Last week I published the MD-100 guide for the May 2022 update, which had a bit of a makeover from the previous edition. MD-101 also got a makeover, a few of the notable changes including the removal of user profiles, account management, VPNs, and certificates, which all moved over to MD-100. The sections and their score weight have also changed, so make sure you make any adjustments to your preparation to reflect these changes.

Deploy Windows client (25-30%)

Plan a Windows client deployment 

• assess infrastructure readiness by using Endpoint Analytics
  • Endpoint analytics scores, baselines, and insights
  • Work from anywhere report
  • Windows 10 infrastructure requirements
  • What is co-management?
  • Enable tenant attach
• select a deployment tool based on requirements
  • New computer deployment
• choose between migrate and rebuild
  • Windows upgrade and migration considerations
• choose an imaging and/or provisioning strategy
  • Deployment categories
• plan and implement changes to Windows edition by using subscription activation or MAK license management
  • How Multiple Activation Key works
  • Windows 10/11 Subscription Activation
  • Windows 10 edition upgrade

Plan and implement Windows client provisioning by using Windows Autopilot 

• choose an Autopilot deployment method based on requirements, including user-driven mode, self-deploying mode, autopilot reset, and pre-provisioning 
  • Windows Autopilot Scenarios and capabilities
• configure device registration for Autopilot
  • Adding devices
  • Windows Autopilot Deployment Program
• create, validate, and assign deployment profiles
  • Configure Autopilot profiles
• provision Windows devices by using Autopilot
  • Demonstrate Autopilot deployment on a VM
• troubleshoot an Autopilot deployment
  • Windows Autopilot Troubleshooting Overview

Plan and implement Windows client deployment by using Microsoft Deployment Toolkit (MDT)

• plan and implement an MDT deployment infrastructure
  • Prepare for deployment with MDT
• choose configuration options based on requirements, such as boot images, OS images, upgrade packages, task sequences, and drivers
  • Configure MDT settings
• create, manage, and deploy images
  • Create a Windows reference image
• plan and implement PXE boot by using Windows Deployment Services (WDS) •
  • Deploy a Windows 10 image using MDT
  • Configure Windows Deployment Services (WDS) in a remote site
• create and use task sequences
  • Task sequences
• manage application and driver deployment
  • Applications
  • Driver repository
• customize an MDT deployment by using customsettings.ini and bootstrap.ini
  • Configure the MDT deployment share rules
  • MDT Rules
  • Verify database access in the MDT simulation environment
• monitor and troubleshoot deployment
  • Monitoring MDT
• plan and configure user state migration
  • User State Migration Tool (USMT) Technical Reference

Manage identity and access (10-15%)

Manage identity 

• enable users and groups from Azure Active Directory to access Windows client
  • Plan your Azure AD device deployment
  • Assign local admins to Azure AD joined devices
• register devices in and join devices to Azure Active Directory
  • Azure AD joined devices
  • Azure AD registered devices
  • Hybrid Azure AD joined devices
• manage AD DS and Azure AD groups
  • Active Directory Security Groups
  • Create a group and add members using Azure Active Directory
• manage AD DS and Azure AD users
  • Active Directory Accounts
  • Add or delete users using Azure Active Directory
• configure Enterprise State Roaming in Azure AD
  • Enable enterprise state roaming
  • Enterprise state roaming Windows settings

Plan and implement conditional access policies 

• plan conditional access
  • Common ways to use conditional access
• set up conditional access policies
  • Create and assign conditional access policy
  • Device-based Conditional Access policy
• determine which users are affected by a conditional access policy
  • Monitor conditional access
• troubleshoot conditional access
  • Troubleshoot using the What If tool

Manage compliance policies and configuration profiles (10-15%)

Implement device compliance policies 

• plan device compliance policies
  • Get started with device compliance policies in Intune
• implement device compliance policies
  • Create a device compliance policy
• manage notifications for device compliance policies
  • Actions for noncompliance
• monitor device compliance
  • Monitor device compliance
• troubleshoot device compliance policies
  • Troubleshoot policies and profiles

Plan and implement device configuration profiles 

• plan device configuration profiles
  • Determine requirements
• implement device configuration profiles
  • Configure device profiles
  • Create a filter
  • Add PowerShell scripts to Windows 10 devices in Microsoft Intune
• monitor and troubleshoot device configuration profiles
  • How Intune resolves policy conflicts
  • Troubleshoot policies and profiles
• configure and implement assigned access on public devices, including kiosks and dedicated devices
  • Prepare a device for kiosk configuration

