Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Manage and maintain devices practice sets

MD-102 Manage and maintain devices • Complete Question Bank

MD-102 Manage and maintain devices — All Questions With Answers

Complete MD-102 Manage and maintain devices question bank — all 0 questions with answers and detailed explanations.

297
Questions
Free
No signup
Certifications/MD-102/Practice Test/Manage and maintain devices/All Questions
Question 1mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization manages Windows 10 and 11 devices using Microsoft Intune. Users report that after a recent update, the Microsoft Store for Business app 'Company Portal' fails to launch. You verify that the app is assigned as required to all devices. What should you do first to resolve the issue?

Question 2hardmultiple choice
Read the full Manage and maintain devices explanation →

You are designing a Windows 365 Cloud PC provisioning policy. The requirement is that when a user is assigned a Cloud PC, it must automatically have Microsoft Defender for Endpoint configured with real-time protection enabled and a custom firewall rule allowing only specific IPs. Which approach should you use?

Question 3easymultiple choice
Read the full Manage and maintain devices explanation →

A user's iOS device is enrolled in Microsoft Intune and is compliant. However, the user cannot access corporate email in the Outlook mobile app. The app displays an error that the device is not compliant. What is the most likely cause?

Question 4hardmultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Windows devices. You need to deploy a custom Line-of-Business (LOB) app that is signed with a certificate not trusted by the devices. The app must be available to users in the Company Portal. What should you do?

Question 5mediummultiple choice
Read the full Manage and maintain devices explanation →

You need to ensure that Windows 10 devices in your organization receive the latest quality updates within 7 days of release. You configure a Windows Update for Business policy in Intune with a deferral period of 7 days. After two weeks, some devices have not installed the updates. What is the most likely reason?

Question 6easymultiple choice
Read the full wireless explanation →

You are troubleshooting a Windows 11 device that cannot connect to the corporate Wi-Fi network. The device is enrolled in Intune and has a Wi-Fi profile assigned. The profile uses SCEP certificate authentication. The user can connect to other Wi-Fi networks. What is the most likely cause?

Question 7hardmultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage macOS devices. You need to deploy a configuration profile that enforces FileVault encryption. The profile must allow recovery key escrow to Intune. After deploying the profile, you notice that some devices are not encrypted. What should you check first?

Question 8mediummultiple choice
Read the full Manage and maintain devices explanation →

You need to implement a solution that automatically wipes a company-owned Windows 10 device when it has not connected to Intune for 30 days. Which Intune feature should you configure?

Question 9easymultiple choice
Read the full Manage and maintain devices explanation →

A user reports that after resetting their Windows 10 device, they cannot re-enroll it in Intune. The device appears as 'Pending' in the admin center. What is the most likely reason?

Question 10mediummulti select
Read the full Manage and maintain devices explanation →

Which TWO actions can you take to improve the performance of Microsoft Intune management for Windows devices that are geographically distributed and have limited bandwidth?

Question 11hardmulti select
Read the full Manage and maintain devices explanation →

Which THREE conditions must be met for a Windows 10 device to be able to use Windows Autopilot self-deploying mode?

Question 12easymulti select
Read the full Manage and maintain devices explanation →

Which TWO methods can you use to deploy Microsoft 365 Apps to Windows 10 devices managed by Intune?

Question 13hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You deploy this compliance policy to a Windows 11 device running OS version 10.0.22621.100. The device has a password set, firewall active, and Defender enabled. However, the device is marked as non-compliant. What is the most likely reason?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "description": "Device compliance policy for Windows 10 devices",
  "displayName": "Windows 10 Compliance Policy v2",
  "passwordRequired": true,
  "passwordMinimumLength": 8,
  "passwordRequiredType": "deviceDefault",
  "passwordMinutesOfInactivityBeforeLock": 15,
  "storageRequireEncryption": true,
  "activeFirewallRequired": true,
  "defenderEnabled": true,
  "defenderVersion": "4.18.2207.7",
  "osMinimumVersion": "10.0.19042.0",
  "osMaximumVersion": "10.0.22621.0"
}
Question 14mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You run this PowerShell command to retrieve Windows devices. The output shows several devices with lastSyncDateTime older than 30 days and complianceState as 'noncompliant'. What is the most likely cause for these devices to be noncompliant?

Exhibit

Get-IntuneManagedDevice -Filter "operatingSystem eq 'Windows'" | Select-Object id, deviceName, lastSyncDateTime, complianceState
Question 15hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You apply this device configuration profile to a group of Windows 10 devices. Users report that they receive update notifications outside of active hours. Which setting should you modify to suppress notifications during active hours?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
  "displayName": "Windows 10 Security Baselines",
  "privacy": {
    "advertisingId": "disabled",
    "enableEnhancedSafeguards": true
  },
  "defender": {
    "detectionFrequency": 2,
    "realTimeProtection": true,
    "cloudBlockLevel": "high"
  },
  "windowsUpdate": {
    "activeHoursStart": "08:00",
    "activeHoursEnd": "17:00",
    "updateNotificationLevel": "defaultNotifications"
  }
}
Question 16mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Windows 10 devices. Users report that after a recent update, some devices are no longer receiving compliance policies. You verify that the devices are enrolled and show as active in Intune. What should you check first?

Question 17hardmultiple choice
Read the full Manage and maintain devices explanation →

A company uses Microsoft Intune to manage iOS devices. They need to ensure that corporate data on these devices is protected if a device is lost or stolen. The solution must allow users to continue using personal apps and data after a selective wipe. What should they configure?

Question 18easymultiple choice
Read the full Manage and maintain devices explanation →

You are managing Windows 10 devices with Intune. You need to deploy a PowerShell script that runs under the system context during device enrollment. Which approach should you use?

Question 19mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Defender for Endpoint (Microsoft Defender XDR). You need to ensure that all Windows 10 devices report their security health to Microsoft Defender for Endpoint. Some devices are showing as inactive. What is the most likely cause?

Question 20hardmultiple choice
Read the full Manage and maintain devices explanation →

A company uses Microsoft Intune to manage Windows 10 devices with a hybrid Azure AD join configuration. Users report that they are unable to access corporate resources on their devices. You verify that the devices are enrolled and that compliance policies are applied. What should you check next?

Question 21easymultiple choice
Read the full Manage and maintain devices explanation →

You need to enforce encryption on Windows 10 devices managed by Intune. Which policy type should you configure?

Question 22mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Android Enterprise devices. You need to ensure that only approved corporate apps can be installed on work profiles. What should you configure?

Question 23hardmultiple choice
Read the full Manage and maintain devices explanation →

A user has an iOS device enrolled in Intune. The device is lost, and you need to immediately prevent unauthorized access to corporate data. The device contains both corporate and personal data. Which action should you take?

Question 24mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization is planning to deploy Windows 10 updates using Windows Update for Business. You need to ensure that critical security updates are installed within 7 days of release. Which configuration should you use?

Question 25hardmulti select
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Windows 10 devices. You need to deploy a PowerShell script that runs in the user context on a schedule. Which TWO methods can you use? (Choose two.)

Question 26easymulti select
Read the full Manage and maintain devices explanation →

Which THREE are valid device management actions in Microsoft Intune? (Choose three.)

Question 27mediummulti select
Read the full Manage and maintain devices explanation →

You are troubleshooting an Intune-managed Windows 10 device that is not receiving a required application. Which THREE steps should you take to diagnose the issue? (Choose three.)

Question 28hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You have created the compliance policy shown in JSON format. The policy is assigned to a group containing Windows 10 devices. A device running Windows 10 version 22H2 (build 22621.1) is showing as noncompliant. What is the most likely reason?

Exhibit

Refer to the exhibit.
{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "description": "Windows 10 compliance policy",
  "passwordRequired": true,
  "passwordMinimumLength": 6,
  "passwordRequiredType": "deviceDefault",
  "osMinimumVersion": "10.0.19041.0",
  "osMaximumVersion": "10.0.22621.0",
  "storageRequireEncryption": true
}
Question 29mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You run the PowerShell command shown and get the output. You need to force an immediate sync for PC-001. Which cmdlet should you use?

Exhibit

Refer to the exhibit.
PS C:\> Get-IntuneManagedDevice -DeviceName "PC-001" | Select-Object -Property DeviceName, OSVersion, LastSyncDateTime, ComplianceState, EnrollmentType

DeviceName   OSVersion      LastSyncDateTime        ComplianceState EnrollmentType
----------   ---------      ----------------        --------------- --------------
PC-001       10.0.19044.0   2025-03-15T10:30:00Z   compliant       MDM
Question 30easymultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You are configuring a bulk enrollment token for Windows 10 devices in Intune. The token is set to expire on June 1, 2025. You need to ensure that devices can enroll using this token until June 30, 2025. What should you do?

Exhibit

Refer to the exhibit.
{
  "@odata.type": "#microsoft.graph.windows10EnrollmentConfigurationTemplate",
  "displayName": "Bulk Enrollment Token",
  "expirationDateTime": "2025-06-01T00:00:00Z",
  "tokenType": "bulkEnrollment",
  "scopeTags": []
}
Question 31easymultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage devices. You need to configure a policy that automatically retires a device if it does not check in for 30 days. Which policy type should you configure?

Question 32mediummultiple choice
Read the full Manage and maintain devices explanation →

A user reports that their Windows 11 device is not receiving Microsoft 365 Apps updates from Intune. You verify the device is enrolled and compliant. The device has a Microsoft 365 Apps update policy assigned. What is the most likely cause?

Question 33hardmultiple choice
Read the full Manage and maintain devices explanation →

You are designing a device management strategy for a hybrid environment with on-premises Active Directory and Microsoft Entra ID. You need to ensure that devices are managed by Intune and can access on-premises resources. Which approach should you recommend?

Question 34easymultiple choice
Read the full Manage and maintain devices explanation →

You need to deploy a custom PowerShell script to all Windows 10 devices enrolled in Intune. The script must run under the SYSTEM account. Which Intune feature should you use?

Question 35mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization has Windows 10 devices managed by Intune. You need to enforce BitLocker encryption on all devices. The devices must use a TPM protector and a recovery password. What should you configure?

Question 36hardmultiple choice
Read the full Manage and maintain devices explanation →

You are troubleshooting a Windows 11 device that fails to install a required application from the Company Portal. The app is assigned as required to the device. The device shows as compliant and has a healthy connection. What is the most likely cause?

Question 37easymultiple choice
Read the full Manage and maintain devices explanation →

You need to ensure that all Windows 10 devices automatically install critical security updates from Windows Update as soon as they are released. Which Windows Update for Business policy setting should you configure?

Question 38mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage iOS devices. You need to prevent users from removing the Intune Company Portal app from their devices. Which setting should you configure?

Question 39hardmultiple choice
Read the full Manage and maintain devices explanation →

You are planning a Windows 11 deployment for 500 new devices using Windows Autopilot. The devices will be shipped directly to users from the manufacturer. You need to ensure that the devices are automatically enrolled in Intune and joined to Microsoft Entra ID. What should you do?

Question 40mediummulti select
Read the full Manage and maintain devices explanation →

Which TWO actions can you perform using Microsoft Intune to manage Windows 10 devices?

