Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Manage identity and compliance practice sets

MD-102 Manage identity and compliance • Complete Question Bank

MD-102 Manage identity and compliance — All Questions With Answers

Complete MD-102 Manage identity and compliance question bank — all 0 questions with answers and detailed explanations.

29
Questions
Free
No signup
Certifications/MD-102/Practice Test/Manage identity and compliance/All Questions
Question 1mediummultiple choice
Read the full Manage identity and compliance explanation →

A company with 500 users uses Microsoft 365 E3 licenses. They want to ensure that all users have multi-factor authentication (MFA) enforced. Currently, 80% of users have MFA enabled through the legacy per-user MFA setting. The security team wants to use Conditional Access policies instead. You need to migrate from per-user MFA to Conditional Access with no disruption to users. What should you do?

Question 2hardmultiple choice
Read the full Manage identity and compliance explanation →

You are an endpoint administrator for a company that uses Microsoft Intune to manage devices. You need to ensure that only compliant devices can access Exchange Online. You have configured a Conditional Access policy that grants access to Exchange Online only if the device is marked as compliant. A user reports that they cannot access email from their iOS device, which is enrolled in Intune and shows as compliant. The user can access other Microsoft 365 services. What is the most likely cause?

Question 3easymultiple choice
Read the full Manage identity and compliance explanation →

A company is implementing Windows Hello for Business and wants to use certificate-based authentication. They have an on-premises Active Directory and are using Azure AD Connect for hybrid identity. Which prerequisites must be met to support certificate-based Windows Hello for Business?

Question 4hardmultiple choice
Read the full Manage identity and compliance explanation →

You manage a Microsoft 365 tenant with 10,000 users. You are planning a Conditional Access policy to require MFA for all users. However, you need to ensure that users who have not yet registered for MFA are not blocked. What should you do to handle unregistered users?

Question 5easymultiple choice
Read the full Manage identity and compliance explanation →

A company uses Microsoft Intune to manage Windows 10 devices. They need to ensure that only devices that have a BitLocker encryption status of 'fully encrypted' are allowed to access corporate resources. They create a device compliance policy that requires BitLocker. However, some devices are still accessing resources even though they are not fully encrypted. What should you check?

Question 6mediummulti select
Read the full Manage identity and compliance explanation →

Which TWO of the following are required to implement Azure AD Join for Windows 10 devices in a hybrid environment with on-premises Active Directory?

Question 7mediummulti select
Read the full Manage identity and compliance explanation →

Which THREE of the following are valid methods for deploying Microsoft Intune compliance policies to devices?

Question 8hardmultiple choice
Read the full Manage identity and compliance explanation →

Refer to the exhibit. The JSON snippet shows the Azure AD Identity Protection MFA registration policy configuration for the Contoso tenant. A new user, Jane, joins the company and is assigned a license. Jane attempts to access the Azure portal and is prompted to register for MFA. She registers successfully. However, the next day, she is again prompted to register for MFA. What is the most likely cause?

Exhibit

Refer to the exhibit.

```json
{
  "identityProtection": {
    "mfaRegistrationPolicy": {
      "state": "enabled",
      "excludeUsers": ["admin@contoso.com"],
      "includeUsers": ["allUsers"],
      "policySettings": {
        "blockOnUnregister": false,
        "remindRegistrationInDays": 14
      }
    }
  }
}```
Question 9mediummultiple choice
Read the full Manage identity and compliance explanation →

Refer to the exhibit. A Windows 10 device is showing as non-compliant. The compliance policy 'Require BitLocker' is assigned to all devices. The device does not have BitLocker enabled. However, the user is able to access corporate email on the device. What is the most likely reason for this?

Exhibit

Refer to the exhibit.