Manage, maintain, and protect devices (25-30%)

Manage device lifecycle 

• configure enrollment settings in Intune
  • Enrollment options
  • Enroll devices
  • Android device enrollment guide for Microsoft Intune
  • Connect your Intune account to your Managed Google Play account.
  • Windows enrollment
  • Managing Windows 10 with Intune – The Many Ways to Enrol
• configure automatic and bulk enrollment in Intune
  • Set up automatic enrollment
  • Device enrollment manager
• configure policy sets
  • Use policy sets
• restart, retire, or wipe devices
  • Restart
  • Retire
  • Wipe

Monitor devices 

• monitor devices by using Azure Monitor
  • Review logs with Azure Monitor
• monitor device hardware and software inventory by using Endpoint Manager Admin Center
  • Examine device inventory
• monitor devices by using Endpoint Analytics
  • What is Endpoint analytics?
  • Enroll Intune devices

Manage device updates 

• plan for device updates
  • Windows as a Service
  • Prepare servicing strategy for Windows client updates
• create and manage quality update policies by using Intune
  • Configure Windows Update for Business
  • Deploy updates using Windows Update for Business
• create and manage feature update policies by using Intune
  • Configure Windows Update for Business
  • Deploy updates using Windows Update for Business
• create and manage iOS/iPadOS update policies by using Intune
  • Manage iOS/iPadOS software update policies in Intune
• manage Android updates by using device configuration profiles
  • Android Enterprise device settings to allow or restrict features using Intune
• monitor updates
  • Windows Update compliance reports
• troubleshoot updates in Intune
  • Troubleshoot policies and profiles
• configure Windows client delivery optimization by using Intune
  • Configure Delivery Optimization for Windows updates
• create and manage update rings by using Intune
  • Configure Windows Update for Business
  • Deploy updates using Windows Update for Business

Plan and implement endpoint protection 

• plan endpoint security
  • Endpoint security
• implement and manage security baselines in Intune
  • Manage security baselines
• create and manage configuration policies for Endpoint Security including antivirus, encryption, firewall, endpoint detection and response, and attack surface reduction
  • Disk encryption
  • Windows Defender Application Control design guide
  • Enable exploit protection
  • Microsoft Defender Application Guard
  • Protect derived domain credentials with Credential Guard
  • Securing privileged access
• onboard devices into Microsoft Defender for Endpoint
  • Onboard to the Microsoft Defender for Endpoint service
  • Onboarding using Microsoft Endpoint Manager
  • Enable and configure always-on protection and monitoring
• monitor Microsoft Defender for Endpoint
  • Security operations dashboard
  • Threat protection reports
• investigate and respond to threats
  • Endpoint detection and response overview
  • Evaluate capabilities

Manage apps (10-15%)

Deploy and update applications 

• deploy apps by using Intune
  • Assign apps to groups with Microsoft Intune
  • Dynamic group rule syntax
  • Deploy Windows 10/11 apps
• configure Microsoft 365 Apps deployment by using Office Deployment Toolkit or Office Customization Tool
  • Deployment guide
  • Overview of the Office Customization Tool
  • Overview of the Office Deployment Tool
  • Deploy Microsoft 365 Apps from a local source
  • Use Readiness Toolkit to assess application compatibility
• manage Microsoft 365 Apps by using Microsoft 365 Apps Admin Center
  • Deploy Microsoft 365 Apps from the cloud
  • Overview of the Office cloud policy service for Microsoft 365 Apps for enterprise
• deploy Microsoft 365 Apps by using Intune
  • Add Microsoft 365 apps to Windows 10/11 devices with Microsoft Intune
• manage Office app settings by using group policy or Intune
  • Policies for Office apps in Intune
  • Change the update channel with Group Policy
  • Administrative Template files (ADMX/ADML) for Microsoft 365 Apps for enterprise
• deploy apps by using Microsoft Store for Business, Apple store, and Google store
  • Distribute apps to your employees from the Microsoft Store for Business and Education
  • How to get Android apps
  • How to get iOS/iPadOS apps

Implement app protection and app configuration policies 

• plan app protection policies
  • Determine requirements
  • Create & assign WIP app protection policies
• plan app configuration policies for iOS and Android
  • App protection policies and work profiles (Android)
• implement app protection policies
  • Create app protection policies
• implement app configuration policies for iOS and Android
  • iOS managed devices
  • Android managed devices
• manage app protection policies
  • Use app protection policies
• manage app configuration policies
  • App configuration policies