Question 41hardmulti select
Read the full Manage and maintain devices explanation →

Which THREE prerequisites are required to enable Windows Autopilot for existing devices?

Question 42easymulti select
Read the full Manage and maintain devices explanation →

Which TWO methods can be used to enroll Android devices in Microsoft Intune?

Question 43mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You have the following compliance policy assigned to a Windows 10 device running version 10.0.22000.0. The device has a password of 8 characters and is encrypted. What is the compliance status of the device?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "passwordRequired": true,
  "passwordMinimumLength": 6,
  "passwordRequiredType": "deviceDefault",
  "passwordMinutesOfInactivityBeforeLock": 15,
  "passwordExpirationDays": 90,
  "passwordPreviousPasswordBlockCount": 5,
  "osMinimumVersion": "10.0.19041.0",
  "osMaximumVersion": "10.0.22621.0",
  "storageRequireEncryption": true
}
Question 44hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You see the following Intune device properties for a Windows device. The device is noncompliant and the grace period expires on 2025-02-20. Today is 2025-02-15. The compliance policy requires a minimum OS version of 10.0.19041 but the device is on 10.0.18363. What will happen if the device does not become compliant before the grace period expires?

Exhibit

{
  "deviceId": "12345",
  "deviceName": "CONTOSO-PC",
  "managedDeviceOwnerType": "company",
  "enrolledDateTime": "2025-01-15T10:00:00Z",
  "lastSyncDateTime": "2025-02-10T08:00:00Z",
  "operatingSystem": "Windows",
  "complianceState": "noncompliant",
  "complianceGracePeriodExpirationDateTime": "2025-02-20T10:00:00Z",
  "userPrincipalName": "user@contoso.com"
}
Question 45easymultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You manage a Windows 11 device that is marked as compliant and has OS version 10.0.22621.0. You need to upgrade the device to Windows 11 version 23H2. Which Intune feature should you use?

Exhibit

{
  "deviceId": "67890",
  "deviceName": "SALES-LAPTOP",
  "operatingSystem": "Windows",
  "osVersion": "10.0.22621.0",
  "complianceState": "compliant",
  "lastSyncDateTime": "2025-03-01T12:00:00Z",
  "enrolledDateTime": "2025-02-01T09:00:00Z",
  "userPrincipalName": "sales@contoso.com"
}
Question 46hardmultiple choice
Read the full wireless explanation →

A user reports that their Windows 11 device cannot connect to the corporate Wi-Fi network. In Intune, the device shows a status of 'Pending' for the Wi-Fi configuration profile. The profile is assigned to a group that includes the user. What is the most likely cause of the issue?

Question 47easymultiple choice
Read the full Manage and maintain devices explanation →

You need to ensure that corporate devices automatically install critical Windows updates within 24 hours of release. Which update ring setting should you configure in Intune?

Question 48mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage iOS devices. You need to ensure that only approved corporate apps can be installed on these devices. Which restriction profile setting should you configure?

Question 49hardmultiple choice
Read the full Manage and maintain devices explanation →

You are troubleshooting a Windows 10 device that shows as 'Noncompliant' in Intune despite having all required compliance policies applied. The device is domain-joined and configured with hybrid Azure AD join. What is the most likely cause?

Question 50easymultiple choice
Read the full Manage and maintain devices explanation →

You need to retire a corporate-owned iOS device that is no longer in use. The device is enrolled in Intune with user affinity. Which action should you perform?

Question 51mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization requires that all Windows 11 devices encrypt their drives with BitLocker. You have configured a BitLocker policy in Intune, but some devices show as 'Not evaluated' for the encryption status. What is the most likely reason?

Question 52hardmultiple choice
Read the full Manage and maintain devices explanation →

You are using Intune to manage macOS devices. You need to deploy a custom configuration profile that sets a preference for a third-party app. Which method should you use?

Question 53mediummultiple choice
Read the full Manage and maintain devices explanation →

A user's Android device is not receiving email from the corporate Microsoft 365 tenant. The device is enrolled in Intune and shows as compliant. The email profile is assigned to the user. What should you check first?

Question 54hardmultiple choice
Read the full Manage and maintain devices explanation →

You have configured a Windows 10 update ring with a deadline of 3 days for quality updates. However, some devices are not installing updates within the deadline. What should you verify?

Question 55mediummultiple choice
Read the full Manage and maintain devices explanation →

You have assigned the above compliance policy to all Windows 10 devices. A user's device shows as noncompliant with a reason of 'TPM not found'. What should you do to resolve the issue?

Exhibit

Refer to the exhibit.

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "description": "Windows 10 compliance policy",
  "passwordRequired": true,
  "passwordMinimumLength": 8,
  "passwordRequireComplexity": "required",
  "passwordExpirationDays": 90,
  "secureBootEnabled": true,
  "tpmEnabled": true,
  "deviceThreatProtectionEnabled": true,
  "deviceThreatProtectionRequiredSecurityLevel": "medium"
}
Question 56easymultiple choice
Read the full Manage and maintain devices explanation →

You have created the above custom policy but it fails to apply on Windows 10 devices. What is the most likely reason?

Exhibit

Refer to the exhibit.

{
  "@odata.type": "#microsoft.graph.windows10CustomConfiguration",
  "omaSettings": [
    {
      "@odata.type": "#microsoft.graph.omaSettingString",
      "displayName": "Custom ADMX setting",
      "description": "Enables feature XYZ",
      "omaUri": "./Device/Vendor/MSFT/Policy/Config/ADMX_Custom/Policy_XYZ",
      "value": "1"
    }
  ]
}
Question 57hardmultiple choice
Read the full Manage and maintain devices explanation →

The above PowerShell cmdlet returns the following output:

DeviceName: LAPTOP001 LastSyncDateTime: 2025-03-15T08:30:00Z ComplianceState: noncompliant ManagementState: managed OSVersion: 10.0.19044.1288

The device last synced 3 days ago. What is the most likely reason for the noncompliant status?

Exhibit

Refer to the exhibit.

Get-IntuneManagedDevice -DeviceName "LAPTOP001" | Select-Object -Property DeviceName, LastSyncDateTime, ComplianceState, ManagementState, OSVersion
Question 58mediummulti select
Read the full Manage and maintain devices explanation →

You need to ensure that corporate data on lost or stolen iOS devices is protected. Which TWO actions should you configure in Intune?

Question 59hardmulti select
Read the full Manage and maintain devices explanation →

You are planning the deployment of Windows 11 using Intune. Which THREE components are required to perform an in-place upgrade from Windows 10?

Question 60easymulti select
Read the full Manage and maintain devices explanation →

You need to configure conditional access for managed devices accessing Exchange Online. Which THREE conditions can be used?

Question 61mediummulti select
Read the full Manage and maintain devices explanation →

You are troubleshooting a Windows 11 device that fails to install a required Win32 app deployed via Intune. Which THREE logs or locations should you review?

Question 62mediummultiple choice
Read the full wireless explanation →

Your organization uses Microsoft Intune to manage Windows 11 devices. Users report that after a recent update, the corporate Wi-Fi profile no longer connects automatically. You verify the profile is still assigned and the device shows 'Not compliant' in Intune. What should you check first?

Question 63easymultiple choice
Read the full Manage and maintain devices explanation →

A company uses Microsoft Intune to manage iOS devices. They want to ensure that only devices with a passcode of at least 6 characters and without jailbreak can access corporate email. Which policy type should they configure?

Question 64hardmultiple choice
Read the full Manage and maintain devices explanation →

You manage Windows 10 devices with Microsoft Intune. You need to deploy a PowerShell script that runs every time a device boots, before the user logs on. The script is signed. What is the correct deployment approach?

Question 65mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune for device management. A user reports that their Android device is not receiving a required app that is assigned as 'Required' for all users. The device shows as 'Compliant' in Intune. What is the most likely cause?

Question 66easymultiple choice
Read the full Manage and maintain devices explanation →

A company uses Microsoft Intune to manage macOS devices. They need to enforce FileVault encryption on all Macs. What should they configure?

Question 67hardmultiple choice
Read the full Manage and maintain devices explanation →

You are troubleshooting a Windows 11 device that fails to install an Intune-managed update. The device has been offline for two weeks. After reconnecting, the update does not install. In the Intune console, the update shows 'Failed to install' with error code 0x800f0831. What is the most likely cause?

Question 68mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Windows 10 devices. You need to ensure that only devices with TPM 2.0 and Secure Boot enabled can access Microsoft 365 resources. What is the best approach?

Question 69easymultiple choice
Read the full Manage and maintain devices explanation →

A user's iOS device is enrolled in Microsoft Intune. The user reports that they cannot install the Company Portal app from the App Store. What is the most likely reason?

Question 70hardmultiple choice
Read the full Manage and maintain devices explanation →

You manage a hybrid Azure AD joined Windows 10 device with Intune. The device is showing as 'Pending' enrollment. You have verified that the user has an Intune license and the device is synced with Azure AD Connect. What is the most likely issue?

Question 71mediummulti select
Read the full Manage and maintain devices explanation →

Which TWO actions can you perform to reduce the amount of time it takes for a Windows 10 device to receive a new policy from Microsoft Intune?

Question 72hardmulti select
Read the full Manage and maintain devices explanation →

Which THREE factors should you consider when planning the deployment of Windows 10 feature updates using Intune?

Question 73easymulti select
Read the full Manage and maintain devices explanation →

Which TWO methods can you use to enroll a Windows 10 device in Microsoft Intune?

Question 74mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You have applied this compliance policy to a Windows 10 device running build 10.0.19044. The device meets all requirements except that the firewall is disabled. What will be the compliance status of the device?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "passwordRequired": true,
  "passwordMinimumLength": 6,
  "passwordRequiredType": "deviceDefault",
  "osMinimumVersion": "10.0.19041.0",
  "osMaximumVersion": "10.0.22621.0",
  "storageRequireEncryption": true,
  "activeFirewallRequired": true,
  "defenderEnabled": true
}
Question 75hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You apply this device configuration profile to a Windows 10 device. A user downloads a file that is classified as potentially unwanted application (PUA). What action will Defender take?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
  "defenderDetectedMalwareActions": {
    "lowSeverity": "clean",
    "moderateSeverity": "clean",
    "highSeverity": "block",
    "severeSeverity": "block"
  },
  "defenderCloudBlockLevel": "high",
  "defenderPromptForSampleSubmission": "alwaysPrompt",
  "defenderPUAProtection": "enabled"
}
Question 76mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You have applied this compliance policy to a Windows 10 device running build 10.0.19044. The device meets all requirements except that the firewall is disabled. What will be the compliance status of the device?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "passwordRequired": true,
  "passwordMinimumLength": 6,
  "passwordRequiredType": "deviceDefault",
  "osMinimumVersion": "10.0.19041.0",
  "osMaximumVersion": "10.0.22621.0",
  "storageRequireEncryption": true,
  "activeFirewallRequired": true,
  "defenderEnabled": true
}
Question 77mediummultiple choice
Read the full Manage and maintain devices explanation →

You manage Windows 10 devices enrolled in Microsoft Intune. Users report that the Company Portal app is not installing required apps. You verify that the devices are compliant and checked in recently. What is the most likely cause?

