopilot self-deploying mode?
Answer(s): B
Self-deploying mode uses a device's TPM 2.0 hardware to authenticate the device into an organization's Azure AD tenant. Therefore, devices without TPM 2.0 can't be used with this mode.
https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/self-deploying
You have 200 computers that run Windows 10 and are joined to an Active Directory domain.You need to enable Windows Remote Management (WinRM) on all the computers by using Group Policy.Which three actions should you perform? Each correct answer presents part of the solution.Note: Each correct selection is worth one point.
Answer(s): B,C,F
How to enable WinRM with domain controller Group Policy for WMI monitoring First, we need to create a Group Policy object for your domain.Next, edit the new Group Policy object you just created. When you're done, there will be three WinRM service settings enabled:B: Allow remote server management through WinRM1. Right-click on the new Enable WinRM Group Policy Object and select Edit.2. From the menu tree, click Computer Configuration > Policies > Administrative Templates: Policy definitions > Windows Components > Windows Remote Management (WinRM) > WinRM Service.3. Right-click on Allow remote server management through WinRM and click Edit.4. Select Enabled to allow remote server management through WinRM.5. Enter an asterisk (*) into each field.6. Click OK.C: Now that Windows Remote Management has been enabled on the Group Policy, you need to enable the service that goes with it.1. From the Group Policy Management Editor window, click Preferences > Control Panel Settings > Services.2. Right-click on Services and select New > Service.3. Select Automatic as the startup.4. Enter WinRM as the service name.5. Select Start service as the service action.6. All remaining details can stay on the defaults. Click OK.F: Now you must allow for inbound remote administration by updating the firewall rules. When you're done, there will be two rules enabled:Windows Firewall: Allow inbound remote administration exception Windows Firewall: Allow ICMP exception
https://support.auvik.com/hc/en-us/articles/204424994-How-to-enable-WinRM-with-domain-controller-Group- Policy-for-WMI-monitoring
You have a Microsoft 365 Business Standard subscription and 100 Windows 10 Pro devices.You purchase a Microsoft 365 E5 subscription.You need to upgrade the Windows 10 Pro devices to Windows 10 Enterprise. The solution must minimize administrative effort.Which upgrade method should you use?
Answer(s): C
Windows Subscription ActivationWindows 10 Pro supports the Subscription Activation feature, enabling users to "step-up" from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise, respectively, if they aresubscribed to Windows Enterprise E3 or E5.
https://docs.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation
HOTSPOT (Drag and Drop is not supported)You have a Microsoft 365 subscription.You plan to enable Microsoft Intune enrollment for the following types of devices:Existing Windows 11 devices managed by using Configuration ManagerPersonal iOS devicesThe solution must minimize user disruption.Which enrollment method should you use for each device type? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.Hot Area:
Answer(s): A
Box 1: Co-managementExisting Windows 11 devices managed by using Configuration ManagerCo-management enrollmentIf you use Configuration Manager, and want to continue to use Configuration Manager, then co-management enrollment is for you. Co-management manages Windows devices using Configuration Manager and Microsoft Intune together. You cloud-attach your existing Configuration Manager environment to Intune. This enrollment option runs some workloads in Configuration Manager, and other workloads in Intune.Box 2: User enrollmentPersonal iOS devicesBYOD: User and Device enrollmentThese iOS/iPadOS devices are personal or BYOD (bring your own device) devices that can access organization email, apps, and other data. Starting with iOS 13 and newer, this enrollment option targets users or targets devices. It doesn't require resetting the devices.Note: Enroll iOS and iPadOS devices in Microsoft IntunePersonal and organization-owned devices can be enrolled in Intune. Once they're enrolled, they receive the policies and profiles you create. You have the following options when enrolling iOS/iPadOS devices:Automated device enrollment (ADE)Apple ConfiguratorBYOD: User and Device enrollmentIncorrect:* Automated Device EnrollmentAutomated Device Enrollment (ADE) (supervised)Previously called Apple Device Enrollment Program (DEP). Use on devices owned by your organization. This option configures settings using Apple Business Manager (ABM) or Apple School Manager (ASM). It enrolls a large number of devices, without you ever touching the devices. These devices are purchased from Apple, have your preconfigured settings, and can be shipped directly to users or schools. You create an enrollment profile in the Intune admin center, and push this profile to the devices.* Apple ConfiguratorApple Configurator enrollmentUse on devices owned by your organization, and includes Direct Enrollment. This option requires you to physically connect iOS/iPadOS devices to a Mac computer using the USB port.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-windows https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-ios-ipados
HOTSPOT (Drag and Drop is not supported)You have a Microsoft Entra ID P2 subscription that contains the users shown in the following table.You purchase the devices shown in the following table.You configure automatic mobile device management (MDM) and mobile application management (MAM) enrollment by using the following settings:MDM user scope: Group1MAM user scope: Group2For each of the following statements, select Yes if the statement is true. Otherwise, select No.Note: Each correct selection is worth one point.Hot Area:
https://docs.microsoft.com/en-us/mem/intune/enrollment/android-enroll https://powerautomate.microsoft.com/fr-fr/blog/mam-flow-mobile/
Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains 100 client computers that run Windows 10.Currently, your company does NOT have a deployment infrastructure.The company purchases Windows 11 licenses through a volume licensing agreement.You need to recommend how to upgrade the computers to Windows 11. The solution must minimize licensing costs.What should you include in the recommendation?
