Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsMD-102TopicsManage identity and compliance
Free · No Signup RequiredMicrosoft · MD-102

MD-102 Manage identity and compliance Practice Questions

20+ practice questions focused on Manage identity and compliance — one of the most tested topics on the Microsoft 365 Endpoint Administrator MD-102 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Manage identity and compliance Practice

Exam Domains

Prepare infrastructure for devicesManage and maintain devicesManage applicationsProtect devicesDeploy Windows clientManage identity and complianceManage, maintain, and protect devicesAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Manage identity and compliance Questions

Practice all 20+ →
1.

A company with 500 users uses Microsoft 365 E3 licenses. They want to ensure that all users have multi-factor authentication (MFA) enforced. Currently, 80% of users have MFA enabled through the legacy per-user MFA setting. The security team wants to use Conditional Access policies instead. You need to migrate from per-user MFA to Conditional Access with no disruption to users. What should you do?

A.Create a Conditional Access policy requiring MFA for all cloud apps, including break-glass accounts. Then disable per-user MFA.
B.Create a Conditional Access policy requiring MFA for all users only when accessing from outside the corporate network.
C.Create a Conditional Access policy requiring MFA for all users, excluding break-glass accounts. Disable per-user MFA for all users.
D.Disable per-user MFA for all users, then create a Conditional Access policy requiring MFA for all cloud apps.

Explanation: Option C is correct because you need to exclude the break-glass accounts from the Conditional Access policy to ensure admin access if something goes wrong. You should first create a Conditional Access policy that requires MFA for all users except the break-glass accounts, then disable the per-user MFA for all users. Option A is incorrect because disabling per-user MFA before creating the policy would leave users without MFA. Option B is incorrect because using a Conditional Access policy to require MFA from outside the network only would not enforce MFA for internal access. Option D is incorrect because creating a policy without excluding break-glass accounts could lock out administrators.

2.

You are an endpoint administrator for a company that uses Microsoft Intune to manage devices. You need to ensure that only compliant devices can access Exchange Online. You have configured a Conditional Access policy that grants access to Exchange Online only if the device is marked as compliant. A user reports that they cannot access email from their iOS device, which is enrolled in Intune and shows as compliant. The user can access other Microsoft 365 services. What is the most likely cause?

A.The user does not have an Exchange Online license assigned.
B.The Conditional Access policy is configured to block access from non-corporate networks.
C.The device compliance policy is not set to require a PIN or password.
D.The Exchange Online workload is not enabled in Intune for mobile device management.

Explanation: The most likely cause is that the Exchange Online workload is not enabled in Intune for mobile device management (MDM). Even though the device is enrolled and compliant, Intune must have the Exchange Online workload enabled to apply Conditional Access policies that govern email access. Without this, the Conditional Access policy cannot enforce compliance checks specifically for Exchange Online, resulting in access being blocked despite the device showing as compliant.

3.

A company is implementing Windows Hello for Business and wants to use certificate-based authentication. They have an on-premises Active Directory and are using Azure AD Connect for hybrid identity. Which prerequisites must be met to support certificate-based Windows Hello for Business?

A.All users must have the Microsoft Authenticator app installed.
B.Conditional Access policies must be configured to require Windows Hello for Business.
C.An enterprise certification authority (CA) must be deployed and all devices must be Azure AD joined or hybrid Azure AD joined.
D.All users must be configured for passwordless sign-in.

Explanation: Certificate-based Windows Hello for Business requires an enterprise PKI to issue and validate certificates for authentication. Devices must be Azure AD joined or hybrid Azure AD joined to enroll these certificates and support the certificate trust model. On-premises Active Directory and Azure AD Connect provide the hybrid identity foundation, but the CA and appropriate device join state are the critical prerequisites.

4.

You manage a Microsoft 365 tenant with 10,000 users. You are planning a Conditional Access policy to require MFA for all users. However, you need to ensure that users who have not yet registered for MFA are not blocked. What should you do to handle unregistered users?

A.Configure the Conditional Access policy in 'Report-only' mode to identify unregistered users.
B.Enable the Azure AD Identity Protection MFA registration policy to require users to register for MFA within 14 days.
C.Exclude all users who have not registered for MFA from the Conditional Access policy.
D.Create a separate Conditional Access policy that requires MFA only for users who have not registered for MFA.

Explanation: Option B is correct because the Azure AD Identity Protection MFA registration policy automatically enforces MFA registration for all users within a specified grace period (default 14 days), ensuring that users who have not yet registered are prompted to register before being blocked by a Conditional Access policy. This policy works in conjunction with Conditional Access by pre-registering users, so when the CA policy requiring MFA is enabled, all users already have MFA credentials available, preventing lockout.

5.

A company uses Microsoft Intune to manage Windows 10 devices. They need to ensure that only devices that have a BitLocker encryption status of 'fully encrypted' are allowed to access corporate resources. They create a device compliance policy that requires BitLocker. However, some devices are still accessing resources even though they are not fully encrypted. What should you check?

A.The devices are running Windows 10 Home edition, which does not support BitLocker.
B.The compliance policy is not assigned to the user or device groups.
C.The compliance policy is set to 'Report non-compliant' instead of 'Block non-compliant'.
D.The compliance policy has a grace period configured that allows access for non-compliant devices.

Explanation: Option B is correct because a device compliance policy must be assigned to the appropriate user or device groups to take effect. If the policy is not assigned, Intune will not evaluate the devices against the BitLocker requirement, and non-compliant devices will continue to access corporate resources. The scenario indicates that the policy was created but not enforced, which points directly to a missing assignment.

+15 more Manage identity and compliance questions available

Practice all Manage identity and compliance questions

How to master Manage identity and compliance for MD-102

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Manage identity and compliance. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Manage identity and compliance questions on the MD-102 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many MD-102 Manage identity and compliance questions are on the real exam?

The exact number varies per candidate. Manage identity and compliance is tested as part of the Microsoft 365 Endpoint Administrator MD-102 blueprint. Practicing with targeted Manage identity and compliance questions ensures you can handle any format or difficulty that appears.

Are these MD-102 Manage identity and compliance practice questions free?

Yes. Courseiva provides free MD-102 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Manage identity and compliance one of the harder MD-102 topics?

Difficulty is subjective, but Manage identity and compliance is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Manage identity and compliance practice session with instant scoring and detailed explanations.

Start Manage identity and compliance Practice →

Topic Info

Topic

Manage identity and compliance

Exam

MD-102

Questions available

20+