Question 78hardmultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage devices. You need to deploy a PowerShell script that runs every time a user logs in to a Windows 10 device. The script must run with administrative privileges. Which deployment approach should you use?

Question 79easymultiple choice
Read the full Manage and maintain devices explanation →

You need to ensure that Windows 10 devices are automatically upgraded to Windows 11 if they meet hardware requirements. Which policy should you configure in Microsoft Intune?

Question 80hardmultiple choice
Read the full network assurance explanation →

Refer to the exhibit. You create a custom configuration profile in Intune for Windows 10 devices. The profile is assigned to a test device, but the telemetry setting is not applied. The device is managed and compliant. What is the most likely reason?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10CustomConfiguration",
  "id": "00000000-0000-0000-0000-000000000000",
  "displayName": "Custom OMA-URI Policy",
  "omaSettings": [
    {
      "@odata.type": "#microsoft.graph.omaSettingString",
      "displayName": "Disable Telemetry",
      "omaUri": "./Vendor/MSFT/Policy/Config/System/AllowTelemetry",
      "value": "0"
    },
    {
      "@odata.type": "#microsoft.graph.omaSettingInteger",
      "displayName": "Max Inactivity Timeout",
      "omaUri": "./Vendor/MSFT/Policy/Config/DeviceLock/DeviceLockMaxInactivityTimeAllow",
      "value": "300"
    }
  ]
}
Question 81easymultiple choice
Read the full Manage and maintain devices explanation →

You need to remotely wipe a lost corporate-owned iOS device enrolled in Microsoft Intune. The device is currently offline. What will happen when the device comes online?

Question 82mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Windows 10 devices. You need to enforce BitLocker encryption on all devices. Some devices are not encrypting even though the policy is assigned. What should you check first?

Question 83hardmultiple choice
Read the full Manage and maintain devices explanation →

Users report that after updating to Windows 11, their devices are no longer receiving policy updates from Intune. The devices appear as active and compliant in the Intune console. What is the most likely cause?

Question 84easymultiple choice
Read the full Manage and maintain devices explanation →

You need to block users from enrolling personal Android devices in Microsoft Intune. Which enrollment restriction should you configure?

Question 85mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You create a compliance policy for Windows 10 devices. A device is reported as non-compliant. Upon investigation, you find that the device has a password of 6 characters. Which setting is causing the non-compliance?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "displayName": "Windows 10 Compliance",
  "requireDeviceEncryption": true,
  "requireSecureBoot": true,
  "requireCodeIntegrity": true,
  "passwordRequired": true,
  "passwordMinimumLength": 8
}
Question 86mediummulti select
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage devices. You need to deploy a line-of-business (LOB) app to iOS devices. Which TWO conditions must be met?

Question 87hardmulti select
Read the full Manage and maintain devices explanation →

You need to configure a Microsoft Intune policy to ensure that only devices with a minimum OS version can access corporate email. Which THREE policy types can enforce this requirement?

Question 88easymulti select
Read the full Manage and maintain devices explanation →

You need to deploy a Windows 10 feature update to a pilot group. Which TWO steps are required in Microsoft Intune?

Question 89hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You run this Microsoft Graph PowerShell command to retrieve managed devices. The output shows a device with a lastSyncDateTime of 5 days ago. What does this indicate?

Exhibit

Get-MgDeviceManagementManagedDevice -Filter "operatingSystem eq 'Windows'" | Select-Object id, deviceName, enrolledDateTime, lastSyncDateTime, complianceState
Question 90mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage devices. You need to ensure that only corporate-owned Windows 10 devices are allowed to access Microsoft 365 services. You have configured a conditional access policy to require compliant devices. What else must you do to identify corporate-owned devices?

Question 91easymultiple choice
Read the full Manage and maintain devices explanation →

You need to retire a device in Microsoft Intune. What is the effect of retiring a device?

Question 92mediummultiple choice
Read the full Manage and maintain devices explanation →

A company manages Windows 10 and Windows 11 devices using Microsoft Intune. They need to ensure that devices that have not checked in with Intune for more than 30 days are automatically marked as inactive and excluded from compliance policies. Which configuration should be used?

Question 93hardmultiple choice
Read the full Manage and maintain devices explanation →

An organization uses Microsoft Intune to manage Windows devices. They want to deploy a Win32 app that requires admin rights to install. The app must be installed in the system context and should not require user interaction. Which installation behavior should be configured?

Question 94easymultiple choice
Read the full Manage and maintain devices explanation →

A company uses Microsoft Intune to manage iOS/iPadOS devices. They need to enforce a policy that requires users to set a device passcode of at least 6 characters. Which type of policy should they create?

Question 95mediummultiple choice
Read the full Manage and maintain devices explanation →

An organization manages Windows 10 devices with Microsoft Intune. They need to deploy a PowerShell script that runs once on each device to remediate a security issue. The script should not run again after successful execution. Which configuration should be used?

Question 96hardmultiple choice
Read the full Manage and maintain devices explanation →

A company uses Microsoft Intune for mobile device management. They have a group of Android Enterprise devices that need to be enrolled in a way that allows the device to have a work profile while keeping personal apps separate. Which enrollment method should be used?

Question 97easymultiple choice
Read the full Manage and maintain devices explanation →

An organization uses Microsoft Intune to manage Windows devices. They want to ensure that only devices with a TPM 2.0 chip can access corporate email. Which policy should be configured?

Question 98mediummultiple choice
Read the full Manage and maintain devices explanation →

A company uses Microsoft Intune to manage macOS devices. They need to deploy a custom plist configuration file to set security settings. Which policy type should they use?

Question 99hardmultiple choice
Read the full Manage and maintain devices explanation →

An organization uses Microsoft Intune for device management. They have a requirement that all Windows devices must have BitLocker enabled. They want to automatically remediate any device that has BitLocker disabled by running a PowerShell script. Which Intune feature should be used?

Question 100easymultiple choice
Read the full Manage and maintain devices explanation →

A company uses Microsoft Intune to manage devices. They need to report on which devices have a specific Windows update installed. Which reporting method should be used?

Question 101mediummulti select
Read the full Manage and maintain devices explanation →

A company manages devices with Microsoft Intune. They need to deploy a line-of-business (LOB) app to iOS devices. Which TWO of the following are required?

Question 102hardmulti select
Read the full Manage and maintain devices explanation →

An organization uses Microsoft Intune to manage Windows devices. They need to configure a policy to enforce disk encryption on devices. Which THREE of the following are valid encryption options?

Question 103easymulti select
Read the full Manage and maintain devices explanation →

A company uses Microsoft Intune to manage devices. They want to use a script to collect inventory data from Windows devices. Which TWO methods can be used?

Question 104hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. The JSON snippet shows a dynamic device group configuration in Microsoft Intune. What is the effect of the 'enrollmentTimeDeviceMembershipLimit' property set to 15?

Exhibit

{
  "enrollmentTimeDeviceMembershipLimit": 15,
  "reusableGroupSetting": {
    "@odata.type": "#microsoft.graph.deviceManagementReusableGroupSetting",
    "id": "reusable-group-id",
    "displayName": "All Windows Devices"
  },
  "scopeTagIds": ["default"]
}
Question 105mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. A Microsoft Graph PowerShell cmdlet retrieves devices. What is the purpose of this query?

Exhibit

Get-IntuneManagedDevice -Filter "(operatingSystem eq 'Windows') and (lastSyncDateTime lt '2025-01-01T00:00:00Z')"
Question 106easymultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. A compliance policy is defined for Windows 10 devices. What is the minimum OS version required?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "passwordRequired": true,
  "passwordMinimumLength": 8,
  "passwordRequiredType": "deviceDefault",
  "osMinimumVersion": "10.0.19041.0"
}
Question 107mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization manages Windows 10 and Windows 11 devices with Microsoft Intune. Users report that new Microsoft Store apps are not automatically installing on their devices as expected. You verify that the Intune policy 'Allow Microsoft Store for Business' is set to 'Allow'. What is the most likely reason the apps are not installing?

Question 108hardmultiple choice
Read the full Manage and maintain devices explanation →

A company uses Microsoft Intune to manage macOS devices. A security audit requires that all macOS devices must have FileVault encryption enabled. Compliance policy reports show that 90% of devices are compliant, but 10% are non-compliant. You review the non-compliant devices and find that FileVault is enabled on them. What is the most likely cause of the non-compliance?

Question 109easymultiple choice
Read the full Manage and maintain devices explanation →

You need to deploy a line-of-business (LOB) iOS app to company-owned devices using Microsoft Intune. The app is signed with an enterprise certificate. Which deployment method should you use?

Question 110mediummultiple choice
Read the full wireless explanation →

Your organization uses Microsoft Intune to manage Windows 11 devices. You need to ensure that devices cannot connect to unsecured Wi-Fi networks. Which policy type should you configure?

Question 111hardmultiple choice
Read the full Manage and maintain devices explanation →

A user has a Windows 10 device that is enrolled in Microsoft Intune. The user reports that they cannot install a required app from the Company Portal. You check the Intune console and see that the app assignment is 'Required' but the installation status shows 'Failed'. The device is compliant. What should you check first?

Question 112easymultiple choice
Read the full Manage and maintain devices explanation →

You manage Android Enterprise devices with Microsoft Intune. You need to ensure that work profile apps are automatically installed when a user enlists their device. What should you configure?

Question 113mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage devices. You need to ensure that only compliant devices can access corporate Exchange Online email. Which conditional access policy setting should you use?

Question 114hardmultiple choice
Read the full Manage and maintain devices explanation →

You are troubleshooting a Windows 10 device that is not receiving policy updates from Intune. The device shows 'Pending' status in the Intune console. The device is connected to the internet. What is the most likely cause?

Question 115easymultiple choice
Read the full Manage and maintain devices explanation →

You need to remotely wipe a lost corporate-owned iOS device that is enrolled in Microsoft Intune. Which action should you perform in the Intune console?

Question 116mediummulti select
Read the full Manage and maintain devices explanation →

Your organization is planning to use Microsoft Intune to manage Windows 11 devices. Which TWO are prerequisites for enrolling a Windows device in Intune?

Question 117hardmulti select
Read the full Manage and maintain devices explanation →

You are configuring app protection policies (MAM) in Microsoft Intune for iOS devices. Which THREE settings can you configure to prevent data leakage?

Question 118easymulti select
Read the full Manage and maintain devices explanation →

You need to deploy Microsoft Defender for Endpoint to Windows 10 devices using Microsoft Intune. Which TWO methods can you use to deploy the Microsoft Defender for Endpoint client?

Question 119hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. The JSON shows a device queried from Microsoft Graph. The device shows as compliant, but the user reports that they are unable to access corporate resources. The conditional access policy requires device compliance. What is a likely reason for the access issue?

