20+ practice questions focused on Manage, maintain, and protect devices — one of the most tested topics on the Microsoft 365 Endpoint Administrator MD-102 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Manage, maintain, and protect devices PracticeA company deploys Windows 10 Enterprise devices managed by Microsoft Intune. Users report that after a recent Windows update, the Start menu layout is reset to default on some devices. The company uses a custom Start menu layout XML policy. How should the administrator ensure the custom layout is reapplied automatically after feature updates?
Explanation: Option C is correct because the 'Start layout' policy under User Configuration > Administrative Templates > Start Menu and Taskbar in a Group Policy Object (GPO) or Intune Administrative Template profile is designed to persistently enforce a custom Start layout XML. When a Windows feature update resets the Start menu to default, this policy automatically reapplies the custom layout at next user logon or policy refresh, ensuring consistency without manual intervention.
A company uses Microsoft Intune to manage Windows 10 devices. They have a compliance policy that requires BitLocker to be enabled. Some devices are marked as non-compliant even though BitLocker appears to be on. The administrator runs 'manage-bde -status' on a non-compliant device and sees that the protection status is 'Protection Off'. What is the most likely cause?
Explanation: The compliance policy requires BitLocker to be enabled, but 'manage-bde -status' shows 'Protection Off'. This indicates that while the drive is encrypted, BitLocker is not actively protecting the data because the key protectors (such as the TPM protector) are missing or have been removed. Intune checks the protection status, not just encryption state, so when protectors are absent, the device is marked non-compliant.
A company uses Microsoft Intune to manage devices. They want to ensure that when a device is reported as lost or stolen, the IT admin can remotely wipe the device. Which action should the admin take in the Intune console?
Explanation: The 'Wipe' action in Microsoft Intune restores a device to its factory default settings, removing all corporate and personal data. This is the appropriate action for a lost or stolen device to prevent unauthorized access to company data. The 'Retire' action only removes managed app data and policies but leaves personal data intact, which is insufficient for a security breach scenario.
An organization uses Microsoft Intune to manage Windows 10 devices. They deploy a PowerShell script via Intune to install a custom application. The script runs successfully on some devices but fails on others with error code 0x80070002. What is the most likely cause?
Explanation: Option B is correct because the script likely references a file that is not present. Option A is wrong because execution policy can be bypassed by Intune. Option C is wrong because admin rights are granted. Option D is wrong because script timeout would give a different error.
A company uses Microsoft Intune to manage iOS devices. They want to enforce a policy that requires a passcode of at least 6 characters and auto-lock after 5 minutes. Which configuration profile type should they use?
Explanation: A Device restrictions profile is the correct configuration profile type because it contains the security settings for iOS devices, including passcode requirements (minimum length, complexity) and device lock timeouts (auto-lock after minutes). This profile type enforces device-level security policies directly managed by Intune, making it the appropriate choice for requiring a 6-character passcode and 5-minute auto-lock.
+15 more Manage, maintain, and protect devices questions available
Practice all Manage, maintain, and protect devices questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Manage, maintain, and protect devices. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Manage, maintain, and protect devices questions on the MD-102 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Manage, maintain, and protect devices is tested as part of the Microsoft 365 Endpoint Administrator MD-102 blueprint. Practicing with targeted Manage, maintain, and protect devices questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free MD-102 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Manage, maintain, and protect devices is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Manage, maintain, and protect devices practice session with instant scoring and detailed explanations.
Start Manage, maintain, and protect devices Practice →