MD-102 Notes

Perfect—this is exactly how you turn effort into results. I’ve converted your entire plan for the Microsoft MD-102 into clean, ready-to-import flashcards.

📥 HOW TO USE THIS

  • Copy everything below

  • Paste into:

    • Knowt (recommended)

    • Or Anki / Quizlet

  • Import as:

    • Front | Back

🧠 MD-102 FLASHCARDS (FULL SET)

🔹 DAY 1–2: IDENTITY + ENROLLMENT

What is Azure AD (Entra ID)? | Cloud-based identity and access management service
What is Azure AD Joined device? | Device joined directly to cloud directory only
What is Hybrid Azure AD Joined? | Device joined to on-prem AD and synced to Azure AD
What is Azure AD Registered? | Personal/BYOD device registered but not fully joined
When use Hybrid Join? | When organization still uses on-prem AD
What is MDM? | Mobile Device Management (device-level control)
What is MAM? | Mobile Application Management (app-level control without full device control)
What is automatic enrollment? | Devices enroll into Intune automatically when joined to Azure AD
What is BYOD? | Bring Your Own Device (personal device used for work)
Corporate vs BYOD difference? | Corporate = full control, BYOD = limited control

🔹 DAY 3: AUTOPILOT

What is Windows Autopilot? | Cloud-based device deployment without imaging
Main goal of Autopilot? | Zero-touch provisioning
What is required for Autopilot? | Device hardware hash registered in Intune
Autopilot user-driven mode? | User logs in and completes setup
Autopilot self-deploying mode? | Fully automated deployment with no user input
Autopilot pre-provisioned? | IT preloads apps/policies before user receives device
What does Autopilot configure? | Azure AD join, Intune enrollment, apps, policies
Autopilot vs imaging? | Autopilot is cloud-based, imaging is traditional/manual

🔹 DAY 4–5: INTUNE + CONFIGURATION

User group vs device group? | User group targets users, device group targets devices
What is a configuration profile? | Policy that applies settings to devices
Settings catalog? | Central location for configuring device settings in Intune
What causes policy not applying? | Wrong group, device not enrolled, license missing, conflicts
What is device check-in? | Device syncing with Intune to receive policies
What are scope tags? | Used to control visibility of resources in Intune

🔹 DAY 6: COMPLIANCE

What is a compliance policy? | Rules that determine if a device is secure
Examples of compliance settings? | BitLocker, password, OS version
What happens if device is non-compliant? | Marked non-compliant in Intune
Does compliance block access by itself? | No, requires Conditional Access
Compliance + Conditional Access? | Enforces access restrictions

🔹 DAY 7: CONDITIONAL ACCESS

What is Conditional Access? | Policy that controls access based on conditions
Conditions in CA? | User, device, location, risk
Controls in CA? | Allow, block, require MFA, require compliant device
Main goal of CA? | Enforce Zero Trust security
Example CA scenario? | Block access if device is non-compliant

🔹 DAY 8–9: APP DEPLOYMENT

What is a Win32 app? | Advanced app deployment (.intunewin format)
What is LOB app? | Line-of-business app, simpler deployment
Required app? | Installs automatically
Available app? | User installs from Company Portal
What is detection rule? | Determines if app is already installed
First troubleshooting step? | Check Intune device/app install status
Where to check failures? | Intune portal and device logs

🔹 DAY 10: UPDATES

What are Update Rings? | Policies controlling Windows update deployment
What can Update Rings control? | Deferrals, deadlines, restart behavior
What is Feature Update? | Upgrade to new Windows version
Purpose of Update Rings? | Controlled rollout of updates

🔹 DAY 11–12: SECURITY + BITLOCKER

What is BitLocker? | Disk encryption for data protection
Where are BitLocker keys stored? | Azure AD / Intune
Why use BitLocker? | Protect data on lost/stolen devices
What is Endpoint Security in Intune? | Security policies like antivirus, firewall
What is Microsoft Defender? | Built-in antivirus solution

🔹 DAY 13: RBAC

What is RBAC? | Role-Based Access Control
Purpose of RBAC? | Limit access based on role
What are Intune roles? | Permissions assigned to admins
Why use scope tags? | Restrict admin visibility

🔹 DAY 14: MONITORING

What is Endpoint Analytics? | Provides performance and usage insights
What can you monitor in Intune? | Compliance, apps, device health
What is device status report? | Shows device configuration and compliance state

🔥 BONUS: TROUBLESHOOTING (HIGH VALUE)

Device not receiving policy—first step? | Check group assignment
App not installing—first step? | Check Intune install status
User blocked from access—why? | Likely Conditional Access policy
Device non-compliant—impact? | Access blocked if CA enforced
Policy conflict—result? | One policy overrides or fails