Exhibit

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/managedDevices/$entity",
  "id": "12345678-1234-1234-1234-123456789012",
  "deviceName": "LAPTOP01",
  "operatingSystem": "Windows",
  "complianceState": "compliant",
  "lastSyncDateTime": "2025-12-01T10:30:00Z",
  "userPrincipalName": "user@contoso.com",
  "enrolledDateTime": "2025-11-15T08:00:00Z",
  "managementAgent": "mdm"
}
Question 120easymultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. The JSON shows a compliance policy for Windows 10 devices. A device is marked as non-compliant even though it has a password of length 8, firewall enabled, and Defender enabled. What is the most likely cause?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "passwordRequired": true,
  "passwordMinimumLength": 6,
  "passwordRequireToUnlockFromIdle": true,
  "passwordMinutesOfInactivityBeforeLock": 5,
  "requireActiveFirewall": true,
  "requireAntivirus": true,
  "requireDefender": true
}
Question 121mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. The ARM template snippet attempts to deploy a Windows 10 Security Baseline policy in Intune. The deployment fails. What is the most likely reason?

Exhibit

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Intune/configurationPolicies",
      "apiVersion": "2025-05-01",
      "name": "Win10-Security-Baseline",
      "properties": {
        "templateReference": {
          "templateId": "Microsoft.Windows10.SecurityBaseline"
        },
        "settings": [
          {
            "settingInstance": {
              "choiceSettingValue": {
                "value": "Microsoft.Windows10.SecurityBaseline.BlockUserFromModifyingAccountPolicies"
              }
            }
          }
        ]
      }
    }
  ]
}
Question 122mediummultiple choice
Read the full Manage and maintain devices explanation →

You manage Windows 10 devices with Microsoft Intune. Users report that after a recent Windows update, some devices fail to enroll in mobile device management (MDM). You verify that the devices are domain-joined and can reach the internet. Which configuration should you check first?

Question 123easymultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage iOS devices. You need to ensure that only devices with a passcode of at least 6 characters can access corporate email. What should you create?

Question 124hardmultiple choice
Read the full Manage and maintain devices explanation →

You manage Windows 11 devices with Microsoft Intune. Some users report that their device is marked as noncompliant even though it meets all compliance rules. You discover that the devices have not checked in with Intune for over 30 days. What should you do to prevent this issue?

Question 125mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Android Enterprise devices. You need to deploy a custom app that is not available in the Google Play Store. Which app deployment method should you use?

Question 126hardmultiple choice
Read the full Manage and maintain devices explanation →

You manage devices with Microsoft Intune. You need to ensure that only devices with a specific BIOS serial number can enroll. What should you configure?

Question 127easymultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Windows Autopilot for device provisioning. Users report that after initial setup, devices are not automatically enrolled in Microsoft Intune. What should you verify?

Question 128mediummultiple choice
Read the full Manage and maintain devices explanation →

You manage devices with Microsoft Intune. Users report that after a recent policy change, some devices are not receiving updated policies. You verify that the devices are online and have connectivity. What should you do to force a policy refresh?

Question 129hardmultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Windows devices. You need to ensure that only users in the Sales department can enroll their devices. What should you configure?

Question 130mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage macOS devices. You need to deploy a custom shell script that runs once on each device. What should you configure?

Question 131mediummulti select
Read the full Manage and maintain devices explanation →

Which TWO actions can you perform in Microsoft Intune to remediate a noncompliant Windows device that has been marked as noncompliant due to missing antivirus? (Choose two.)

Question 132hardmulti select
Read the full Manage and maintain devices explanation →

Which THREE conditions can be used to create a dynamic device group in Microsoft Entra ID for Intune management? (Choose three.)

Question 133easymulti select
Read the full Manage and maintain devices explanation →

Which TWO are valid methods to deploy Microsoft 365 Apps to Windows devices using Microsoft Intune? (Choose two.)

Question 134hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. The JSON snippet shows a device compliance policy for Windows 10. You assign this policy to a device group. Some devices report as noncompliant even though they have BitLocker enabled and meet password requirements. What is the most likely cause?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "description": "Windows 10 compliance policy requiring encryption",
  "deviceThreatProtectionEnabled": true,
  "deviceThreatProtectionRequiredSecurityLevel": "high",
  "bitLockerEnabled": true,
  "storageRequireEncryption": true,
  "passwordRequired": true,
  "passwordMinimumLength": 6
}
Question 135mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You run the PowerShell cmdlet in Microsoft Graph to list managed Windows devices. The output shows that several devices have a complianceState of 'noncompliant' but lastSyncDateTime is recent. What is the most likely reason for noncompliance?

Exhibit

Get-MgDeviceManagementManagedDevice -Filter "operatingSystem eq 'Windows'" | Select-Object id, deviceName, complianceState, lastSyncDateTime
Question 136easymultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. The JSON snippet shows a Windows Update for Business policy assigned to a device group. Users report that quality updates are installed 7 days after release. Which setting controls this behavior?

Exhibit

{
  "@odata.type": "#microsoft.graph.windowsUpdateForBusinessConfiguration",
  "updateClassification": "all",
  "automaticUpdateMode": "autoInstallAndRebootWithEndUserControl",
  "businessReadyUpdatesOnly": "all",
  "featureUpdateDeferralPeriodInDays": 30,
  "qualityUpdateDeferralPeriodInDays": 7
}
Question 137mediummultiple choice
Read the full Manage and maintain devices explanation →

You manage Windows 10 devices enrolled in Microsoft Intune. Users report that the Windows Update for Business policy is not applying to some devices. You verify the devices are assigned the correct update ring. What should you check first?

Question 138hardmultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage iOS/iPadOS devices. You need to ensure that only approved apps can be installed on corporate-owned devices. Which configuration profile type should you use?

Question 139easymultiple choice
Read the full Manage and maintain devices explanation →

You need to deploy a line-of-business (LOB) app to Windows 10 devices managed by Intune. The app is a .msi file. Which app type should you select when adding the app in Intune?

Question 140mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization has a mix of Windows 10 and Windows 11 devices managed by Intune. You need to enforce BitLocker encryption on all devices. Which policy type should you configure?

Question 141hardmultiple choice
Read the full Manage and maintain devices explanation →

Users report that their Android Enterprise fully managed devices are not receiving email profiles pushed from Intune. You confirm the devices are enrolled and show as compliant. What is the most likely cause?

Question 142easymultiple choice
Read the full Manage and maintain devices explanation →

You need to remotely wipe a lost corporate-owned iOS device that is managed by Intune. Which action should you use?

Question 143mediummultiple choice
Read the full Manage and maintain devices explanation →

You need to configure a Windows 10 device to automatically install updates from a specific branch readiness level. Which setting in the Update ring policy should you configure?

Question 144hardmultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage macOS devices. You need to deploy a .pkg app to these devices. What is the recommended method?

Question 145easymultiple choice
Read the full Manage and maintain devices explanation →

You need to ensure that only compliant devices can access Exchange Online. Which Intune policy should you use?

Question 146mediummulti select
Read the full Manage and maintain devices explanation →

Which TWO actions can you perform on a managed device from the Microsoft Intune admin center?

Question 147hardmulti select
Read the full Manage and maintain devices explanation →

Which THREE are supported reporting options in Microsoft Intune for device compliance?

Question 148easymulti select
Read the full Manage and maintain devices explanation →

Which TWO are valid methods to enroll Windows devices in Microsoft Intune?

Question 149hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You are reviewing a Windows 10 compliance policy JSON. What is the purpose of the 'osMinimumVersion' setting?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "description": "Require BitLocker and Secure Boot",
  "deviceThreatProtectionEnabled": true,
  "deviceThreatProtectionRequiredSecurityLevel": "medium",
  "bitLockerEnabled": true,
  "secureBootEnabled": true,
  "osMinimumVersion": "10.0.19042.0"
}
Question 150mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You run a PowerShell command to retrieve a managed device's details. The ComplianceState is 'compliant' but the device has not synced in 7 days. What is the most likely reason?

Exhibit

Get-MgDeviceManagementManagedDevice -ManagedDeviceId "12345678-1234-1234-1234-123456789012" | Select-Object -Property DeviceName, OperatingSystem, ComplianceState, LastSyncDateTime
Question 151easymultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You are reviewing a Windows 10 update ring configuration JSON. What does the 'automaticUpdateBehavior' setting control?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10UpdateRingConfiguration",
  "updateNotificationLevel": "2",
  "featureUpdateDeferralInDays": 30,
  "qualityUpdateDeferralInDays": 7,
  "automaticUpdateBehavior": "autoInstallAndRebootWithEndUserControl"
}
Question 152mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Windows 11 devices. Users report that after a recent update, the Start menu layout resets to default every time they sign in. Which Intune policy setting is most likely causing this issue?

Question 153hardmultiple choice
Read the full Manage and maintain devices explanation →

You are designing a Windows 11 update strategy for a fleet of 500 devices managed by Intune. The organization requires that critical security updates be applied within 7 days, but feature updates can be delayed up to 60 days. Which Update Rings configuration should you use?

Question 154easymultiple choice
Read the full Manage and maintain devices explanation →

A user reports that their Microsoft Intune enrolled device is not receiving required compliance policies. The device shows as 'Not evaluated' in the Microsoft Intune admin center. What is the most likely cause?

Question 155hardmultiple choice
Read the full Manage and maintain devices explanation →

You have assigned the compliance policy shown in the exhibit to all Windows devices. A Windows 11 device running build 10.0.22621.1500 reports as noncompliant. Which setting is causing the noncompliance?

Exhibit

Refer to the exhibit.

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "description": "Windows 11 compliance policy",
  "displayName": "Win11 Compliance Policy",
  "passwordRequired": true,
  "passwordMinimumLength": 8,
  "passwordMinutesOfInactivityBeforeLock": 15,
  "osMinimumVersion": "10.0.22621.0",
  "osMaximumVersion": "10.0.22621.1000",
  "tpmRequired": true,
  "deviceThreatProtectionEnabled": true,
  "deviceThreatProtectionRequiredSecurityLevel": "medium"
}
Question 156mediummultiple choice
Read the full wireless explanation →

You are troubleshooting a user's Windows 11 device that cannot connect to the corporate Wi-Fi network. The device is managed by Intune and has a Wi-Fi profile assigned. The profile uses SCEP certificate authentication. The certificate is issued by your internal CA. The device shows 'No internet access' though it connects. What is the most likely issue?

Question 157easymultiple choice
Read the full Manage and maintain devices explanation →

You need to ensure that all iOS devices enrolled in Intune automatically install required apps (e.g., Microsoft Outlook, Teams) during enrollment. Which enrollment profile setting should you configure?

Question 158hardmultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage macOS devices. You need to deploy a custom configuration profile that sets a specific firewall rule. However, the profile fails to apply on a subset of devices. The Intune console shows 'Conflict' status. What is the most likely cause?

Question 159mediummultiple choice
Read the full Manage and maintain devices explanation →

You manage Windows 10 devices with Intune. You need to collect diagnostic logs from a remote device that is experiencing application crashes. Which Intune feature should you use?

Question 160easymultiple choice
Read the full Manage and maintain devices explanation →

A user reports that their Android Enterprise work profile device is not receiving email from the corporate Exchange Online account. The device is enrolled in Intune and shows as compliant. The Outlook app is installed but cannot connect. What should you check first?

Question 161mediummulti select
Read the full Manage and maintain devices explanation →

Which TWO actions can you perform using the Microsoft Intune admin center to manage Windows 11 devices remotely? (Choose two.)

Question 162hardmulti select
Read the full Manage and maintain devices explanation →

Which THREE conditions must be met for a Windows device to be able to enroll in Microsoft Intune using Microsoft Entra ID join? (Choose three.)