```
Device ID: 12345
Compliance Status: Non-compliant
Last Check-in: 2024-03-15 14:32:00

Policy assignments:
- Compliance Policy: 'Require BitLocker' (assigned to all devices)
- Configuration Profile: 'Device Restrictions' (assigned to group 'Sales')

Device details:
- OS: Windows 10 Pro 22H2
- BitLocker: Not enabled
- User: user@contoso.com
- Group membership: 'Sales' group
```
Question 10mediummultiple choice
Read the full Manage identity and compliance explanation →

A company uses Microsoft Entra ID P1 licenses. They want to enforce multi-factor authentication (MFA) for all users accessing the company's SaaS applications. However, they need to exclude a group of service accounts that use legacy authentication protocols. What is the recommended approach?

Question 11hardmultiple choice
Read the full Manage identity and compliance explanation →

An organization has deployed Microsoft Entra Connect Sync to synchronize on-premises Active Directory to Microsoft Entra ID. Users report that some cloud-only user accounts cannot be assigned licenses. The admin checks the provisioning logs and finds that the cloud accounts have a source of authority of 'Microsoft Entra ID'. What is the most likely cause?

Question 12easymultiple choice
Read the full Manage identity and compliance explanation →

A company is planning to implement Microsoft Intune for mobile device management. They want to ensure that only compliant devices can access Exchange Online. Which technology should they use?

Question 13hardmultiple choice
Read the full Manage identity and compliance explanation →

An administrator is configuring Microsoft Entra ID Protection. They want to create a policy that automatically blocks sign-ins when the risk level is high. However, they notice that the policy is not triggering for some users who have high risk. What is the most likely reason?

Question 14easymultiple choice
Read the full Manage identity and compliance explanation →

A company uses Microsoft 365 E3 licenses. They need to enforce that all users must use the Microsoft Authenticator app for MFA instead of SMS or phone call. What should the administrator configure?

Question 15mediummulti select
Read the full Manage identity and compliance explanation →

A company uses Microsoft Intune to manage Windows 10 devices. They want to ensure that devices have BitLocker enabled and are compliant before accessing corporate resources. Which TWO actions should the administrator take? (Choose two.)

Question 16hardmulti select
Read the full Manage identity and compliance explanation →

An organization is planning to implement a zero-trust security model. They need to evaluate the following capabilities in Microsoft 365. Which THREE are essential for a zero-trust architecture? (Choose three.)

Question 17mediummultiple choice
Read the full Manage identity and compliance explanation →

Refer to the exhibit. A user attempts to sign in to Microsoft Graph PowerShell and receives the error shown. What is the most likely cause?

Exhibit

Exhibit: The following is a snippet from a Microsoft Entra ID audit log for a user sign-in event:

{
  "id": "12345678-1234-1234-1234-123456789012",
  "createdDateTime": "2025-03-01T14:30:00Z",
  "userPrincipalName": "user@contoso.com",
  "appDisplayName": "Microsoft Graph PowerShell",
  "status": {
    "errorCode": 50058,
    "failureReason": "The user does not have an eligible license for this application."
  },
  "conditionalAccessStatus": "notApplied",
  "riskLevel": "none",
  "deviceDetail": {
    "deviceId": "00000000-0000-0000-0000-000000000000",
    "operatingSystem": "Windows 10",
    "browser": "Other"
  }
}
Question 18mediummultiple choice
Read the full Manage identity and compliance explanation →

A company uses Microsoft 365 with hybrid identity. Users report that after changing their on-premises passwords, they cannot access SharePoint Online for up to 30 minutes, but Outlook on the web works immediately. You need to reduce the delay for SharePoint Online access. What should you do?

Question 19hardmultiple choice
Read the full NAT/PAT explanation →

A multinational organization uses Microsoft 365 E5 licenses. The compliance officer wants to ensure that all documents containing credit card numbers are automatically classified and protected with a label that applies encryption. You configure auto-labeling policies in Microsoft Purview. After 24 hours, the compliance officer reports that no documents have been labeled. The policy scope is set to 'All locations' and the policy is enabled. What is the most likely cause of the issue?

Question 20easymulti select
Read the full Manage identity and compliance explanation →

You are configuring Microsoft Entra Conditional Access for a company that requires all employees to use multi-factor authentication (MFA) when accessing the Azure portal. The company also wants to block access from devices that are not compliant. You create a Conditional Access policy. Which two assignments must you configure to meet these requirements? (Choose two.)

Question 21mediummulti select
Read the full Manage identity and compliance explanation →

