The MD-102 exam recently received an update, with one topic being removed, and some adjustments being made to the section weightings. Let’s jump straight in and discuss the topic that has been removed before moving on to the weighting changes.
The Plan and implement a Windows client deployment by using Microsoft Deployment Toolkit (MDT) section has been removed from the exam, and this is something that doesn’t really come as a surprise to many. Probably the biggest surprise about this with people I’ve discussed it with is that it survived into MD-102 after it replaced MD-100 and MD-101.
There were two main reasons why the initial removal/retirement was a surprise, the first being that the MDT didn’t officially support Windows 11. On its own, that detail probably didn’t qualify to have MDT removed from the exam, because many people who were planning on taking this exam would have potentially still had responsibilities for Windows 10, or even primarily Windows 10 in some organizations. With Windows 10 22H2 still being supported by Microsoft until October 14, 2025, some might argue that this is a premature removal, but I think that argument would be drowned out in the crowd.
The other reason why the extended inclusion of MDT in the exam was questioned was because it was probably the most obvious holdover from device deployment usually involving a device reimaging approach. In reality, MDT or similar tools are still used in many organizations, even though their role may have been diminished somewhat over the years. Even though there is documentation about creating Task Sequences to use an Autopilot profile, that is one of those approaches that is hopefully more of a short term solution for an organization, not something they would really need to be doing for an extended period of time.
Before anyone gets upset at the above paragraphs (yes, I know, how dare I assume someone on the internet might get upset about something!), I understand that there are people with MDT use case scenarios that are going to hang around for quite a while. My view on this, as well as exam updates in general, is around what skills are going to serve you well for a long time, rather than having a rapidly approaching expiry date on them. Sure, you can use MDT for other purposes, but if we think about it for this exam, in the context of Windows 11 deployment, it’s not a great inclusion.
If you want to use the MDT to build your skills on Windows imaging for other purposes, or even as a general-purpose learning tool, integrating into Windows Server, Windows Deployment Services, PXE etc., it’s still going to serve you well.
April 2024 Update
- Deploy Windows client (20–25%)
- Manage identity and compliance (15–20%)
- Manage, maintain, and protect devices (40–45%)
- Manage applications (15–20%)
January 2024 Update
- Deploy Windows client (25–30%)
- Manage identity and compliance (15–20%)
- Manage, maintain, and protect devices (40–45%)
- Manage applications (10–15%)
You can see that Deploy Windows client has dropped from 25-30% to 20-25%, which aligns with the removal of Microsoft Deployment Toolkit, and Manage Applications has stepped in to fill the gap, increasing from 10-15% to 20-25%.
Deploy Windows client (25–30%)
Prepare for a Windows client deployment
- Select a deployment tool based on requirements
- Choose between migrate and rebuild
- Choose an imaging and/or provisioning strategy
- Select a Windows edition based on requirements
- Implement subscription-based activation
Plan and implement a Windows client deployment by using Windows Autopilot
- Configure device registration for Autopilot
- Create, validate, and assign deployment profiles
- Set up the Enrollment Status Page (ESP)
- Deploy Windows devices by using Autopilot
- Troubleshoot an Autopilot deployment
Plan and implement a Windows client deployment by using the Microsoft Deployment Toolkit (MDT)
- Plan and implement an MDT deployment infrastructure
- Create, manage, and deploy images
- Create a Windows reference image
- Configure MDT settings
- Deploy a Windows 10 image using MDT
- Configure Windows Deployment Services (WDS) in a remote site
- Task sequences
- Applications
- Driver repository
- Configure the MDT deployment share rules
- MDT Rules
- Verify database access in the MDT simulation environment
- Monitor and troubleshoot a deployment
- Plan and configure user state migration
Configure remote management
- Configure Remote Help in Intune
- Configure Remote Desktop on a Windows client
- Configure the Windows Admin Center
- Configure PowerShell remoting and Windows Remote Management (WinRM)
Manage identity and compliance (15–20%)
Manage identity
- Implement user authentication on Windows devices, including Windows Hello for Business, passwordless, and tokens
- Manage role-based access control (RBAC) for Intune
- Register devices in and join devices to Microsoft Entra
- Implement the Intune Connector for Active Directory
- Manage the membership of local groups on Windows devices
- Implement and manage Local Administrative Passwords Solution (LAPS) for Microsoft Entra
Implement compliance policies for all supported device platforms by using Intune
- Specify compliance policies to meet requirements
- Implement compliance policies
- Implement Conditional Access policies that require a compliance status
- Manage notifications for compliance policies
- Monitor device compliance
- Troubleshoot compliance policies
Manage, maintain, and protect devices (40–45%)
Manage the device lifecycle in Intune
- Configure enrollment settings
- Configure automatic and bulk enrollment, including Windows, Apple, and Android
- Configure policy sets
- Restart, retire, or wipe devices
Manage device configuration for all supported device platforms by using Intune
- Specify configuration profiles to meet requirements
- Implement configuration profiles
- Monitor and troubleshoot configuration profiles
- Configure and implement Windows kiosk mode
- Configure and implement profiles on Android devices, including fully managed, dedicated, corporate owned, and work profile
- Plan and implement Microsoft Tunnel for Intune
Monitor devices
- Monitor devices by using Intune
- Monitor devices by using Azure Monitor
- Analyze and respond to issues identified in Endpoint analytics and Adoption Score
Manage device updates for all supported device platforms by using Intune
- Plan for device updates
- Create and manage update policies by using Intune
- Manage Android updates by using configuration profiles
- Monitor updates
- Troubleshoot updates in Intune
- Configure Windows client delivery optimization by using Intune
- Create and manage update rings by using Intune
Implement endpoint protection for all supported device platforms
- Implement and manage security baselines in Intune
- Create and manage configuration policies for Endpoint security including antivirus, encryption, firewall, endpoint detection and response (EDR), and attack surface reduction (ASR)
- Onboard devices to Microsoft Defender for Endpoint
- Implement automated response capabilities in Microsoft Defender for Endpoint
- Review and respond to device issues identified in the Microsoft Defender Vulnerability Management dashboard
Manage applications (10–15%)
Deploy and update apps for all supported device platforms
- Deploy apps by using Intune
- Configure Microsoft 365 Apps deployment by using the Microsoft Office Deployment Tool or Office Customization Tool (OCT)
- Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center
- Deploy Microsoft 365 Apps by using Intune
- Configure policies for Office apps by using Group Policy or Intune
- Deploy apps from platform-specific app stores by using Intune
Plan and implement app protection and app configuration policies
- Plan and implement app protection policies for iOS and Android
- Manage app protection policies
- Implement Conditional Access policies for app protection policies
- Plan and implement app configuration policies for managed apps and managed devices
- Manage app configuration policies