Image may be NSFW.
Clik here to view.

MD-101 just got a minor update, but more importantly it’s been announced that this exam is retiring at the end of July. I’m currently working on the blog post for the exam that will replace it, MD-102: Endpoint Administrator, and that should be published within the next week. That means that this is most likely the last update I will be publishing for this exam guide, but much of what’s in here carries across to MD-102, and you’ll get my take on the new exam shortly.

Deploy Windows client (25-30%)

Plan a Windows client deployment 

• assess infrastructure readiness by using Endpoint Analytics
  • Endpoint analytics scores, baselines, and insights
  • Work from anywhere report
  • Windows 10 infrastructure requirements
  • What is co-management?
  • Enable tenant attach
• select a deployment tool based on requirements
  • New computer deployment
• choose between migrate and rebuild
  • Windows upgrade and migration considerations
• choose an imaging and/or provisioning strategy
  • Deployment categories
• plan and implement changes to Windows edition by using subscription activation or MAK license management
  • How Multiple Activation Key works
  • Windows 10/11 Subscription Activation
  • Windows 10 edition upgrade

Plan and implement Windows client provisioning by using Windows Autopilot 

• choose an Autopilot deployment method based on requirements, including user-driven mode, self-deploying mode, autopilot reset, and pre-provisioning
  • Windows Autopilot Scenarios and capabilities
• configure device registration for Autopilot
  • Adding devices
  • Windows Autopilot Deployment Program
• create, validate, and assign deployment profiles
  • Configure Autopilot profiles
• set up the Enrollment Status Page
  • Enrollment Status Page
• provision Windows devices by using Autopilot
  • Demonstrate Autopilot deployment on a VM
• troubleshoot an Autopilot deployment
  • Windows Autopilot Troubleshooting Overview

Plan and implement Windows client deployment by using Microsoft Deployment Toolkit (MDT)

• plan and implement an MDT deployment infrastructure
  • Prepare for deployment with MDT
• choose configuration options based on requirements, such as boot images, OS images, upgrade packages, task sequences, and drivers
  • Configure MDT settings
• create, manage, and deploy images
  • Create a Windows reference image
• plan and implement PXE boot by using Windows Deployment Services (WDS) •
  • Deploy a Windows 10 image using MDT
  • Configure Windows Deployment Services (WDS) in a remote site
• create and use task sequences
  • Task sequences
• manage application and driver deployment
  • Applications
  • Driver repository
• customize an MDT deployment by using customsettings.ini and bootstrap.ini
  • Configure the MDT deployment share rules
  • MDT Rules
  • Verify database access in the MDT simulation environment
• monitor and troubleshoot deployment
  • Monitoring MDT
• plan and configure user state migration
  • User State Migration Tool (USMT) Technical Reference

Manage identity and access (10-15%)

Manage identity 

• register devices in and join devices to Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra
  • Azure AD joined devices
  • Azure AD registered devices
  • Hybrid Azure AD joined devices
• enable users and groups from Azure Active Directory to access Windows client
  • Plan your Azure AD device deployment
  • Assign local admins to Azure AD joined devices
• register devices in and join devices to Azure Active Directory
  • Azure AD joined devices
  • Azure AD registered devices
  • Hybrid Azure AD joined devices
• manage AD DS and Azure AD groups
  • Active Directory Security Groups
  • Create a group and add members using Azure Active Directory
• manage AD DS and Azure AD users
  • Active Directory Accounts
  • Add or delete users using Azure Active Directory
• configure Enterprise State Roaming in Azure AD
  • Enable enterprise state roaming
  • Enterprise state roaming Windows settings

Plan and implement conditional access policies 

• plan conditional access
  • Common ways to use conditional access
• set up conditional access policies
  • Create and assign conditional access policy
  • Device-based Conditional Access policy
• determine which users are affected by a conditional access policy
  • Monitor conditional access
• troubleshoot conditional access
  • Troubleshoot using the What If tool

Manage compliance policies and configuration profiles (10-15%)

Implement device compliance policies 

• plan device compliance policies
  • Get started with device compliance policies in Intune
• implement device compliance policies
  • Create a device compliance policy
• manage notifications for device compliance policies
  • Actions for noncompliance
• monitor device compliance
  • Monitor device compliance
• troubleshoot device compliance policies
  • Troubleshoot policies and profiles

Plan and implement device configuration profiles 

• plan device configuration profiles
  • Determine requirements
• implement device configuration profiles
  • Configure device profiles
  • Create a filter
  • Add PowerShell scripts to Windows 10 devices in Microsoft Intune
• monitor and troubleshoot device configuration profiles
  • How Intune resolves policy conflicts
  • Troubleshoot policies and profiles
• configure and implement assigned access on public devices, including kiosks and dedicated devices
  • Prepare a device for kiosk configuration

