Manage and secure applications
Drill 20 practice questions focused entirely on Manage and secure applications for the Microsoft MD-102 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
Your organization deploys the Microsoft Outlook app to corporate-owned, Intune-enrolled iOS devices. You need to preconfigure the users' email accounts automatically so employees do not have to type their email address, username, or server details at first launch. The setting values must be delivered through the managed app configuration channel that only works when the app is deployed and managed by Intune. Which type of policy should you create?
Your company allows employees to access Outlook and Teams on personal (BYOD) iOS and Android devices that are NOT enrolled in Intune. Security requires that corporate data cannot be copied from managed Microsoft apps into the user's personal apps, and that copy/paste from personal apps into managed apps is still allowed. Which Intune app protection policy setting should you configure to meet this requirement?
Your company allows employees to access Microsoft 365 email and files from personal (BYOD) iOS and Android devices that are NOT enrolled in Intune. You have deployed an app protection policy (APP) targeting the Outlook and OneDrive mobile apps. An employee reports their personal phone was lost. Management wants only the corporate data removed from the affected apps while leaving the employee's personal photos and apps untouched. What should you do from the Microsoft Intune admin center?
Your organization uses Android Enterprise with Intune, and the managed Google Play connector is already configured. Developers have built an internal Android app (an APK) that is not published to the public Google Play Store. You must make this app available only to your organization's users through the managed Google Play store so it can be assigned as a required app in Intune. What should you do?
Your organization deploys the Outlook mobile app to corporate iOS and Android devices via Intune. Executives complain they receive push notifications and email badge updates during evenings and weekends. Leadership asks you to suppress work-related notifications outside business hours across all managed mobile users, without requiring each user to configure their own device settings. Which Intune capability should you configure?
You are an Endpoint Administrator for Contoso. The development team has produced an internal iOS application packaged as a signed .ipa file. You need to distribute this app only to Contoso's enrolled iOS devices without publishing it to the Apple App Store or using Apple Business Manager volume purchasing. In the Microsoft Intune admin center, which app type should you select when adding the app?
Your organization deploys Microsoft 365 Apps for enterprise to 4,000 Windows devices. Leadership wants Microsoft to automatically manage the rollout of monthly feature and security updates for the Office client, applying updates in waves and providing update reporting, without you having to build and maintain Intune update rings for Office. You want to use the recommended, cloud-managed approach configured in the Microsoft 365 Apps admin center. What should you configure?
Your organization wants to deploy a productivity utility that is published in the new Microsoft Store (winget-based) to all Windows 11 devices in the Sales department. The app must install automatically without user interaction and stay updated when new versions are released to the Store. In the Microsoft Intune admin center, what is the correct approach?
You deployed a required Win32 app to a group of 500 Windows devices through Microsoft Intune. In the Microsoft Intune admin center, you review the app's device install status and see that approximately 40 devices report a status of "Failed" with the error code 0x87D13B62. You need to identify the root cause of the installation failures on the affected devices. Which action should you take FIRST?
You package an internal accounting tool as a Win32 (.intunewin) app and upload it to Microsoft Intune. Finance staff should be able to choose whether and when to install it themselves from the Company Portal, but the app must not be pushed automatically to their devices. All finance users are members of an Entra ID group named 'Finance-Users'. How should you configure the app assignment to meet this requirement?
Your company distributes a 900 MB engineering application (installer plus supporting files) to Windows 10/11 devices through Intune. Before you can upload the application to Intune as a Win32 app, you must package the source files. Which action must you perform first?
Your company packages an internal accounting application as a Win32 (.intunewin) app. The application requires the Microsoft Visual C++ Redistributable to be present before it can install successfully. You have also packaged the redistributable as a separate Win32 app in Intune. You want Intune to automatically install the redistributable first, and only proceed with the accounting app if the redistributable installs successfully. What should you configure?
You package an internal in-house utility as a Win32 (.intunewin) app and deploy it as Required. The installer is a proprietary EXE that does not write an MSI product code, does not create a predictable registry uninstall key, and installs its main binary to a version-specific folder whose name changes with each release. You need Intune to reliably report installation success only when the currently deployed version is actually present. Which detection method should you configure?
You are packaging an internal reporting tool as a Win32 app (.intunewin) for deployment to Windows 11 devices via Intune. The installer places ReportTool.exe (version 4.2.1.0) in C:\Program Files\Contoso\ReportTool. You plan to release incremental updates in the future using supersedence. You must configure a detection rule that reports the app as installed only when the deployed version or a newer one is present, without hard-coding a single exact version string. Which detection rule configuration should you use?
You are packaging an internal accounting application as a Win32 (.intunewin) app in Microsoft Intune. The application is distributed as a single MSI installer. After deployment, several devices report the app as 'Installed' even though the software is not actually present, causing confusion in reporting. You need to configure a detection method that reliably reports installation status for this MSI-based app with the least administrative effort. What should you configure?
Contoso packages a Win32 line-of-business application as an .intunewin file and deploys it to a group of Windows 11 devices as Required. The application must install for all users on each device and must complete even if no user is currently signed in. During testing you notice the installation writes a per-user registry key under HKCU that the vendor requires for licensing. Which install behavior configuration should you choose for the Win32 app in Intune to satisfy both requirements?
You are packaging a Win32 line-of-business application as an .intunewin file and deploying it through Microsoft Intune. The vendor states the app must only install on devices that already have a specific middleware component installed, which registers itself by writing the value 'Installed' to the registry key HKLM\SOFTWARE\Contoso\Middleware under the name 'Status'. Devices without this component must not receive the app, and Intune should not even attempt the installation on them. What should you configure in the Win32 app deployment?
You package an internal accounting application as a Win32 (.intunewin) app and assign it as required to a group of Windows 11 devices. The vendor's installer returns exit code 3010 when it completes successfully but needs a restart to finish configuration. During deployment, the Microsoft Intune admin center reports the installations as failed even though the software appears to work after users manually reboot. You need Intune to correctly interpret the installer result and coordinate the restart. What should you configure?
Your organization deployed an older version (v1.0) of an internal Win32 line-of-business app to a device group in Intune. A new version (v2.0) is packaged as a separate .intunewin file. You must ensure that devices already running v1.0 are upgraded to v2.0 automatically, and that the v1.0 package is removed so it no longer counts against reporting. The upgrade must occur without requiring users to manually uninstall the old app. What should you configure?
Contoso packages an updated version of a line-of-business time-tracking application as a Win32 (.intunewin) app in Intune. The vendor requires that the previous version be removed before the new one installs, but the app stores user timesheet data in a folder that the uninstaller preserves. When you configure the supersedence relationship in the new app, which supersedence setting ensures the older version is uninstalled before the new version installs?
More MD-102 practice
Keep going with the other Microsoft 365 Endpoint Administrator domains, or take a full timed mock exam.
← Back to MD-102 overview