MD-102 · topic practice

Manage, maintain, and protect devices practice questions

Practise Microsoft 365 Endpoint Administrator MD-102 Manage, maintain, and protect devices practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Manage, maintain, and protect devices

What the exam tests

What to know about Manage, maintain, and protect devices

Manage, maintain, and protect devices questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Manage, maintain, and protect devices exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Manage, maintain, and protect devices questions

20 questions · select your answer, then reveal the explanation

A company deploys Windows 10 Enterprise devices managed by Microsoft Intune. Users report that after a recent Windows update, the Start menu layout is reset to default on some devices. The company uses a custom Start menu layout XML policy. How should the administrator ensure the custom layout is reapplied automatically after feature updates?

A company uses Microsoft Intune to manage Windows 10 devices. They have a compliance policy that requires BitLocker to be enabled. Some devices are marked as non-compliant even though BitLocker appears to be on. The administrator runs 'manage-bde -status' on a non-compliant device and sees that the protection status is 'Protection Off'. What is the most likely cause?

A company uses Microsoft Intune to manage devices. They want to ensure that when a device is reported as lost or stolen, the IT admin can remotely wipe the device. Which action should the admin take in the Intune console?

An organization uses Microsoft Intune to manage Windows 10 devices. They deploy a PowerShell script via Intune to install a custom application. The script runs successfully on some devices but fails on others with error code 0x80070002. What is the most likely cause?

A company uses Microsoft Intune to manage iOS devices. They want to enforce a policy that requires a passcode of at least 6 characters and auto-lock after 5 minutes. Which configuration profile type should they use?

A company uses Microsoft Intune to manage Windows 10 devices. They need to deploy a line-of-business (LOB) app that is not available in the Microsoft Store. The app is packaged as an .msi file. Which TWO steps are required to deploy this app via Intune?

A company uses Microsoft Intune to manage devices. They have a Windows 10 device that is non-compliant due to missing required updates. The administrator reviews the device and sees the update status shows 'Pending restart'. Which THREE actions should the administrator take to resolve the compliance issue?

A company uses Microsoft Intune to manage Windows 10 devices. Users report that after a recent update, some devices are stuck in a reboot loop. The administrator needs to identify devices affected by the issue. Which report in the Microsoft Intune admin center should the administrator use?

An organization uses Configuration Manager to deploy software updates to Windows 10 devices. The administrator wants to ensure that devices receive updates from the local distribution point rather than the cloud. Which boundary group option should be configured?

A company manages 500 Windows 11 devices with Microsoft Intune. They use BitLocker encryption with automatic encryption enabled. Several devices report that encryption did not start. The administrator reviews the devices and finds that they are not compliant with the BitLocker policy. What is the most likely cause?

An administrator uses Configuration Manager to manage Windows 10 devices. The administrator wants to deploy a custom Windows application as an Application model deployment type. The application requires a reboot. Which deployment purpose should the administrator use to allow users to control the installation timing?

A company uses Microsoft Intune to manage iOS devices. The administrator configures a device compliance policy that requires a minimum OS version of 15.0. Users report that devices running iOS 14.8 are marked non-compliant even after updating to iOS 15.0. What is the most likely cause?

A company uses Microsoft Intune to manage Windows 10 devices. The administrator needs to configure Windows Defender Firewall rules via a device configuration profile. Which TWO settings can be configured?

An organization uses Configuration Manager to manage Windows 10 devices. The administrator is configuring a phased deployment for a software update. Which THREE conditions can be used to define the phases?

A company applies the above BitLocker policy to Windows 10 devices via Intune. An administrator discovers that some devices are not encrypting. The administrator checks a device and finds that it has no TPM chip. Which setting in the policy will cause encryption to fail?

Exhibit

Refer to the exhibit.

```json
{
  "bitlocker": {
    "encryptionMethod": "AES 256",
    "requireTpm": true,
    "requireStartupPin": true,
    "requireStartupKey": false,
    "recoveryKeyRotation": "AzureADOnly",
    "enableRecoveryInformationSaveToAzureAD": true
  }
}
```

An administrator runs the above PowerShell command on a Windows 10 device managed by Microsoft Defender for Endpoint. The device is reporting as healthy in the security console. Based on the output, which protection feature is disabled?

Exhibit

Refer to the exhibit.

```
PowerShell Output:

PS C:\> Get-MpComputerStatus | Select-Object AMServiceEnabled, AntivirusEnabled, RealTimeProtectionEnabled, IoavProtectionEnabled

AMServiceEnabled        : True
AntivirusEnabled        : True
RealTimeProtectionEnabled : False
IoavProtectionEnabled   : True
```

A company uses Microsoft Intune to manage Windows 10 devices. The security team reports that several devices are missing critical security updates. You need to ensure that devices install updates within 7 days of release. What should you configure?

A user reports that their Windows 10 device is not receiving policies from Microsoft Intune. The device shows as 'Not compliant' in the Intune console. You run the Get-MgDeviceManagementManagedDevice cmdlet and see that the device is enrolled and appears in the list. However, the LastSyncTime is 14 days ago. What is the most likely cause?

You are deploying Microsoft Defender for Endpoint to Windows 10 devices managed by Microsoft Intune. After onboarding, you need to verify that the sensor is running. Which cmdlet should you use on the device?

A company uses Microsoft Intune to manage iOS/iPadOS devices. The compliance policy requires a minimum OS version of 15.0. A user reports that their iPad running iOS 14.8 cannot access company email and shows as non-compliant. However, the device is up to date with the latest available OS for that hardware. What should you do to allow the device to access email while maintaining security?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Manage, maintain, and protect devices sessions

Start a Manage, maintain, and protect devices only practice session

Every question in these sessions is drawn from the Manage, maintain, and protect devices domain — nothing else.

Related practice questions

Related MD-102 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the MD-102 exam test about Manage, maintain, and protect devices?
Manage, maintain, and protect devices questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Manage, maintain, and protect devices questions in a focused session?
Yes — the session launcher on this page draws every question from the Manage, maintain, and protect devices domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other MD-102 topics?
Use the topic links above to move to related areas, or go back to the MD-102 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the MD-102 exam covers. They are not copied from any real exam or dump site.