The answer is noncompliant because the passwordRequired policy setting is true and no password is set. This outcome stems from Intune’s compliance policy per-setting evaluation, where each requirement is assessed independently; a single unmet setting—here, the missing password—immediately flags the device as noncompliant, regardless of other compliant settings like the OS version or storage encryption. On the MD-102 exam, this concept tests your understanding that compliance is not holistic but granular, often appearing in scenario-based questions where a device meets most rules but fails one critical setting. A common trap is assuming partial compliance yields a compliant status, but Intune’s logic is binary per setting. Remember the mnemonic: “One miss, all miss”—each setting stands alone, and a single failure triggers noncompliance.
MD-102 Manage and maintain devices Practice Question
This MD-102 practice question tests your understanding of manage and maintain devices. This is a configuration task: choose the command set that satisfies every stated requirement. Small differences — like 'secret' vs 'password' or 'transport input ssh' vs 'all' — change whether the answer is correct. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
You have a Windows 10 device running OS version 10.0.19043.1234. The device is compliant with all settings except password requirements. The device does not have a password set. What is the compliance status?
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
✓
Noncompliant because passwordRequired is true and no password set.
Option A is correct because the device is noncompliant due to the passwordRequired policy setting being set to true while no password is configured on the device. In Microsoft Intune, compliance policies evaluate each setting independently; if a required setting like passwordRequired is not met, the device is marked noncompliant regardless of other compliant settings. The OS version 10.0.19043.1234 is within a supported range, and storage encryption is not evaluated unless explicitly required by a policy, so only the missing password triggers noncompliance.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
✓
Noncompliant because passwordRequired is true and no password set.
Why this is correct
The policy requires a password, and the device has none.
Related concept
Read the scenario before looking for a memorised answer.
✗
Noncompliant because storage encryption is not enabled.
Why it's wrong here
Storage encryption status is not mentioned, but password is the primary issue.
✗
Noncompliant because OS version is not within range.
Why it's wrong here
19043 is between 19042 and 19044.
✗
Compliant
Why it's wrong here
The device does not have a password, which is required.
Common exam traps
Common exam trap: answer the scenario, not the keyword
The trap here is that candidates assume a device is compliant if most settings are met, but Microsoft Intune evaluates each compliance policy setting independently, and a single failure—such as missing a password—results in overall noncompliance.
Detailed technical explanation
How to think about this question
Intune compliance policies for Windows 10 use the Configuration Service Provider (CSP) nodes, specifically ./Device/Vendor/MSFT/Policy/Config/DeviceLock/DevicePasswordEnabled, to enforce password requirements. When passwordRequired is true, the device must have a password set via the Settings app or Group Policy; otherwise, the compliance status is evaluated as noncompliant during the next check-in. In real-world scenarios, a device might be compliant with all other settings but still be blocked from accessing corporate resources if a single critical policy like passwordRequired fails, emphasizing the importance of granular policy enforcement.
KKey Concepts to Remember
Read the scenario before looking for a memorised answer.
Find the constraint that changes the correct option.
Eliminate answers that are true in general but not in this case.
TExam Day Tips
→Watch for words such as best, first, most likely and least administrative effort.
→Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A media company stores terabytes of video archives that are accessed once a year for audit purposes. Moving these objects to a cold storage tier (Azure Archive, S3 Glacier, or Google Nearline) costs a fraction of hot storage. Questions like this test whether you understand storage tiers, access frequency tradeoffs, and retrieval latency requirements.
Related glossary terms
Concepts from this question explained
These glossary pages explain the core terms tested in this MD-102 question in full detail.
Manage and maintain devices — This question tests Manage and maintain devices — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: Noncompliant because passwordRequired is true and no password set. — Option A is correct because the device is noncompliant due to the passwordRequired policy setting being set to true while no password is configured on the device. In Microsoft Intune, compliance policies evaluate each setting independently; if a required setting like passwordRequired is not met, the device is marked noncompliant regardless of other compliant settings. The OS version 10.0.19043.1234 is within a supported range, and storage encryption is not evaluated unless explicitly required by a policy, so only the missing password triggers noncompliance.
What should I do if I get this MD-102 question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.
Variation 1. A Windows 11 device running build 10.0.22621.500 reports as noncompliant with the policy shown. The device meets all password requirements, has BitLocker enabled, and uses Microsoft Defender for Endpoint with a 'high' security level. What is the most likely cause of noncompliance?
hard
✓ A.Screen timeout exceeds the policy setting
B.Device threat protection level is not set to high
C.Storage encryption is not enabled
D.OS version is above the maximum allowed
Why A: The device is noncompliant because the screen timeout setting exceeds the policy's maximum allowed value. In Microsoft Intune, compliance policies for Windows 11 enforce specific screen timeout limits (e.g., 5 minutes for idle timeout), and even if other requirements like password, BitLocker, and Defender for Endpoint are met, a mismatch in screen timeout triggers noncompliance. The build number 10.0.22621.500 indicates Windows 11 22H2, which is within supported versions, so OS version is not the issue.
Last reviewed: Jun 24, 2026
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
This MD-102 practice question is part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the MD-102 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.