The MD-102 exam is about to receive a minor update, only changing the Windows LAPS domain objective. So far we aren’t seeing any impact on the exam topics base on the recent addition of Intune suite capabilities into some Microsoft 365 suites, so that might be something we see in a future update.
The last major update for this exam was in September 2024, it had changes to the objective domains, as well as quite a few different objectives being added as well as removed. Let’s start off by taking a look at the objectives, and then take a look at the other changes.
September 2024 Update
- Prepare infrastructure for devices (25–30%)
- Manage and maintain devices (30–35%)
- Manage applications (15–20%)
- Protect devices (15–20%)
April 2024 Update
- Deploy Windows client (20–25%)
- Manage identity and compliance (15–20%)
- Manage, maintain, and protect devices (40–45%)
- Manage applications (15–20%)
We can’t really compare the percentage changes here because of the restructure, the only constant is the Manage applications section which remained at 15-20% of the exam.
Up next we have a list of what’s been added to the exam. Note that some of these aren’t really new additions, instead I think it’s better to think of some items now being more specifically called out, whereas previously they may have been part of a broader objective.
Added
- Apply a device name template
- Plan and implement provisioning packages
- Target a profile by using filters
- Plan and implement provisioning packages
- Implement a Windows 365 cloud PC deployment
- Create device configuration profiles for iOS devices
- Create device configuration profiles for Mac OS devices
- Create device configuration profiles for Enterprise multi-session devices
- Configure Endpoint Privilege Management
- Manage applications by using the Enterprise App Catalog
- Implement Microsoft Intune Advanced Analytics
- Identify use cases for Cloud PKI
- Implement Microsoft Tunnel for MAM
- Perform bulk remote actions
- Update Windows Defender security intelligence
- Rotate BitLocker recovery keys
- Run a device query by using KQL
- Create firewall policies
I won’t go through all of these, instead I’ll highlight the ones I view as the more major ones. The first one is the inclusion of Implement a Windows 365 cloud PC deployment. Notice that the emphasis is on implement, rather than configuration and management of policies for the virtual machines. Many of the other Intune related topics on policies, configuration etc apply to Windows 365, much the same way that they apply to end user’s physical devices.
The other major addition is the addition of other components of the Intune suite being added – Configure Endpoint Privilege Management, Manage applications by using the Enterprise App Catalog, Implement Microsoft Intune Advanced Analytics, Identify use cases for Cloud PKI and Implement Microsoft Tunnel for MAM. Remote Help was added previously, so this now rounds out the suite inclusion in the exam.
Removed
- Select a Windows edition based on requirements
- Implement subscription-based activation
- Configure the Windows Admin Center
- Configure Remote Desktop on a Windows client
- Configure PowerShell remoting and Windows Remote Management (WinRM)
- Monitor devices by using Intune
- Monitor devices by using Azure Monitor
- Configure and implement Windows kiosk mode
- Plan and implement Microsoft Tunnel for Intune
I’m not going to dwell on any particular removed item, instead I’ll advise on how to approach removals. I mostly assume that items are removed from the exam if they are no longer supported. This means that if other items on the list are still current and supported capabilities, they should be treated as core skills the exam expects you to have if you are working as a desktop administrator. From this list I think that the removal of Azure Monitor and Windows Admin Center makes a great deal of sense, as these two are really outside of the usual scenarios of desktop deployment, monitoring, and management. Notice here that I said usual scenarios for desktops, because these are more than likely going to be more heavily used in environments where Windows server variants are going to be used. I know that’s not always going to be the case, but the exam should be focusing on core scenarios, not edge cases.
Prepare infrastructure for devices (25–30%)
Add devices to Microsoft Entra ID
- Choose an appropriate device join type
- Join devices to Microsoft Entra ID
- Register devices to Microsoft Entra ID
- Plan and implement groups for devices in Microsoft Entra ID
Enroll devices to Microsoft Intune
- Configure enrollment settings
- Configure automatic enrollment for Windows and bulk enrollment for iOS and Android
- Configure enrollment profiles for Android devices, including fully managed, dedicated, corporate owned, and work profile
Implement identity and compliance
- Manage roles in Intune
- Implement compliance policies for all supported device platforms by using Intune
- Implement Conditional Access policies that require a compliance status
- Configure Windows Hello for Business
- Implement and manage Local Administrative Passwords Solution (LAPS)
- Manage the membership of local groups on Windows devices by using Intune
Manage and maintain devices (30–35%)
Deploy and upgrade Windows clients by using cloud-based tools
- Choose between Windows Autopilot and provisioning packages
- Choose a Windows Autopilot deployment mode
- Apply a device name template
- Implement Windows client deployment by using Windows Autopilot
- Create an Enrollment Status Page (ESP)
- Plan and implement provisioning packages
- Plan and implement device upgrades for Windows 11
- Implement a Windows 365 cloud PC deployment
Plan and implement device configuration profiles
- Create device configuration profiles for Windows devices, including importing ADMX files
- Create device configuration profiles for Android devices
- Create device configuration profiles for iOS devices
- Create device configuration profiles for Mac OS devices
- Create device configuration profiles for Enterprise multi-session devices
- Target a profile by using filters
Implement Intune Suite add-on capabilities
- Configure Endpoint Privilege Management
- Manage applications by using the Enterprise App Catalog
- Implement Microsoft Intune Advanced Analytics
- Configure Microsoft Intune Remote Help
- Identify use cases for Cloud PKI
- Implement Microsoft Tunnel for MAM
Perform remote actions on devices
- Sync, restart, retire, or wipe devices
- Perform bulk remote actions
- Update Windows Defender security intelligence
- Rotate BitLocker recovery keys
- Run a device query by using KQL
Manage applications (15–20%)
Deploy and update apps
- Prepare applications for deployment by using Intune
- Deploy apps by using Intune
- Deploy Microsoft 365 Apps by using Intune
- Configure policies for Office apps
- Deploy Microsoft 365 Apps as part of a Windows Autopilot deployment by using the Microsoft Office Deployment Tool (ODT) or Office Customization Tool (OCT)
- Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center
- Deploy apps from platform-specific app stores by using Intune
Plan and implement app protection and app configuration policies
- Plan and implement app protection policies
- Implement Conditional Access policies for app protection policies
- Plan and implement app configuration policies for managed apps and managed devices
Protect devices (15–20%)
Configure endpoint security
- Create antivirus policies
- Create disk encryption policies
- Create firewall policies
- Configure Attack surface reduction policies
- Plan and implement security baselines
- Integrate Intune with Microsoft Defender for Endpoint
- Onboard devices into Microsoft Defender for Endpoint
Manage device updates by using Intune
- Plan for device updates
- Create and manage update rings by using Intune
- Create and manage update policies by using Intune, including iOS and Mac OS
- Manage Android updates by using configuration profiles or firmware-over-the-air (FOTA) deployments
- Configure Windows client delivery optimization by using Intune
- Monitor updates
intunedin.net 