Question 163easymulti select
Read the full Manage and maintain devices explanation →

Which TWO of the following are valid remote assistance tools for Windows devices managed by Microsoft Intune? (Choose two.)

Question 164hardmultiple choice
Read the full Manage and maintain devices explanation →

You apply the custom policy shown in the exhibit to a Windows 11 device. Users report that they cannot use Bluetooth devices (e.g., mouse, keyboard) after the policy applies. Which setting in the policy is causing this issue?

Exhibit

Refer to the exhibit.

{
  "@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
  "displayName": "Windows 11 Security Baseline",
  "description": "Custom security settings",
  "passwordRequire": true,
  "passwordMinimumLength": 10,
  "passwordExpirationDays": 90,
  "passwordPreviousPasswordBlockCount": 24,
  "passwordMinutesOfInactivityBeforeScreenTimeout": 15,
  "allowCopyPaste": false,
  "allowCamera": false,
  "allowBluetooth": false,
  "allowVPNOverCellular": false,
  "allowStorageCard": false,
  "allowWiFi": true
}
Question 165mediummultiple choice
Read the full Manage and maintain devices explanation →

You need to deploy a custom Windows 11 feature update to a pilot group of 50 devices before rolling out to the entire organization. The devices are managed by Intune and are in a 'Pilot' Azure AD group. What is the best approach?

Question 166hardmultiple choice
Read the full Manage and maintain devices explanation →

A Windows 11 device running build 10.0.22621.500 reports as noncompliant with the policy shown. The device meets all password requirements, has BitLocker enabled, and uses Microsoft Defender for Endpoint with a 'high' security level. What is the most likely cause of noncompliance?

Exhibit

Refer to the exhibit.

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "displayName": "Win11 Compliance",
  "passwordRequired": true,
  "passwordMinimumLength": 8,
  "passwordMinutesOfInactivityBeforeLock": 5,
  "osMinimumVersion": "10.0.22000.0",
  "osMaximumVersion": "10.0.22621.1000",
  "storageRequireEncryption": true,
  "deviceThreatProtectionEnabled": true,
  "deviceThreatProtectionRequiredSecurityLevel": "high"
}
Question 167hardmultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Windows 10 devices. Users report that after a recent software update, the Start menu layout is missing. You need to restore the Start menu layout using Intune. What should you do?

Question 168mediummultiple choice
Read the full Manage and maintain devices explanation →

Your company has iOS/iPadOS devices enrolled in Microsoft Intune. You need to ensure that users cannot remove the Microsoft Intune Company Portal app from their devices. What should you configure?

Question 169easymultiple choice
Read the full Manage and maintain devices explanation →

You manage Windows 10 devices with Microsoft Intune. You need to deploy a PowerShell script that runs in the user context to configure user settings. What type of script should you use?

Question 170mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage devices. You need to ensure that only compliant devices can access corporate email. You configure a Conditional Access policy in Microsoft Entra ID targeting Exchange Online. What else must you configure in Intune to enforce compliance?

Question 171hardmultiple choice
Read the full Manage and maintain devices explanation →

Your company has a Microsoft Intune environment with Windows devices. You need to deploy a Microsoft 365 Apps update using the Semi-Annual Enterprise Channel. You have configured the update channel in an Intune administrative template. However, devices are not receiving the updates. What is the most likely cause?

Question 172mediummulti select
Read the full Manage and maintain devices explanation →

Which TWO settings can you configure in a Microsoft Intune device compliance policy for Android Enterprise devices?

Question 173hardmulti select
Read the full Manage and maintain devices explanation →

Which THREE actions are available in Microsoft Intune's proactive remediations for Windows devices?

Question 174mediummulti select
Read the full Manage and maintain devices explanation →

Which TWO methods can you use to enroll macOS devices in Microsoft Intune?

Question 175hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You are reviewing an Intune configuration profile JSON for Windows 10. The profile includes BitLocker settings. Which setting will prevent users from enabling BitLocker if another encryption method is already in use?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
  "id": "00000000-0000-0000-0000-000000000000",
  "displayName": "Windows 10 Security Baseline",
  "description": "Custom security settings",
  "passwordRequired": true,
  "passwordMinimumLength": 8,
  "passwordExpirationDays": 90,
  "passwordPreviousPasswordBlockCount": 5,
  "passwordRequiredType": "alphanumeric",
  "passwordSignInFailureCountBeforeReset": 10,
  "passwordBlockSimple": true,
  "bitLockerEncryptionMethod": "aes256",
  "bitLockerDisableWarningForOtherDiskEncryption": false
}
Question 176mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You have a compliance policy for Windows 10 devices. A device reports as non-compliant with the reason 'TPM not found'. The device does have a TPM 2.0 chip but it is disabled in BIOS. What should you do to resolve the compliance issue?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "passwordRequired": true,
  "passwordMinimumLength": 6,
  "passwordRequiredType": "numeric",
  "requireDeviceEncryption": true,
  "firewallEnabled": true,
  "antivirusEnabled": true,
  "antispywareEnabled": true,
  "tpmRequired": true
}
Question 177easymultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You are deploying Microsoft Edge via Intune as a required app for Windows devices. Which setting ensures that any previous version of Microsoft Edge is removed before installing the new version?

Exhibit

{
  "appName": "Microsoft Edge",
  "appVersion": "96.0.1054.62",
  "channel": "Stable",
  "assignment": {
    "intent": "required",
    "installationPurpose": "system",
    "settings": {
      "uninstallPrevious": true
    }
  }
}
Question 178hardmultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune and Microsoft Defender for Endpoint. You need to ensure that when a device is determined to be at high risk by Defender, it is automatically blocked from accessing corporate resources. What should you configure?

Question 179easymultiple choice
Read the full Manage and maintain devices explanation →

Your company uses Microsoft Intune to manage Windows 10 devices. You need to ensure that all devices have Windows Defender Antivirus real-time protection enabled. What should you configure?

Question 180hardmulti select
Read the full Manage and maintain devices explanation →

Which THREE features are available in Microsoft Intune's Windows Autopilot for existing devices?

Question 181mediummulti select
Read the full Manage and maintain devices explanation →

Which TWO settings can be configured in a Microsoft Intune device compliance policy for iOS/iPadOS?

Question 182mediummultiple choice
Read the full Manage and maintain devices explanation →

A user reports that their Windows 11 device is not receiving compliance policies from Microsoft Intune. The device shows as 'Not evaluated' in the Microsoft Intune admin center. The user has confirmed that the device is enrolled and connected to the internet. Which is the most likely cause?

Question 183hardmultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Windows 10 devices. You need to deploy a PowerShell script that runs during the device provisioning process, before the user signs in. The script should be assigned to a device group containing all Autopilot devices. Which method should you use?

Question 184easymultiple choice
Read the full Manage and maintain devices explanation →

A company is planning to use Windows Autopilot to deploy new devices. They want to ensure that devices are automatically enrolled in Microsoft Intune when a user signs in with their Microsoft Entra ID credentials. Which configuration is required?

Question 185mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Defender for Endpoint (now part of Microsoft Defender XDR) to manage endpoint security. You need to ensure that all Windows 10 devices are onboarded to Defender for Endpoint via Microsoft Intune. Which policy type should you use?

Question 186hardmultiple choice
Read the full Manage and maintain devices explanation →

You manage devices with Microsoft Intune. You need to deploy a line-of-business (LOB) app that is signed with a certificate not trusted by the devices. The app requires installation in the system context. Which deployment method should you use?

Question 187easymultiple choice
Read the full Manage and maintain devices explanation →

A user's mobile device is lost. You need to remotely wipe the device using Microsoft Intune. What is the correct sequence of actions?

Question 188mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage devices. You need to ensure that only devices with a minimum OS version can access corporate email via Microsoft Outlook for iOS. Which policy type should you configure?

Question 189hardmultiple choice
Read the full Manage and maintain devices explanation →

You are troubleshooting a Windows 10 device that is not receiving Intune policies. The device is enrolled and shows as 'Active' in the Intune admin center. You run the Get-MgDeviceManagementManagedDevice cmdlet and the device's managementAgent is 'mdm'. Which of the following is the most likely cause of the issue?

Question 190easymultiple choice
Read the full Manage and maintain devices explanation →

Your organization wants to use Windows Autopilot for user-driven deployment. Users should be able to self-deploy their devices by signing in with their corporate credentials. Which Autopilot deployment mode should you use?

Question 191mediummulti select
Read the full Manage and maintain devices explanation →

Which TWO actions can you perform using Microsoft Intune to manage devices that are not compliant? (Choose two.)

Question 192hardmulti select
Read the full Manage and maintain devices explanation →

Which THREE conditions must be met for a Windows 10 device to be co-managed with Microsoft Intune and Microsoft Configuration Manager? (Choose three.)

Question 193easymulti select
Read the full Manage and maintain devices explanation →

Which TWO of the following are device configuration settings you can manage with Microsoft Intune? (Choose two.)

Question 194easymultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You are reviewing a JSON policy for Windows 10 compliance. Which of the following is required by this policy?

Exhibit

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "description": "Require BitLocker and Secure Boot",
  "passwordRequired": true,
  "passwordMinimumLength": 6,
  "requireDeviceEncryption": true,
  "secureBootEnabled": true,
  "tpmRequired": true,
  "roleScopeTagIds": ["0"],
  "id": "00000000-0000-0000-0000-000000000001"
}
Question 195mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You run a PowerShell cmdlet to get managed devices and see the output above. The device is noncompliant. What is the most likely reason?

Exhibit

{
  "value": [
    {
      "@odata.type": "#microsoft.graph.managedDevice",
      "id": "12345678-1234-1234-1234-123456789012",
      "deviceName": "DESKTOP-ABC123",
      "operatingSystem": "Windows",
      "osVersion": "10.0.19045.3803",
      "complianceState": "noncompliant",
      "lastSyncDateTime": "2025-03-15T10:30:00Z",
      "enrolledDateTime": "2025-01-10T08:00:00Z"
    }
  ]
}
Question 196hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You are reviewing a Win32 app configuration in Microsoft Intune. The app is not installing on some Windows 10 devices. Which is the most likely reason?

Exhibit

{
  "properties": {
    "displayName": "Win32 App Deployment",
    "description": "Deploy custom script",
    "publisher": "Contoso",
    "installExperience": "system",
    "requirementRule": {
      "@odata.type": "#microsoft.graph.win32LobAppRequirement",
      "operator": "greaterThanOrEqual",
      "value": "10.0.19041"
    },
    "detectionRule": {
      "@odata.type": "#microsoft.graph.win32LobAppDetection",
      "path": "C:\\Program Files\\Contoso\\App.exe",
      "fileOrFolderName": "App.exe",
      "check32BitOn64System": false
    },
    "installCommandLine": "setup.exe /silent",
    "uninstallCommandLine": "setup.exe /uninstall"
  }
}
Question 197mediummultiple choice
Read the full Manage and maintain devices explanation →

A company uses Microsoft Intune to manage Windows 11 devices. Users report that the Company Portal app is not showing required applications. You verify that the devices show as 'Compliant' in Microsoft Intune. Which configuration should you check first?

