MD-102 · topic practice

Protect devices practice questions

Practise Microsoft 365 Endpoint Administrator MD-102 Protect devices practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Protect devices

What the exam tests

What to know about Protect devices

Protect devices questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Protect devices exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Protect devices questions

20 questions · select your answer, then reveal the explanation

A user reports that their Windows 11 device is not receiving compliance policies from Microsoft Intune. The device shows as 'Not evaluated' in the Microsoft Intune admin center. Which step should you take first to resolve the issue?

Question 2mediummultiple choice
Read the full Protect devices explanation →

Your company uses Microsoft Intune to manage iOS devices. You need to ensure that corporate data in Microsoft 365 apps is protected even if a device is compromised. Which App Protection Policy setting should you configure?

You are implementing Microsoft Defender for Endpoint on Windows Server devices managed by Microsoft Intune. After onboarding, the devices show as 'Inactive' in the Microsoft Defender XDR portal. Which action should you take?

Your organization uses Microsoft Entra ID joined devices with Windows 10. You need to ensure that only compliant devices can access corporate email in Microsoft Outlook for Windows. Which integration should you enable?

Question 5mediummultiple choice
Read the full Protect devices explanation →

You manage Android Enterprise devices with work profiles. A user reports that corporate apps are not appearing in the work profile after enrollment. The device shows as enrolled in Microsoft Intune. What is the most likely cause?

Your organization uses Windows Autopilot for device deployment. After a device completes the user-driven deployment, it appears in Microsoft Entra ID as 'Azure AD registered' instead of 'Azure AD joined'. What should you modify to ensure the device is joined?

You are investigating a malware incident on a Windows 10 device managed by Microsoft Intune and protected by Microsoft Defender for Endpoint. Which log should you analyze to determine the initial infection vector?

Question 8mediummultiple choice
Read the full Protect devices explanation →

You need to deploy a line-of-business (LOB) iOS app to users in your organization. The app is signed with an enterprise certificate. How should you distribute the app to managed devices?

You have enabled Microsoft Defender for Endpoint on macOS devices. Some macOS devices show a status of 'Sensor disconnected' in the Microsoft Defender XDR portal. The devices are online and can communicate with the internet. Which troubleshooting step should you take first?

Which TWO of the following are valid methods to wipe a Windows 10 device using Microsoft Intune? (Select TWO.)

Which THREE of the following are prerequisites for deploying Microsoft Defender for Endpoint on Windows 10 devices via Microsoft Intune? (Select THREE.)

Which TWO of the following are valid reasons to use Windows Autopilot Reset? (Select TWO.)

Question 13easymultiple choice
Read the full Protect devices explanation →

Refer to the exhibit. You deploy this compliance policy to Windows 10 devices. A device running Windows 10 version 20H2 (OS build 19042.1234) reports as compliant. However, the device does not have BitLocker enabled. Why is the device compliant?

Exhibit

Refer to the exhibit.

```json
{
  "compliancePolicy": {
    "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
    "passwordRequired": true,
    "passwordMinimumLength": 6,
    "passwordRequiredType": "deviceDefault",
    "requireHealthyDeviceReport": false,
    "osMinimumVersion": "10.0.19041.0",
    "osMaximumVersion": null,
    "mobileOsMinimumVersion": null,
    "storageRequireEncryption": true
  }
}
```
Question 14mediummultiple choice
Read the full Protect devices explanation →

Refer to the exhibit. You configure this Enrollment Status Page (ESP) policy for Windows Autopilot deployments. During a deployment, a device fails to install a required app. What happens?

Exhibit

Refer to the exhibit.

```json
{
  "enrollmentStatusPage": {
    "@odata.type": "#microsoft.graph.windows10EnrollmentCompletionPageConfiguration",
    "showInstallationProgress": true,
    "blockDeviceSetupRetryByUser": true,
    "allowDeviceResetOnInstallFailure": true,
    "allowDeviceUseOnInstallFailure": false,
    "installProgressTimeoutInMinutes": 60,
    "trackInstallProgressForAutopilotOnly": true
  }
}
```
Question 15hardmultiple choice
Read the full Protect devices explanation →

Refer to the exhibit. You apply this configuration profile to Windows 10 devices. A user reports that their device's diagnostic data level is set to 'Full' in Settings > Diagnostics & feedback. What is the most likely reason?

Exhibit

Refer to the exhibit.

```json
{
  "microsoft365BusinessVoice": {
    "@odata.type": "#microsoft.graph.windows10GeneralConfiguration",
    "telemetryLevel": "1 - Basic",
    "enableDeviceManufacturer": "Contoso",
    "enableDeviceModel": "Surface Pro 7",
    "enableDeviceName": "LAPTOP-01",
    "enableDeviceOSVersion": true,
    "enableDeviceOSBuild": true,
    "enableDeviceSerialNumber": true,
    "enableDeviceIMEI": null
  }
}
```
Question 16mediummultiple choice
Read the full Protect devices explanation →

You are configuring a Windows 10 device compliance policy in Microsoft Intune. The policy requires that devices have BitLocker enabled and a minimum OS build version. However, some devices are showing as 'Not compliant' even though they meet the requirements. What is the most likely cause?

Question 17hardmultiple choice
Read the full Protect devices explanation →

You manage a fleet of iOS devices enrolled in Microsoft Intune. You need to ensure that only approved corporate devices can access Exchange Online. You configure a Conditional Access policy that requires devices to be compliant with Intune compliance policies. However, some users report that they are still able to access email from personal iOS devices that are not enrolled. What should you check first?

Question 18easymultiple choice
Read the full Protect devices explanation →

Your organization uses Microsoft Intune to manage Windows 10 devices. You need to deploy a security baseline that enforces BitLocker encryption and Windows Defender Antivirus settings. What is the recommended approach?

Question 19mediummultiple choice
Read the full Protect devices explanation →

A user reports that they cannot install a company-required app from the Company Portal on their Android device. The app is assigned as 'Available for enrolled devices' in Intune. The device is enrolled and compliant. What is the most likely issue?

Question 20hardmultiple choice
Read the full Protect devices explanation →

You are troubleshooting an issue where Windows 10 devices are not receiving Windows updates from Intune. The update rings are configured, and the devices are enrolled. However, devices show 'Up to date' even though they are missing critical security updates. What should you verify?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Protect devices sessions

Start a Protect devices only practice session

Every question in these sessions is drawn from the Protect devices domain — nothing else.

Related practice questions

Related MD-102 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the MD-102 exam test about Protect devices?
Protect devices questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Protect devices questions in a focused session?
Yes — the session launcher on this page draws every question from the Protect devices domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other MD-102 topics?
Use the topic links above to move to related areas, or go back to the MD-102 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the MD-102 exam covers. They are not copied from any real exam or dump site.