Practice MD-102 Manage, maintain, and protect devices questions with full explanations on every answer.
Start practicing
Manage, maintain, and protect devices — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A company deploys Windows 10 Enterprise devices managed by Microsoft Intune. Users report that after a recent Windows update, the Start menu layout is reset to default on some devices. The company uses a custom Start menu layout XML policy. How should the administrator ensure the custom layout is reapplied automatically after feature updates?
2A company uses Microsoft Intune to manage Windows 10 devices. They have a compliance policy that requires BitLocker to be enabled. Some devices are marked as non-compliant even though BitLocker appears to be on. The administrator runs 'manage-bde -status' on a non-compliant device and sees that the protection status is 'Protection Off'. What is the most likely cause?
3A company uses Microsoft Intune to manage devices. They want to ensure that when a device is reported as lost or stolen, the IT admin can remotely wipe the device. Which action should the admin take in the Intune console?
4An organization uses Microsoft Intune to manage Windows 10 devices. They deploy a PowerShell script via Intune to install a custom application. The script runs successfully on some devices but fails on others with error code 0x80070002. What is the most likely cause?
5A company uses Microsoft Intune to manage iOS devices. They want to enforce a policy that requires a passcode of at least 6 characters and auto-lock after 5 minutes. Which configuration profile type should they use?
6A company uses Microsoft Intune to manage Windows 10 devices. They need to deploy a line-of-business (LOB) app that is not available in the Microsoft Store. The app is packaged as an .msi file. Which TWO steps are required to deploy this app via Intune?
7A company uses Microsoft Intune to manage devices. They have a Windows 10 device that is non-compliant due to missing required updates. The administrator reviews the device and sees the update status shows 'Pending restart'. Which THREE actions should the administrator take to resolve the compliance issue?
8A company uses Microsoft Intune to manage Windows 10 devices. Users report that after a recent update, some devices are stuck in a reboot loop. The administrator needs to identify devices affected by the issue. Which report in the Microsoft Intune admin center should the administrator use?
9An organization uses Configuration Manager to deploy software updates to Windows 10 devices. The administrator wants to ensure that devices receive updates from the local distribution point rather than the cloud. Which boundary group option should be configured?
10A company manages 500 Windows 11 devices with Microsoft Intune. They use BitLocker encryption with automatic encryption enabled. Several devices report that encryption did not start. The administrator reviews the devices and finds that they are not compliant with the BitLocker policy. What is the most likely cause?
11An administrator uses Configuration Manager to manage Windows 10 devices. The administrator wants to deploy a custom Windows application as an Application model deployment type. The application requires a reboot. Which deployment purpose should the administrator use to allow users to control the installation timing?
12A company uses Microsoft Intune to manage iOS devices. The administrator configures a device compliance policy that requires a minimum OS version of 15.0. Users report that devices running iOS 14.8 are marked non-compliant even after updating to iOS 15.0. What is the most likely cause?
13A company uses Microsoft Intune to manage Windows 10 devices. The administrator needs to configure Windows Defender Firewall rules via a device configuration profile. Which TWO settings can be configured?
14An organization uses Configuration Manager to manage Windows 10 devices. The administrator is configuring a phased deployment for a software update. Which THREE conditions can be used to define the phases?
15A company applies the above BitLocker policy to Windows 10 devices via Intune. An administrator discovers that some devices are not encrypting. The administrator checks a device and finds that it has no TPM chip. Which setting in the policy will cause encryption to fail?
16An administrator runs the above PowerShell command on a Windows 10 device managed by Microsoft Defender for Endpoint. The device is reporting as healthy in the security console. Based on the output, which protection feature is disabled?
17A company uses Microsoft Intune to manage Windows 10 devices. The security team reports that several devices are missing critical security updates. You need to ensure that devices install updates within 7 days of release. What should you configure?
18A user reports that their Windows 10 device is not receiving policies from Microsoft Intune. The device shows as 'Not compliant' in the Intune console. You run the Get-MgDeviceManagementManagedDevice cmdlet and see that the device is enrolled and appears in the list. However, the LastSyncTime is 14 days ago. What is the most likely cause?