Manage, maintain, and protect devices (25-30%)

Manage device lifecycle 

• configure enrollment settings in Intune
  • Enrollment options
  • Enroll devices
  • Android device enrollment guide for Microsoft Intune
  • Connect your Intune account to your Managed Google Play account.
  • Windows enrollment
  • Managing Windows 10 with Intune – The Many Ways to Enrol
• configure automatic and bulk enrollment in Intune
  • Set up automatic enrollment
  • Device enrollment manager
• configure policy sets
  • Use policy sets
• restart, retire, or wipe devices
  • Restart
  • Retire
  • Wipe

Monitor devices 

• monitor devices by using Azure Monitor
  • Review logs with Azure Monitor
• monitor device hardware and software inventory by using Endpoint Manager Admin Center
  • Examine device inventory
• monitor devices by using Endpoint Analytics
  • What is Endpoint analytics?
  • Enroll Intune devices

Manage device updates 

• plan for device updates
  • Windows as a Service
  • Prepare servicing strategy for Windows client updates
• create and manage quality update policies by using Intune
  • Configure Windows Update for Business
  • Deploy updates using Windows Update for Business
• create and manage feature update policies by using Intune
  • Configure Windows Update for Business
  • Deploy updates using Windows Update for Business
• create and manage iOS/iPadOS update policies by using Intune
  • Manage iOS/iPadOS software update policies in Intune
• manage Android updates by using device configuration profiles
  • Android Enterprise device settings to allow or restrict features using Intune
• monitor updates
  • Windows Update compliance reports
• troubleshoot updates in Intune
  • Troubleshoot policies and profiles
• configure Windows client delivery optimization by using Intune
  • Configure Delivery Optimization for Windows updates
• create and manage update rings by using Intune
  • Configure Windows Update for Business
  • Deploy updates using Windows Update for Business

Plan and implement endpoint protection 

• plan endpoint security
  • Endpoint security
• implement and manage security baselines in Intune
  • Manage security baselines
• create and manage configuration policies for Endpoint Security including antivirus, encryption, firewall, endpoint detection and response, and attack surface reduction
  • Disk encryption
  • Windows Defender Application Control design guide
  • Enable exploit protection
  • Microsoft Defender Application Guard
  • Protect derived domain credentials with Credential Guard
  • Securing privileged access
• onboard devices into Microsoft Defender for Endpoint
  • Onboard to the Microsoft Defender for Endpoint service
  • Onboarding using Microsoft Endpoint Manager
  • Enable and configure always-on protection and monitoring
• monitor Microsoft Defender for Endpoint
  • Security operations dashboard
  • Threat protection reports
• investigate and respond to threats
  • Endpoint detection and response overview
  • Evaluate capabilities

Manage apps (10-15%)

Deploy and update applications 

• deploy apps by using Intune
  • Assign apps to groups with Microsoft Intune
  • Dynamic group rule syntax
  • Deploy Windows 10/11 apps
• configure Microsoft 365 Apps deployment by using Office Deployment Toolkit or Office Customization Tool
  • Deployment guide
  • Overview of the Office Customization Tool
  • Overview of the Office Deployment Tool
  • Deploy Microsoft 365 Apps from a local source
  • Use Readiness Toolkit to assess application compatibility
• manage Microsoft 365 Apps by using Microsoft 365 Apps Admin Center
  • Deploy Microsoft 365 Apps from the cloud
  • Overview of the Office cloud policy service for Microsoft 365 Apps for enterprise
• deploy Microsoft 365 Apps by using Intune
  • Add Microsoft 365 apps to Windows 10/11 devices with Microsoft Intune
• manage Office app settings by using group policy or Intune
  • Policies for Office apps in Intune
  • Change the update channel with Group Policy
  • Administrative Template files (ADMX/ADML) for Microsoft 365 Apps for enterprise
• deploy apps by using Microsoft Store for Business, Apple store, and Google store
  • Distribute apps to your employees from the Microsoft Store for Business and Education
  • How to get Android apps
  • How to get iOS/iPadOS apps

Implement app protection and app configuration policies 

• plan app protection policies
  • Determine requirements
  • Create & assign WIP app protection policies
• plan app configuration policies for iOS and Android
  • App protection policies and work profiles (Android)
• implement app protection policies
  • Create app protection policies
• implement app configuration policies for iOS and Android
  • iOS managed devices
  • Android managed devices
• manage app protection policies
  • Use app protection policies
• manage app configuration policies
  • App configuration policies