Microsoft MD-102 - Endpoint Administrator

You have a Microsoft Entra tenant named contoso.com.

You manage devices by using Microsoft Intune. Automatic Intune enrollment is disabled.

Users report that they must enter the mobile device management (MDM) server address during device enrollment.

To reduce user interaction during device enrollment, you plan to create the following CNAME DNS hostname records:

EnterpriseEnrollment.contoso.com

EnterpriseRegistration.contoso.com

You need to configure a fully qualified domain name (FQDN) for each CNAME record to redirect enrollment requests to the Intune

servers.

How should you configure each FQDN? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Which devices are registered by using the Windows Autopilot deployment service?

You have a Microsoft 365 E5 subscription and 100 computers that run Windows 10.

You need to deploy Microsoft Office Professional Plus 2019 to the computers by using Microsoft Office Deployment Tool (ODT).

What should you use to create a customization file for ODT?

You have a Microsoft 365 subscription and use Microsoft Intune.

You have the Endpoint Privilege Management (EPM) elevation settings policy shown in the following exhibit.

No EPM elevation rules policies are configured.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

You need to implement mobile device management (MDM) for personal devices that run Windows 11. The solution must meet the following requirements:

• Ensure that you can manage the personal devices by using Microsoft Intune.

• Ensure that users can access company data seamlessly from their personal devices.

• Ensure that users can only sign in to their personal devices by using their personal account

What should you use to add the devices to Azure AD?

You have a Microsoft 365 subscription that contains two security groups named Group1 and Group2. Microsoft 365 uses Microsoft Intune Suite.

You use Microsoft Intune to manage devices.

You need to assign roles in Intune to meet the following requirements:

• The members of Group1 must manage Intune roles and assignments.

• The members of Group2 must assign existing apps and policies to users and devices.

The solution must follow the principle of least privilege.

Which role should you assign to each group? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that contains a user named User1.

You use Microsoft in tune to manage devices that run Windows 11.

You need to remove User1 from the local Administrators group on all enrolled devices. The solution must minimize administrative effort.

What should you configure?

You have a Microsoft 365 E5 subscription that contains devices enrolled in Microsoft Intune.

You plan to use Device query to provide on-demand information about the state of the devices. The solution must minimize costs. What should you do first?

You have a Microsoft 365 E5 subscription.

You have a Microsoft Intune enrollment profile for Android Enterprise devices that has the following settings:

• Name: Profile1

• Token type: Corporate-owned, fully managed

You need to enroll a new Android device in Intune by using Profile1. What should you use to enroll the device?

You have a Microsoft Entra tenant that contains the devices shown in the following table.

On which devices can you implement Endpoint Privilege Management (EPM)?