19You are deploying Microsoft Defender for Endpoint to Windows 10 devices managed by Microsoft Intune. After onboarding, you need to verify that the sensor is running. Which cmdlet should you use on the device?
20A company uses Microsoft Intune to manage iOS/iPadOS devices. The compliance policy requires a minimum OS version of 15.0. A user reports that their iPad running iOS 14.8 cannot access company email and shows as non-compliant. However, the device is up to date with the latest available OS for that hardware. What should you do to allow the device to access email while maintaining security?
21You are troubleshooting a Windows 10 device that is enrolled in Microsoft Intune. The device shows as 'Pending' in the Intune console. The user confirms that the device was enrolled using a provisioning package. Which log file should you review to diagnose the enrollment failure?
22You are configuring Microsoft Intune to manage Windows 10 devices. Which TWO actions are required to enable BitLocker encryption on devices?
23You manage a hybrid Azure AD joined environment with Microsoft Intune. You need to migrate Group Policy objects (GPOs) to Intune policies for Windows 10 devices. Which THREE tools or methods should you use?
24You have the following JSON compliance policy for Windows 10 devices in Intune. A device with OS version 10.0.19042.0, build 19042, with BitLocker enabled, Secure Boot enabled, but Code Integrity disabled reports as non-compliant. Which setting is causing the non-compliance?
25A company uses Microsoft Intune to manage Windows 10 devices. They need to ensure that only devices with BitLocker enabled can access corporate email via Exchange Online. Which configuration should the administrator use to enforce this requirement?
26A technician is troubleshooting a Windows 11 device that is enrolled in Intune. The device reports as 'Not compliant' due to missing required updates. The administrator runs the following command on the device and receives the output shown. What should the administrator do next to resolve the compliance issue?
27You are a Microsoft 365 Endpoint Administrator for a global organization with 5,000 Windows 11 devices managed by Intune. The company has a strict security policy requiring that all devices have BitLocker enabled with TPM validation, PIN, and startup key. Currently, only 80% of devices are compliant with BitLocker. After investigating, you discover that many non-compliant devices are older models that lack TPM 2.0, but they do have TPM 1.2. Additionally, some devices are virtual machines (VMs) that do not have a TPM at all. The security team insists that all devices must be encrypted, but they are willing to accept alternative configurations for devices without TPM 2.0. You need to propose a solution that maximizes security while ensuring compliance. What should you do?
28You are a Microsoft 365 Endpoint Administrator for a medium-sized company that uses Intune to manage Windows 10 and iOS devices. The company recently experienced a malware outbreak on several Windows 10 devices. The security team wants to implement a solution that can automatically remediate threats on Windows 10 devices by isolating them from the network and running a full antivirus scan. They also want to be alerted when a threat is detected. You have already configured Microsoft Defender for Endpoint (MDE) and devices are onboarded. What should you configure in Intune to meet these requirements?
29A company uses Microsoft Intune to manage Windows 10 devices. A user reports that their device is not receiving critical security updates despite being compliant with all update policies. You verify that the device is online and communicating with Intune. Which action should you take to resolve the issue?
30Which TWO actions are supported by Microsoft Intune for managing macOS devices?
31You are reviewing a Windows 10 compliance policy in Microsoft Intune. A user with a device running Windows 10 version 20H2 (build 19042.985) reports that the device is marked as non-compliant. The device has a password of length 8, a PIN with 4 characters, Secure Boot enabled, BitLocker enabled, and Windows Defender Firewall active. What is the most likely reason for non-compliance?
32Arrange the steps to troubleshoot a Windows 10 device failing to enroll in Microsoft Intune.
33Arrange the steps to troubleshoot a BitLocker recovery key prompt on a Windows 10 device.
34Match each Windows 10/11 edition to its applicable Microsoft 365 feature.
35Match each Microsoft 365 Apps update channel to its description.
The Manage, maintain, and protect devices domain covers the key concepts tested in this area of the MD-102 exam blueprint published by Microsoft. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all MD-102 domains — no account required.
The Courseiva MD-102 question bank contains 35 questions in the Manage, maintain, and protect devices domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Manage, maintain, and protect devices domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included