7 Things I Wish Someone Told Me Before the MD-102

Every study guide for the MD-102 starts the same way: "The MD-102 exam measures your ability to deploy, configure, and manage modern endpoints." Cool. Thanks. That tells me exactly nothing about what I'm actually walking into.

Here are the seven things I genuinely wish someone had told me before I sat down for this exam. Then we'll get into the study plan.

Thing #1: It's an Intune Exam Disguised as an Endpoint Exam

The official name is "Endpoint Administrator," which sounds like it could cover a bunch of things. In practice, it's about 70% Microsoft Intune. If you know Intune well, you're most of the way there. If you don't, this exam will humble you.

Specifically, you need to know:

• Device compliance policies — not just what they are, but how to build them for specific scenarios
• Configuration profiles — the different types (device restrictions, VPN, Wi-Fi, certificates) and when to use each
• App protection policies — MAM without enrollment, data protection, conditional launch
• Windows Autopilot — deployment profiles, enrollment status page, self-deploying mode vs user-driven

Thing #2: Conditional Access Is Everywhere

I expected maybe 2-3 questions on Conditional Access. There were closer to 8-10 that involved it either directly or as part of a scenario. Conditional Access policies sit at the intersection of identity, device management, and security — which is exactly what MD-102 tests.

Know these cold:

• Assignments: Users/groups, cloud apps, conditions (device platforms, locations, risk levels)
• Grant controls: Require MFA, require compliant device, require Hybrid Azure AD join
• Session controls: App enforced restrictions, conditional access app control
• Common patterns: Block legacy auth, require MFA for admins, require compliant devices for Exchange Online

Thing #3: The Naming Has Changed (Again)

Microsoft loves renaming things. For the 2026 exam:

• "Azure AD" → Microsoft Entra ID
• "Azure AD Join" → Microsoft Entra join
• "Hybrid Azure AD Join" → Microsoft Entra hybrid join
• "Endpoint Manager" → Just Microsoft Intune now
• "Company Portal" is still Company Portal (small mercies)

The exam uses the new names. If your study materials still say "Azure AD," they might be outdated on terminology even if the concepts are correct.

Thing #4: Group Policy vs Intune Isn't Simple

Several questions present scenarios where you need to decide between Group Policy (GPO) and Intune configuration profiles. The answer isn't always "use Intune" — it depends on the device join state, management scenario, and whether the device is cloud-only or hybrid.

Quick rule of thumb:

• Microsoft Entra joined (cloud-only): Intune only. No GPO possible
• Microsoft Entra hybrid joined: Both GPO and Intune. Exam tests when to use which (hint: Intune preferred for new policies, GPO for legacy compatibility)
• On-premises AD joined only: GPO. But the exam increasingly pushes toward cloud management

Thing #5: Windows Update Management Is Deceptively Complex

I thought Windows Update rings would be 1-2 questions. It was more like 5. The exam tests your ability to design update deployment rings, configure feature update policies, and troubleshoot update compliance.

What you need to know:

• Update rings: Deferral periods, quality updates vs feature updates, deadline settings
• Feature update policies: Targeting specific Windows versions, safeguard holds
• Windows Update for Business: How it differs from WSUS, co-management scenarios
• Compliance reporting: How to check update status across your fleet

Thing #6: App Deployment Has Layers

Deploying apps through Intune sounds straightforward until you realize there are multiple app types and assignment types, and the exam tests all of them.

• App types: Win32 apps, Microsoft Store apps, MSI line-of-business, web links, Microsoft 365 Apps
• Assignment types: Required (auto-install), Available (user-initiated from Company Portal), Uninstall
• Win32 app deployment: Detection rules (MSI product code, file/folder, registry), requirement rules, dependencies, supersedence
• App protection policies (MAM): Protecting corporate data in apps WITHOUT enrolling the device

The Win32 app questions are particularly tricky. You need to understand the IntuneWinAppUtil packaging process and how detection rules determine whether an app is already installed.