Question 198hardmultiple choice
Read the full Manage and maintain devices explanation →

You are troubleshooting an iPhone that cannot enroll in Microsoft Intune. The user receives an error stating 'This device is already enrolled in another MDM.' What is the most likely cause?

Question 199easymultiple choice
Read the full Manage and maintain devices explanation →

A user reports that their Windows 11 device is not receiving security updates. The device is enrolled in Microsoft Intune and shows as compliant. You check the Update Rings policy and see that the device is assigned to a ring that defers updates by 30 days. What should you do to ensure the device gets the latest security updates immediately?

Question 200mediummultiple choice
Read the full wireless explanation →

Your organization uses Microsoft Intune to manage iOS devices. You need to deploy a custom configuration profile to configure Wi-Fi settings for corporate devices. Which method should you use?

Question 201hardmultiple choice
Read the full Manage and maintain devices explanation →

You need to ensure that Windows 10 devices automatically receive Microsoft 365 Apps updates from the Internet when not connected to the corporate network. Which update channel should you configure?

Question 202easymultiple choice
Read the full Manage and maintain devices explanation →

A user's Windows 11 device is not receiving the Company Portal app after enrollment. The device is enrolled in Microsoft Intune. What is the most likely cause?

Question 203mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Android Enterprise devices. You need to ensure that corporate apps are installed automatically on new devices without user interaction. Which enrollment method should you use?

Question 204hardmultiple choice
Read the full Manage and maintain devices explanation →

You are deploying Windows 11 devices using Windows Autopilot. Some devices are not registering in Microsoft Intune. You have verified that the hardware hashes are uploaded correctly. What is the most likely cause?

Question 205easymultiple choice
Read the full Manage and maintain devices explanation →

A user's device is marked as 'Noncompliant' in Microsoft Intune due to missing required updates. The device is configured with a compliance policy that requires a minimum OS version. The user claims the device is up-to-date. What should you verify first?

Question 206mediummulti select
Read the full Manage and maintain devices explanation →

Which THREE actions can you perform using Microsoft Intune's remote assistance feature for Windows devices?

Question 207hardmulti select
Read the full Manage and maintain devices explanation →

Which TWO Windows Update for Business policies can you configure using Microsoft Intune?

Question 208mediummulti select
Read the full Manage and maintain devices explanation →

Which THREE are valid Windows Autopilot deployment scenarios?

Question 209hardmultiple choice
Read the full Manage and maintain devices explanation →

You have a Windows 10 device running OS version 10.0.19043.1234. The device is compliant with all settings except password requirements. The device does not have a password set. What is the compliance status?

Exhibit

Refer to the exhibit.

```json
{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "passwordRequired": true,
  "passwordMinimumLength": 6,
  "passwordMinutesOfInactivityBeforeLock": 15,
  "passwordExpirationDays": 90,
  "passwordPreviousPasswordBlockCount": 5,
  "passwordRequiredType": "deviceDefault",
  "osMinimumVersion": "10.0.19042.0",
  "osMaximumVersion": "10.0.19044.0",
  "storageRequireEncryption": true
}
```
Question 210easymultiple choice
Read the full Manage and maintain devices explanation →

A Windows 10 device is assigned this update ring policy. A new quality update is released today. When will the device install the update?

Exhibit

Refer to the exhibit.

```json
{
  "@odata.type": "#microsoft.graph.windowsUpdateForBusinessConfiguration",
  "deliveryOptimizationMode": "httpOnly",
  "microsoftUpdateServiceAllowed": true,
  "automaticUpdateMode": "autoInstallAndRebootWithWarning",
  "qualityUpdateDeferralPeriodInDays": 0,
  "featureUpdateDeferralPeriodInDays": 30
}
```
Question 211mediummultiple choice
Read the full Manage and maintain devices explanation →

You deployed this endpoint protection policy to a Windows 10 device. A user reports that a known malicious file was downloaded but not blocked. What is the most likely reason?

Exhibit

Refer to the exhibit.

```json
{
  "@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
  "defenderBlockOnAccessProtection": true,
  "defenderScheduleScanDay": "everyday",
  "defenderScanType": "quick",
  "defenderCloudBlockLevel": "high",
  "defenderPUAProtection": "enabled",
  "defenderRealTimeScanDirection": "monitorAllFiles"
}
```
Question 212hardmultiple choice
Read the full Manage and maintain devices explanation →

You manage a hybrid Microsoft Entra ID environment with 5,000 Windows 10 devices enrolled in Microsoft Intune. You need to deploy a critical security update that requires a reboot to all devices within the next 4 hours. Users must be able to postpone the reboot for up to 8 hours. You configure a device restart policy in Intune. Which deadline and grace period settings should you use?

Question 213mediummultiple choice
Read the full VPN explanation →

Your organization uses Microsoft Intune for Windows device management. Users report that after a recent update, the company VPN client fails to start. You suspect a driver conflict. Which Intune feature should you use to roll back the problematic driver without affecting other updates?

Question 214easymultiple choice
Read the full Manage and maintain devices explanation →

You need to ensure that all Windows 11 devices in your organization have BitLocker enabled and the recovery key escrowed to Microsoft Entra ID. Which Intune policy should you configure?

Question 215hardmulti select
Read the full Manage and maintain devices explanation →

You are troubleshooting a Windows 10 device that is not receiving a required security policy from Intune. The device shows as 'Not compliant' in the Intune console. Which TWO actions should you take to resolve the issue?

Question 216mediummulti select
Read the full Manage and maintain devices explanation →

You are designing a Windows 10 update strategy using Windows Update for Business and Intune. Which THREE settings should you configure to ensure updates are delivered efficiently while minimizing user disruption?

Question 217easymulti select
Read the full Manage and maintain devices explanation →

Your organization requires that all managed Windows devices have Microsoft Defender Antivirus enabled and running. Which TWO methods can you use to verify this compliance?

Question 218mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You apply this Intune custom OMA-URI policy to a Windows 10 device. What is the expected outcome?

Exhibit

{
  "exhibit": "{\"@odata.type\": \"#microsoft.graph.windows10CustomConfiguration\",\"id\": \"c045a8a1-9e1a-4f1a-9c9a-4a7d7c6b3e2f\",\"omaSettings\": [{\"@odata.type\": \"#microsoft.graph.omaSettingString\",\"displayName\": \"Allow VPN over cellular\",\"omaUri\": \"./Device/Vendor/MSFT/Policy/Config/Connectivity/AllowVPNOverCellular\",\"value\": \"0\"}]}"
Question 219hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. A Windows 11 device assigned to this update ring is running a released version. What is the immediate behavior after the policy applies?

Exhibit

{
  "exhibit": "From Microsoft Intune admin center > Devices > Windows > Update rings. Settings: \"Servicing channel\": \"Windows Insider - Dev\", \"Quality update deferral period (days)\": 0, \"Feature update deferral period (days)\": 0, \"Feature update uninstall period (days)\": 10, \"Automatic update behavior\": \"Auto install and restart at maintenance time\"}"
Question 220mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You run this PowerShell command using the Microsoft Graph PowerShell SDK. What is the primary purpose of this command?

Exhibit

{
  "exhibit": "PowerShell command: Get-MgDeviceManagementManagedDevice -Filter \"operatingSystem eq 'Windows'\" | Select-Object id, deviceName, lastSyncDateTime, complianceState"}
Question 221easymultiple choice
Read the full Manage and maintain devices explanation →

You need to ensure that users can access corporate resources on their personal iOS devices only if they are jailbroken. Which Intune policy should you configure?

Question 222hardmultiple choice
Read the full Manage and maintain devices explanation →

You manage devices with Microsoft Intune and have enabled co-management with Configuration Manager. You need to ensure that Windows Update policies are managed by Intune for all co-managed Windows 10 devices. Which workload slider should you set in Configuration Manager?

Question 223mediummultiple choice
Read the full Manage and maintain devices explanation →

You deploy a new line-of-business app to Windows 10 devices via Intune. Users report that the app does not appear in the Company Portal. You verify that the app is assigned to the correct group. What is the most likely cause?

Question 224hardmultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Defender for Endpoint. You need to configure automatic investigation and response for devices. Which setting in the Microsoft Defender XDR portal should you adjust?

Question 225easymultiple choice
Read the full Manage and maintain devices explanation →

You need to wipe a lost corporate-owned Windows 10 device that is enrolled in Intune. Which action should you take?

Question 226mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You run this KQL query in Microsoft Sentinel. What is the result?

Exhibit

{
  "exhibit": "KQL query in Microsoft Sentinel: DeviceInfo | where TimeGenerated > ago(7d) | where OSPlatform == 'Windows' | summarize TotalDevices = dcount(DeviceId) by DeviceName"}
Question 227mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Windows 10 devices. You need to ensure that devices that haven't checked in for 30 days are automatically retired. Which configuration should you implement?

Question 228hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You are configuring a Windows Update Ring policy in Microsoft Intune. You want the pilot devices to install feature updates 30 days after Microsoft releases them, but you also need to ensure that users cannot postpone updates indefinitely. However, users are reporting that updates are installing outside of active hours. What is the most likely cause?

Exhibit

{
  "Name": "Windows Update Ring - Pilot",
  "Description": "Pilot ring for Windows feature updates",
  "Type": "Update ring for Windows 10 and later",
  "Properties": {
    "updateNotificationLevel": "2",
    "featureUpdateDeferralInDays": 30,
    "featureUpdatePauseStartDate": null,
    "qualityUpdateDeferralInDays": 7,
    "qualityUpdatePauseStartDate": null,
    "automaticUpdateBehavior": "4",
    "activeHoursStart": "08:00",
    "activeHoursEnd": "17:00"
  }
}
Question 229easymultiple choice
Read the full Manage and maintain devices explanation →

You manage a fleet of iOS devices enrolled in Microsoft Intune. You need to ensure that only approved apps can be installed on corporate devices. Which policy type should you configure?

Question 230mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune for Windows device management. You need to deploy a PowerShell script to all Windows 10 devices to remediate a security issue. The script must run in the user context. What is the best approach?

Question 231hardmultiple choice
Read the full Manage and maintain devices explanation →

You are troubleshooting a Windows 11 device that is enrolled in Microsoft Intune. The device shows 'Pending' status for a required app deployment. The app is a line-of-business (LOB) app. The device has been online for the past 24 hours. What is the most likely cause?

Question 232easymultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Android Enterprise devices. You need to ensure that corporate data on a device is wiped if the device is reported stolen. Which action should you configure?

Question 233mediummultiple choice
Read the full Manage and maintain devices explanation →

You are implementing Windows Autopilot for your organization. You need to ensure that during the first boot, the device automatically enrolls in Microsoft Intune and joins Microsoft Entra ID. What is the minimum requirement for the device?

Question 234hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You are creating a device filter in Microsoft Intune to target a policy to Windows 10 Pro devices. The filter should only apply to devices running OS build 1904x (20H1 or later). However, some devices with build 1904x and SKU Professional are not receiving the policy. What is the most likely reason?

Exhibit

{
  "DeviceFilter": {
    "Name": "Windows 10 Pro devices",
    "Rule": "(device.osVersion -startsWith \"10.0.1904\") and (device.deviceType -eq \"Windows\") and (device.skuFamily -eq \"Professional\")"
  }
}
Question 235easymultiple choice
Read the full Manage and maintain devices explanation →

You need to configure Microsoft Defender for Endpoint on Windows 10 devices managed by Intune. What is the recommended method to onboard devices?

