Back to Microsoft 365 Endpoint Administrator MD-102 questions

Scenario-based practice

Hard Difficulty Questions

Practise Microsoft 365 Endpoint Administrator MD-102 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
MD-102
exam code
Microsoft
vendor

Scenario guide

How to approach hard difficulty questions

These are the questions most candidates get wrong. They require connecting multiple concepts, reading tricky output, or knowing edge-case behaviour that isn't on most study cards. Practising them trains you to operate under uncertainty — a necessary skill on the real exam.

Quick answer

Hard Difficulty Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related MD-102 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmultiple choice
Full question →

You are deploying a custom Windows 10 image to 200 new laptops using MDT. The deployment fails on several devices at the 'Apply Operating System' step with error 0x80070070. The laptops have 60 GB SSDs and 4 GB RAM. What is the most likely cause?

Question 2hardmultiple choice
Full question →

You are a Teams administrator. After running the PowerShell script shown in the exhibit, users report they cannot communicate with federated users from 'trusted.com'. What is the most likely cause?

Exhibit

Refer to the exhibit.
```
$session = New-CsOnlineSession -Verbose
Import-PSSession $session
Set-CsTenantFederationConfiguration -Identity Global -AllowFederatedUsers $true
Set-CsTenantFederationConfiguration -Identity Global -AllowPublicUsers $false
Set-CsTenantFederationConfiguration -Identity Global -BlockedDomains @{Add="suspicious.com"}
Set-CsTenantFederationConfiguration -Identity Global -AllowedDomains @{Add="trusted.com"}
Remove-CsOnlineSession $session
```
Question 3hardmultiple choice
Full question →

A company uses Configuration Manager to deploy Windows 10 to 2000 devices. After deployment, several devices report that the Start menu layout is not applied. The administrator used a provisioning package to configure Start layout. What is the most likely cause of the issue?

Question 4hardmulti select
Full question →

Which THREE conditions must be met for a device to automatically enroll in Windows Autopilot?

Question 5hardmultiple choice
Full question →

You manage a Microsoft 365 tenant with 10,000 users. You are planning a Conditional Access policy to require MFA for all users. However, you need to ensure that users who have not yet registered for MFA are not blocked. What should you do to handle unregistered users?

Question 6hardmultiple choice
Read the full NAT/PAT explanation →

A multinational organization uses Microsoft 365 E5 licenses. The compliance officer wants to ensure that all documents containing credit card numbers are automatically classified and protected with a label that applies encryption. You configure auto-labeling policies in Microsoft Purview. After 24 hours, the compliance officer reports that no documents have been labeled. The policy scope is set to 'All locations' and the policy is enabled. What is the most likely cause of the issue?

Question 7hardmultiple choice
Full question →

An organization uses Microsoft Intune to manage Windows 10 devices. They deploy a PowerShell script via Intune to install a custom application. The script runs successfully on some devices but fails on others with error code 0x80070002. What is the most likely cause?

Question 8hardmulti select
Full question →

An organization uses Configuration Manager to manage Windows 10 devices. The administrator is configuring a phased deployment for a software update. Which THREE conditions can be used to define the phases?

Question 9hardmulti select
Full question →

A company uses Microsoft Intune to manage devices. They have a Windows 10 device that is non-compliant due to missing required updates. The administrator reviews the device and sees the update status shows 'Pending restart'. Which THREE actions should the administrator take to resolve the compliance issue?

Question 10hardmultiple choice
Full question →

You are troubleshooting a Windows 10 device that is enrolled in Microsoft Intune. The device shows as 'Pending' in the Intune console. The user confirms that the device was enrolled using a provisioning package. Which log file should you review to diagnose the enrollment failure?

Question 11hardmultiple choice
Full question →

A company uses Microsoft Intune to manage Windows 10 devices. A user reports that their device is not receiving critical security updates despite being compliant with all update policies. You verify that the device is online and communicating with Intune. Which action should you take to resolve the issue?

Question 12hardmulti select
Full question →

An organization uses Configuration Manager to deploy Windows 11. The administrator needs to ensure that after deployment, the devices are automatically enrolled in Microsoft Intune for co-management. Which THREE actions are required?

Question 13hardmultiple choice
Full question →

During a Windows 10 in-place upgrade using Configuration Manager, the task sequence fails with error code 0x800706BE. The smsts.log shows 'Failed to run the action: Upgrade Operating System'. What is the most likely cause?

Question 14hardmultiple choice
Full question →

A company uses Configuration Manager to deploy Windows 11. During the deployment, several devices fail with error code 0x80070002. The administrator suspects the issue is related to missing boot images or content distribution. What should the administrator do first to resolve the issue?

Question 15hardmultiple choice
Full question →

You are designing a Windows Autopilot deployment for a global organization. Devices are purchased from multiple OEMs and shipped directly to users. Some users report that their devices do not register in Autopilot automatically. You confirm the devices have Windows 11 Pro preinstalled and meet hardware requirements. What is the most likely reason for the registration failure, and what should you do to resolve it?

Question 16hardmultiple choice
Full question →

An organization is deploying Windows 10 using Configuration Manager task sequences. During a pilot deployment, the task sequence fails with error code 0x80070002. What is the most likely cause?

Question 17hardmulti select
Full question →

You are configuring Windows Autopilot for a customer who has a hybrid Azure AD join deployment. The devices are self-deploying using a self-deploying profile. Which THREE prerequisites must be met for the self-deploying mode to work?

Question 18hardmultiple choice
Full question →

You are an endpoint administrator for a company that uses Microsoft Intune to manage devices. You need to ensure that only compliant devices can access Exchange Online. You have configured a Conditional Access policy that grants access to Exchange Online only if the device is marked as compliant. A user reports that they cannot access email from their iOS device, which is enrolled in Intune and shows as compliant. The user can access other Microsoft 365 services. What is the most likely cause?

Question 19hardmultiple choice
Full question →

Refer to the exhibit. The JSON snippet shows the Azure AD Identity Protection MFA registration policy configuration for the Contoso tenant. A new user, Jane, joins the company and is assigned a license. Jane attempts to access the Azure portal and is prompted to register for MFA. She registers successfully. However, the next day, she is again prompted to register for MFA. What is the most likely cause?

Exhibit

Refer to the exhibit.

```json
{
  "identityProtection": {
    "mfaRegistrationPolicy": {
      "state": "enabled",
      "excludeUsers": ["admin@contoso.com"],
      "includeUsers": ["allUsers"],
      "policySettings": {
        "blockOnUnregister": false,
        "remindRegistrationInDays": 14
      }
    }
  }
}```
Question 20hardmultiple choice
Full question →

An organization has deployed Microsoft Entra Connect Sync to synchronize on-premises Active Directory to Microsoft Entra ID. Users report that some cloud-only user accounts cannot be assigned licenses. The admin checks the provisioning logs and finds that the cloud accounts have a source of authority of 'Microsoft Entra ID'. What is the most likely cause?

These MD-102 practice questions are part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style MD-102 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.