Thing #7: Practice Tests Change Everything

I studied for 3 weeks without taking a single practice test. Big mistake. When I finally tried one on ExamCert's MD-102 practice exam, I scored 58%. The shock was exactly what I needed — it showed me where my gaps were (Conditional Access and Windows Update, as it turned out).

Take practice tests early and often. Not to memorize answers, but to calibrate your knowledge.

The 6-Week Study Plan

Based on what I learned (sometimes the hard way), here's the plan I'd follow if I could do it over.

Week 1: Intune Fundamentals and Device Enrollment

• Set up a free Microsoft 365 developer tenant (essential for labs)
• Enroll a test device (physical or VM) into Intune
• Understand enrollment methods: automatic enrollment, bulk enrollment, Windows Autopilot
• Learn device categories and dynamic groups

Week 2: Compliance and Configuration Profiles

• Create compliance policies for Windows, iOS, and Android
• Build configuration profiles: device restrictions, VPN, Wi-Fi, certificates
• Understand the settings catalog vs templates vs administrative templates
• Learn policy conflict resolution and reporting

Week 3: Conditional Access and Identity

• Deep dive into Microsoft Entra Conditional Access policies
• Practice creating policies: require MFA, require compliant device, block locations
• Understand named locations, device filters, and authentication strength
• Learn multi-factor authentication methods and registration

Week 4: App Management and Deployment

• Deploy each app type: Win32, MSI, Microsoft Store, Microsoft 365 Apps
• Configure app protection policies for iOS and Android
• Practice Win32 app packaging and detection rules
• Understand app configuration policies and S-mode

Week 5: Windows Autopilot and Update Management

• Configure Autopilot deployment profiles (user-driven and self-deploying)
• Set up enrollment status page (ESP) and understand its phases
• Create Windows Update rings and feature update policies
• Practice driver update management in Intune

Week 6: Practice Tests and Final Review

• Take 3-4 full-length practice tests on ExamCert's MD-102 practice exam
• Review weak areas — for most people, it's Conditional Access or update management
• Re-read the official exam skills outline and verify you can explain each bullet point
• One final hands-on session: enroll a device, push compliance + config + apps, and verify everything works

MD-102 Exam Day Advice

Some tactical tips for the actual exam:

• Read the FULL scenario. MD-102 questions often include details in the requirements section that change the correct answer. Don't skim
• Watch for "minimize administrative effort." When the question says this, choose the simplest solution that meets ALL requirements. Not the most secure, not the most scalable — the simplest
• Entra ID terminology matters. If an answer option says "Azure AD" and another says "Microsoft Entra ID," the exam uses the new terminology consistently. This shouldn't trick you, but be aware
• Lab questions are possible. Some MD-102 exams include interactive lab scenarios where you configure things in a simulated Intune portal. Practice in the real portal so the interface is familiar

Career Value: Is MD-102 Worth It?

Here's the thing about endpoint management: every company with more than 50 employees needs someone doing this. And with remote/hybrid work being permanent now, Intune skills are genuinely in demand.

Salary ranges for Endpoint Administrators in 2026:

• US: $85K-$120K USD (higher in HCOL areas)
• Australia: $95K-$130K AUD
• UK: £45K-£70K

The MD-102 pairs exceptionally well with AZ-104 for a cloud admin career path, or with SC-900 and SC-200 for a security operations path. Endpoint management is where cloud and security intersect — and that's a very hireable intersection.

Resources I'd Recommend

• Microsoft Learn MD-102 path: Free and updated regularly. Start here
• ExamCert MD-102 practice questions: Most realistic I found for exam-style scenarios
• Microsoft 365 developer tenant: Free for 90 days. Essential for hands-on practice
• Microsoft Tech Community blog: Intune team posts about new features regularly. Exam questions sometimes test recent additions

Frequently Asked Questions