Question 236mediummulti select
Read the full Manage and maintain devices explanation →

Which TWO actions should you take to ensure that Windows Update for Business settings are applied to all Windows 10 devices in your organization? (Choose two)

Question 237hardmulti select
Read the full Manage and maintain devices explanation →

Which THREE steps are required to configure a Windows 10 device for kiosk mode using Microsoft Intune? (Choose three)

Question 238easymulti select
Read the full Manage and maintain devices explanation →

Which TWO actions can you perform using the Microsoft Intune admin center to manage Windows devices? (Choose two)

Question 239hardmultiple choice
Read the full NAT/PAT explanation →

Your organization has 5,000 Windows 10 devices managed by Microsoft Intune. You are planning to upgrade them to Windows 11. The devices must meet the Windows 11 hardware requirements. You need to identify which devices are eligible for upgrade and then deploy Windows 11 using a feature update policy in Intune. You have the following requirements: (1) Generate a report of devices that are not eligible due to TPM 2.0 or CPU incompatibility. (2) Deploy Windows 11 to eligible devices using a phased approach: first to IT department (200 devices), then to pilot users (500 devices), and finally to all remaining devices. (3) Ensure that devices in the IT department receive the update within 7 days of Microsoft's release, while pilot users receive it after 30 days, and remaining devices after 60 days. (4) Monitor deployment progress and roll back if critical issues are detected. What should you do?

Question 240mediummultiple choice
Read the full NAT/PAT explanation →

Your organization uses Microsoft Intune to manage 1,000 Windows 10 devices and 500 iOS devices. You need to enforce device compliance policies. For Windows devices, you require BitLocker encryption and Windows Defender Antivirus enabled. For iOS devices, you require a passcode of at least 6 characters and device encryption. Devices that become noncompliant should be marked as such and users should receive a notification email. After 7 days of noncompliance, the device should be blocked from accessing corporate email. You also need to create a report that shows the compliance status of all devices. Which combination of actions should you take?

Question 241easymultiple choice
Read the full Manage and maintain devices explanation →

Your organization has 200 Windows 10 devices that are not yet managed. You need to enroll them in Microsoft Intune. The devices are already joined to on-premises Active Directory. You want to enable hybrid Azure AD join and automatic enrollment via Group Policy. The devices are located in multiple sites with limited internet bandwidth. You need to minimize the amount of data transferred over the WAN during enrollment. What should you do?

Question 242mediummultiple choice
Read the full Manage and maintain devices explanation →

You manage Windows 10 devices with Microsoft Intune. A user reports that their device is not receiving required compliance policies, and the device status in Intune shows 'Not evaluated' for compliance. You confirm the device is enrolled and able to sync. What should you check first?

Question 243easymultiple choice
Read the full Manage and maintain devices explanation →

You need to deploy a critical security update to 500 Windows 10 devices managed by Intune. The update must be installed by the end of the week. Which deployment method should you use?

Question 244hardmultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage iOS devices. You need to ensure that corporate data on these devices is automatically removed when a user is unenrolled from Intune. Which action should you configure?

Question 245mediummultiple choice
Read the full Manage and maintain devices explanation →

You have a Windows 11 device enrolled in Intune that is not receiving configuration profiles. The device shows 'Pending' status for all profiles. You confirm the device is connected to the internet and can reach Microsoft's servers. What is the most likely cause?

Question 246hardmultiple choice
Read the full Manage and maintain devices explanation →

You are troubleshooting a Windows 11 device that fails to receive a PowerShell script deployed via Intune. The script is assigned to a group containing the device. Other policies on the device apply successfully. What should you check first?

Question 247easymultiple choice
Read the full Manage and maintain devices explanation →

You need to ensure that all corporate-owned Windows 11 devices automatically install critical security updates as soon as they are released by Microsoft. Which Intune feature should you configure?

Question 248mediummultiple choice
Read the full Manage and maintain devices explanation →

A user reports that their iOS device is unable to access corporate email after updating to a new iOS version. Other iOS devices are working fine. The device is enrolled in Intune and shows as compliant. What should you check?

Question 249hardmultiple choice
Read the full Manage and maintain devices explanation →

You are planning to deploy a custom line-of-business (LOB) app to 200 Windows 11 devices using Intune. The app requires a specific registry key to be present before installation. What should you do?

Question 250mediummultiple choice
Read the full Manage and maintain devices explanation →

You need to provide remote assistance to a Windows 11 device managed by Intune. The user is not technically savvy. Which Intune feature should you use?

Question 251mediummulti select
Read the full Manage and maintain devices explanation →

Which TWO actions can an Intune administrator take to ensure that only compliant devices can access corporate Exchange Online email?

Question 252hardmulti select
Read the full Manage and maintain devices explanation →

Which THREE steps are required to deploy a Windows 10 feature update (e.g., version 22H2) to a group of test devices using Intune?

Question 253mediummulti select
Read the full Manage and maintain devices explanation →

Which TWO troubleshooting steps should you take when a Windows 11 device fails to enroll in Intune with error code 0x80180014?

Question 254hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You have configured the compliance policy shown above. A user reports that their Windows 11 device is compliant with all settings except the threat level. The device has no threat protection agent installed. What will happen when the user tries to access corporate resources?

Exhibit

{
  "displayName": "Windows 10 Compliance Policy",
  "scheduledActionsForRule": [
    {
      "ruleName": "PasswordRequired",
      "scheduledActionConfigurations": [
        {
          "actionType": "block",
          "gracePeriodHours": 0,
          "notificationTemplateId": ""
        }
      ]
    }
  ],
  "deviceThreatProtectionEnabled": true,
  "deviceThreatProtectionRequiredSecurityLevel": "low",
  "passwordRequired": true,
  "passwordMinimumLength": 8,
  "passwordMinutesOfInactivityBeforeLock": 5
}
Question 255mediummultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You run the PowerShell command above to get a list of noncompliant devices. The output shows that some devices have a complianceGracePeriodExpirationDateTime in the past. What does this indicate?

Exhibit

Get-DeviceManagement_ManagedDevices | Where-Object {$_.complianceState -eq 'noncompliant'} | Select-Object deviceName, lastSyncDateTime, complianceGracePeriodExpirationDateTime
Question 256hardmultiple choice
Read the full Manage and maintain devices explanation →

You are the Intune administrator for Contoso Ltd., a company with 5,000 Windows 11 devices and 1,000 iOS devices managed by Microsoft Intune. The company uses Microsoft Defender for Endpoint for threat detection. You need to implement a solution that ensures devices are compliant before they can access corporate resources. You have the following requirements: 1. Windows devices must have Defender for Endpoint running and report a threat level of 'low' or better. 2. iOS devices must have a PIN of at least 6 characters and be jailbreak-detected as 'not jailbroken'. 3. If a device becomes noncompliant, it should be blocked immediately with no grace period. 4. Noncompliant devices should receive a notification to the user. You create compliance policies for Windows and iOS. You also create a conditional access policy in Microsoft Entra ID to require compliant devices. After deploying, you find that some Windows devices that are missing Defender for Endpoint are still able to access email. What should you do to resolve this issue?

Question 257mediummultiple choice
Read the full Manage and maintain devices explanation →

A user reports that their Windows 11 device is not receiving configuration policies from Microsoft Intune. The device shows as 'active' in the Intune admin center. Which troubleshooting step should you take first?

Question 258hardmultiple choice
Read the full Manage and maintain devices explanation →

You are designing a Windows Update for Business deployment for a hybrid environment with 5,000 devices. You need to ensure that critical security updates are deployed within 48 hours while allowing feature updates to be delayed up to 60 days. Which policy configuration should you use?

Question 259easymultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Windows devices. You need to ensure that only IT administrators can manually install apps from the Microsoft Store. Which setting should you configure in a device restriction policy?

Question 260mediummultiple choice
Read the full Manage and maintain devices explanation →

A company uses Microsoft Intune to manage iOS/iPadOS devices. They require that all corporate data on devices be protected with a passcode of at least 6 digits. Which policy type should you configure?

Question 261hardmultiple choice
Read the full Manage and maintain devices explanation →

You have a Windows 11 device that is co-managed with Configuration Manager and Microsoft Intune. After migrating the Windows Update workload to Intune, users report that they can still manually check for updates in Windows Settings and install optional updates. You need to prevent users from installing optional updates. Which setting should you configure in Intune?

Question 262easymultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Android Enterprise devices. You need to ensure that when a device is lost, an IT admin can remotely wipe only the work profile, leaving the personal data intact. Which remote action should you use?

Question 263mediummultiple choice
Read the full Manage and maintain devices explanation →

A user's device is enrolled in Microsoft Intune and compliant, but they cannot access corporate email via the Outlook mobile app. The app opens and shows 'Cannot connect to server'. Other users with the same device model can access email. What is the most likely cause?

Question 264hardmultiple choice
Read the full Manage and maintain devices explanation →

You are implementing Windows Autopilot for a new fleet of devices. You need to ensure that during the out-of-box experience (OOBE), the device automatically joins Microsoft Entra ID and is enrolled in Intune. Which configuration is required?

Question 265mediummultiple choice
Read the full Manage and maintain devices explanation →

A company uses Microsoft Intune to manage Windows devices. They want to deploy a custom line-of-business (LOB) app as a Win32 app. The app requires .NET Framework 4.8 and must be installed silently. Which file type should you use for the app deployment in Intune?

Question 266mediummulti select
Read the full Manage and maintain devices explanation →

Which TWO actions can you perform using the Microsoft Intune admin center to manage a Windows device that is enrolled in Intune?

Question 267hardmulti select
Read the full Manage and maintain devices explanation →

Which THREE components are required to deploy a Win32 app via Microsoft Intune?

Question 268easymulti select
Read the full Manage and maintain devices explanation →

Which TWO types of policies can be assigned to user groups in Microsoft Intune?

Question 269hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. The exhibit shows a JSON representation of a managed device from Microsoft Graph API. The device shows as noncompliant. Which of the following is the most likely reason for the noncompliant status?

Exhibit

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#deviceManagement/managedDevices/$entity",
  "id": "12345678-1234-1234-1234-123456789012",
  "deviceName": "DESKTOP-ABC123",
  "operatingSystem": "Windows",
  "osVersion": "10.0.22621.1",
  "managementState": "managed",
  "complianceState": "noncompliant",
  "lastSyncDateTime": "2025-03-15T10:00:00Z",
  "enrolledDateTime": "2025-01-01T08:00:00Z",
  "ownerType": "company",
  "userDisplayName": "John Doe"
}
Question 270hardmultiple choice
Read the full Manage and maintain devices explanation →

You are the endpoint administrator for Contoso, a company with 10,000 Windows 11 devices managed by Microsoft Intune. The devices are a mix of corporate-owned and bring-your-own-device (BYOD). You need to implement a solution that allows users to access corporate resources only if their devices meet specific security requirements: disk encryption (BitLocker), antivirus (Microsoft Defender), and a minimum OS build. Additionally, you must ensure that users cannot access corporate email from devices that are jailbroken or rooted. The solution should automatically block non-compliant devices from accessing resources and provide a notification to the user explaining the issue. You have already configured compliance policies in Intune. What should you do next to enforce the block?