You are an enterprise administrator for Contoso Ltd. You need to configure Microsoft 365 tenant-wide settings for external collaboration. Which TWO actions should you take to meet the following goals: (1) allow only specific external domains to collaborate with your organization, and (2) ensure that external users are required to sign in with multi-factor authentication (MFA) before accessing shared resources?

Question 22hardmultiple choice
Read the full Manage identity and compliance explanation →

You are a Teams administrator. After running the PowerShell script shown in the exhibit, users report they cannot communicate with federated users from 'trusted.com'. What is the most likely cause?

Exhibit

Refer to the exhibit.
```
$session = New-CsOnlineSession -Verbose
Import-PSSession $session
Set-CsTenantFederationConfiguration -Identity Global -AllowFederatedUsers $true
Set-CsTenantFederationConfiguration -Identity Global -AllowPublicUsers $false
Set-CsTenantFederationConfiguration -Identity Global -BlockedDomains @{Add="suspicious.com"}
Set-CsTenantFederationConfiguration -Identity Global -AllowedDomains @{Add="trusted.com"}
Remove-CsOnlineSession $session
```
Question 23easymultiple choice
Read the full Manage identity and compliance explanation →

You are the compliance administrator for a large organization using Microsoft 365 E5 licenses. The company has a hybrid identity configuration with Azure AD Connect syncing on-premises Active Directory to Azure AD. The security team requires that all mobile devices accessing corporate email and documents must be enrolled in Microsoft Intune and compliant with company device policies. Recently, several users reported that they cannot access Outlook on their iOS devices, receiving a message: 'Your organization requires this device to be managed by Intune. Please install the Company Portal app and enroll your device.' However, after installing Company Portal and completing enrollment, they still cannot access Outlook and see the same error. Upon investigation, you find that the devices are showing as 'Compliant' in the Microsoft Intune admin center. You also verify that the Conditional Access policy requiring device compliance is correctly configured and assigned to all users. What should you do to resolve the issue?

Question 24mediumdrag order
Read the full Manage identity and compliance explanation →

Order the steps for configuring a Windows 10 kiosk device using Assigned Access.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 25mediumdrag order
Read the full Manage identity and compliance explanation →

Order the steps to configure Windows Defender Antivirus exclusions via Group Policy.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 26mediumdrag order
Read the full Manage identity and compliance explanation →

Order the steps to migrate user profiles from Windows 10 to a new device using User State Migration Tool (USMT).

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 27mediummatching
Read the full Manage identity and compliance explanation →

Match each MDM (Mobile Device Management) enrollment method to its typical scenario.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

User-owned devices enrolled with user affinity

Company-owned devices assigned to a specific user

Shared or kiosk devices not tied to a user

Zero-touch deployment for new Windows devices

Enroll multiple devices using a shared account

Question 28mediummatching
Read the full Manage identity and compliance explanation →

Match each Microsoft Entra ID (Azure AD) join type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Personal devices with work account access

Devices owned by organization, cloud-only

Devices joined to on-premises AD and Azure AD

Hybrid join with automatic device enrollment

Hybrid join using federation services

Question 29mediummatching
Read the full Manage identity and compliance explanation →

Match each Microsoft 365 compliance feature to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Prevent sensitive data from being shared inappropriately

Classify and protect documents and emails with labels

Manage retention and disposal of records

Search and export content for legal investigations

Log and investigate user and admin activities

Practice tests

Scored 10-question sessions with instant feedback and explanations.

MD-102 Practice Test 1 — 10 Questions→MD-102 Practice Test 2 — 10 Questions→MD-102 Practice Test 3 — 10 Questions→MD-102 Practice Test 4 — 10 Questions→MD-102 Practice Test 5 — 10 Questions→MD-102 Practice Exam 1 — 20 Questions→MD-102 Practice Exam 2 — 20 Questions→MD-102 Practice Exam 3 — 20 Questions→MD-102 Practice Exam 4 — 20 Questions→Free MD-102 Practice Test 1 — 30 Questions→Free MD-102 Practice Test 2 — 30 Questions→Free MD-102 Practice Test 3 — 30 Questions→MD-102 Practice Questions 1 — 50 Questions→MD-102 Practice Questions 2 — 50 Questions→MD-102 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Prepare infrastructure for devicesManage and maintain devicesManage applicationsProtect devicesDeploy Windows clientManage identity and complianceManage, maintain, and protect devices

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Manage identity and compliance setsAll Manage identity and compliance questionsMD-102 Practice Hub