Answer(s): D
HOTSPOT (Drag and Drop is not supported)You have computers that run Windows 11 and are configured by using Windows Autopilot.A user performs the following tasks on a computer named Computer1:Creates a VPN connection to the corporate networkInstalls a Microsoft Store app named App1Connections to a Wi-Fi networkYou perform a Windows Autopilot Reset on Computer1.What will be the state of the computer when the user signs in? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.Hot Area:
Box 1: Retained and the passphrase will be retainedThe Windows Autopilot Reset process automatically keeps information from the existing device:* Wi-Fi connection details.Box 2: RemovedWindows Autopilot Reset:* Removes personal files, apps, and settings.Box 3: RemovedWindows Autopilot Reset:Removes personal files, apps, and settings.Reapplies a device's original settings.Sets the region, language, and keyboard to the original values.Maintains the device's identity connection to Azure AD.Maintains the device's management connection to Intune.The Windows Autopilot Reset process automatically keeps information from the existing device:Wi-Fi connection details.Provisioning packages previously applied to the device.A provisioning package present on a USB drive when the reset process is started. Azure Active Directory device membership and MDM enrollment information.
https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-reset
HOTSPOT (Drag and Drop is not supported)You have a Microsoft Deployment Toolkit (MDT) solution that is used to manage Windows 11 deployment tasks.MDT contains the operating system images shown in the following table.You need to perform a Windows 11-place upgrade on several computers that run Windows 10.From the Deployment Workbench, you open the New Task Sequence Wizard.You need to identify which task sequence template and which operating system image to use for the task sequence. The solution must minimize administrative effort.What should you identify? To answer, select the appropriate options in the answer area.Note: Each correct selection is worth one point.Hot Area:
Box 1: Standard Client Upgrade Task SequenceUse Template: Standard Client Upgrade Task SequenceIn-place upgrade is the preferred method to use when migrating from Windows to a later release of Windows, and is also a preferred method for upgrading from Windows 7 or 8.1 if you do not plan to significantly change the device's configuration or applications. MDT includes an in-place upgrade task sequence template that makes the process really simple.Box 2: Install.wimIn-place upgrade differs from computer refresh in that you cannot use a custom image to perform the in-place upgrade.
https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the- microsoft-deployment-toolkit
Share your comments for Microsoft MD-102 exam with other users:
AI Tutor Explanation 4/29/2026 5:25:25 AM
Question 1: Correct answer: C. Extract the hardware ID information of each computer to a CSV file and upload the file from the Microsoft Intune admin center. Why this is correct
AI Tutor Explanation 4/29/2026 5:23:14 AM
Question 5: Correct answer: A. User4 and User1 only Why this is correct: - The Automatic Enrollment setting in Intune has MDM user scope: GroupA. Only users in GroupA can enroll devices via MDM auto-enrollment. - Device6 will be enrolled via Windows Autopilot and Intune, so enrollment is allowed only for users in GroupA. - Based on the group memberships in the scenario, User4 and User1 are in GroupA, while User2 and User3 are not. Therefore only User4 and User1 can enroll Device6. Quick tip for the exam: - Remember: MDM user scope determines who can auto-enroll devices; MAM scope controls app protection enrollment. When a new Autopilot device is enrolled, the signing-in user must be in the MDM scope.
AI Tutor Explanation 4/29/2026 5:17:10 AM
Why this is correct Correct answer: C. Extract the hardware ID information of each computer to a CSV file and upload the file from the Microsoft Intune admin center. Why this is correct: - Windows Autopilot requires devices to be registered by their hardware IDs (hash) before Autopilot can deploy Windows 10 Enterprise. - Collect the hardware IDs from the new Phoenix machines, save them in a CSV, and upload that CSV in the Intune/Windows Autopilot area. This maps each device to an Autopilot deployment profile. - After registration, you can assign Autopilot profiles (Windows 10 Enterprise, etc.). Other options (serial number CSV, generalizing, or Mobility settings) are not the initial Autopilot registration steps.