Question 271mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Windows 10 and Windows 11 devices. You need to deploy a critical security update to all devices within 24 hours. The update is classified as a 'Quality Update' by Microsoft. You have configured a Windows Update for Business policy in Intune with a 'Quality update deadline' of 1 day. However, after 48 hours, some devices still have not installed the update. You verify that the devices are online and have checked in with Intune recently. What should you do to ensure the update is installed immediately on the remaining devices?

Question 272easymultiple choice
Read the full Manage and maintain devices explanation →

Your company has 500 iOS devices enrolled in Microsoft Intune. The devices are used by sales representatives to access customer data. You need to ensure that if a device is lost or stolen, an administrator can remotely lock the device and display a custom message with a phone number to call. Which remote action should the administrator use?

Question 273mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Windows 10 and Windows 11 devices. Users report that after a recent update, their devices are stuck at the login screen and cannot access corporate resources. You suspect a configuration conflict. Which action should you take first to restore device functionality without affecting other settings?

Question 274hardmulti select
Read the full Manage and maintain devices explanation →

Your organization is implementing a zero-trust security model using Microsoft Intune. Devices must be compliant before accessing corporate resources. You need to deploy compliance policies for Windows 10 devices that require BitLocker encryption and a minimum OS version. Which two policy settings should you configure? (Choose two.)

Question 275mediummulti select
Read the full Manage and maintain devices explanation →

A company uses Microsoft Intune to manage iOS devices. They need to enforce a policy that requires a passcode of at least 6 characters, allows Touch ID, and automatically wipes the device after 10 failed attempts. Which three settings should be configured in a device restrictions profile for iOS? (Choose three.)

Question 276hardmultiple choice
Read the full Manage and maintain devices explanation →

Refer to the exhibit. You have an Intune configuration that includes a compliance policy and a device configuration policy for Windows 10 devices. You deploy both policies to a group of devices. After deployment, some devices are marked as non-compliant even though they have BitLocker enabled and Windows Defender Antivirus running. Which setting is most likely causing the conflict?

Exhibit

{
  "compliancePolicies": [
    {
      "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
      "displayName": "Windows Compliance Policy",
      "description": "Requires BitLocker and antivirus",
      "requireDeviceGuard": false,
      "requireDefender": true,
      "requireEncryption": true,
      "passwordRequired": true,
      "passwordMinimumLength": 6
    }
  ],
  "deviceConfigurationPolicies": [
    {
      "@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
      "displayName": "Windows Security Baseline",
      "defender": {
        "realTimeProtection": true,
        "cloudBlockLevel": "high",
        "scanParameter": "fullscan"
      },
      "bitLocker": {
        "encryptionMethod": "AES256",
        "requireStartupPin": false
      }
    }
  ]
}
Question 277easymultiple choice
Read the full Manage and maintain devices explanation →

You are a Microsoft 365 Endpoint Administrator for a medium-sized company that uses Microsoft Intune to manage its Windows 10 devices. The company recently experienced a ransomware attack that encrypted local files on several devices. To mitigate future attacks, management wants to ensure that all devices have real-time protection enabled in Microsoft Defender Antivirus and that Controlled Folder Access is turned on. You need to configure these settings via Intune. You decide to create a device configuration profile for Windows 10. What is the most efficient way to deploy these settings to all existing and future devices?

Question 278mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Windows 11 devices. You have a requirement to ensure that all devices have BitLocker Drive Encryption enabled with a TPM protector and a recovery key escrowed to Azure AD. Additionally, you need to configure a policy that prevents users from changing the BitLocker settings. You create a device configuration profile using the 'Endpoint Protection' template for Windows 10 and later. After deploying the policy to a test group, you notice that BitLocker is not enabled on some devices. The devices meet the hardware requirements and are Azure AD joined. What is the most likely reason for the failure, and how should you resolve it?

Question 279hardmultiple choice
Read the full Manage and maintain devices explanation →

You are an Intune administrator for a large enterprise that uses Microsoft Defender for Endpoint (now Microsoft Defender XDR) for threat protection. You need to ensure that all Windows 10 devices are properly onboarded to Defender for Endpoint and that security settings are enforced via Intune. You have created a device configuration profile that includes the 'Microsoft Defender for Endpoint' settings, but some devices are not appearing in the Defender for Endpoint portal. You verify that the devices are Intune managed and enrolled. What should you do to ensure proper onboarding?

Question 280easymultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage iOS and Android devices. You need to ensure that corporate data on these devices is protected. Specifically, you want to prevent users from copying corporate data from managed apps to personal apps. You also want to ensure that when a device is lost or stolen, the corporate data can be selectively wiped without affecting personal data. Which Intune feature should you use to achieve these requirements?

Question 281mediummultiple choice
Read the full Manage and maintain devices explanation →

You are managing a fleet of Windows 10 devices with Microsoft Intune. You need to deploy a critical security update that Microsoft released out-of-band. The update must be installed on all devices within 24 hours. You have configured Windows Update for Business policies in Intune, but the update is not being installed on many devices. You check the update compliance reports and see that most devices are showing the update as 'pending'. What should you do to expedite the installation?

Question 282hardmultiple choice
Read the full NAT/PAT explanation →

Your organization uses Microsoft Intune to manage iOS/iPadOS devices. You have deployed a device configuration profile that configures the device's email settings for the native Mail app. Recently, the organization decided to switch to Microsoft Outlook for iOS as the primary email client. You need to ensure that users can only use Outlook for accessing corporate email, and that the native Mail app is blocked from accessing corporate data. Which combination of Intune policies should you implement?

Question 283easymultiple choice
Read the full Manage and maintain devices explanation →

You are an Intune administrator for a company that has recently deployed Windows 11 devices. Management wants to ensure that all devices are running the latest feature update (Windows 11 23H2) within 60 days of release. You need to configure a Windows Update for Business policy in Intune to achieve this goal. Which settings should you configure?

Question 284mediummultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage macOS devices. You need to deploy a company-specific application (a .pkg file) to all macOS devices. The application requires a specific configuration file that must be placed in the /Library/Application Support/ directory. You also need to ensure that the application is installed silently without user interaction. How should you configure the deployment in Intune?

Question 285hardmultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Android Enterprise devices (work profile). You need to ensure that corporate data on these devices is encrypted. Additionally, you want to enforce a policy that prevents users from disabling the work profile. You have created a device compliance policy that requires encryption, but some devices are marked as non-compliant even though they have encryption enabled. You suspect that the devices are using file-based encryption instead of full-disk encryption. What should you do to ensure that the devices meet the encryption requirement?

Question 286easymultiple choice
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage Windows 10 devices. You need to deploy a PowerShell script that runs at every device startup to map network drives based on the user's security group membership. The script should run in the system context and should not require user interaction. How should you configure the script deployment in Intune?

Question 287mediummultiple choice
Read the full wireless explanation →

Your organization uses Microsoft Intune to manage Windows 10 and iOS devices. You need to deploy a certificate-based authentication solution for Wi-Fi and VPN access. You have set up a Certificate Connector for Microsoft Intune and issued a root CA certificate. You have created a trusted certificate profile for the root CA and a SCEP certificate profile for client certificates. However, iOS devices are failing to enroll for client certificates. You verify that the SCEP profile is correctly configured and assigned. What is the most likely cause?

Question 288easymulti select
Read the full Manage and maintain devices explanation →

You need to deploy Windows updates to a group of devices using Microsoft Intune. Which TWO policies should you configure to ensure updates are applied within a maintenance window?

Question 289mediummulti select
Read the full Manage and maintain devices explanation →

You are managing devices with Microsoft Intune. You need to ensure that only compliant devices can access corporate email. Which THREE components should you configure?

Question 290hardmulti select
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage devices. You need to collect diagnostic logs from a remote Windows device without user interaction. Which THREE methods can you use?

Question 291easymulti select
Read the full Manage and maintain devices explanation →

You are troubleshooting a Windows device that is not receiving policies from Intune. Which TWO actions should you take?

Question 292mediummulti select
Read the full Manage and maintain devices explanation →

You need to onboard devices to Microsoft Defender for Endpoint using Microsoft Intune. Which THREE methods are supported?

Question 293hardmulti select
Read the full Manage and maintain devices explanation →

Your organization uses Microsoft Intune to manage iOS/iPadOS devices. You need to ensure that only devices with a passcode can access corporate resources. Which THREE configurations should you implement?

Question 294easymultiple choice
Read the full Manage and maintain devices explanation →

You are the endpoint administrator for Contoso Ltd. The company uses Microsoft Intune to manage Windows 11 devices. You need to deploy a critical security update to all devices within 24 hours. The update is a quality update (KB5001234). You have created an update ring policy named 'Critical Ring' assigned to all devices. The policy currently has a deferral period of 7 days. You need to ensure that the update is installed immediately. What should you do?

Question 295mediummultiple choice
Read the full Manage and maintain devices explanation →

You manage devices at Fabrikam Inc. using Microsoft Intune. You have a Windows 11 device that is not compliant because it is missing a required application. The device shows as 'Not evaluated' in Intune for the compliance policy. The user reports that the device syncs manually but still shows as non-compliant. You have verified that the device is enrolled and policy is assigned. What should you do first to resolve the issue?

Question 296hardmultiple choice
Read the full Manage and maintain devices explanation →

Adventure Works uses Microsoft Intune for device management. You need to deploy a custom PowerShell script to all Windows 10 devices to configure a registry key for security compliance. The script is already uploaded to Intune as a PowerShell script. However, the script is not running on some devices. You have confirmed that the devices are enrolled, have the Intune Management Extension installed, and are online. What should you check first?

Question 297easymultiple choice
Read the full Manage and maintain devices explanation →

You are a Microsoft Intune administrator for Tailwind Traders. The company has enrolled Windows 11 devices. You need to configure BitLocker encryption on all devices using Intune. You have created an endpoint security policy for BitLocker and assigned it to the correct group. After 24 hours, some devices still show as not encrypted. You verify that the devices are compliant with the policy's prerequisites. What should you do to force the policy to apply?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

MD-102 Practice Test 1 — 10 Questions→MD-102 Practice Test 2 — 10 Questions→MD-102 Practice Test 3 — 10 Questions→MD-102 Practice Test 4 — 10 Questions→MD-102 Practice Test 5 — 10 Questions→MD-102 Practice Exam 1 — 20 Questions→MD-102 Practice Exam 2 — 20 Questions→MD-102 Practice Exam 3 — 20 Questions→MD-102 Practice Exam 4 — 20 Questions→Free MD-102 Practice Test 1 — 30 Questions→Free MD-102 Practice Test 2 — 30 Questions→Free MD-102 Practice Test 3 — 30 Questions→MD-102 Practice Questions 1 — 50 Questions→MD-102 Practice Questions 2 — 50 Questions→MD-102 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Prepare infrastructure for devicesManage and maintain devicesManage applicationsProtect devicesDeploy Windows clientManage identity and complianceManage, maintain, and protect devices

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Manage and maintain devices setsAll Manage and maintain devices questionsMD-102 Practice Hub