Domain Map and Weighting Strategy
Key Takeaways
- The largest MD-102 domain is Manage and maintain devices at 30-35 percent of the exam.
- Prepare infrastructure for devices is the second-largest domain at 25-30 percent and heavily supports the rest of the blueprint.
- Manage applications and Protect devices are each 15-20 percent, so together they can represent 30-40 percent of the exam.
- Prepare plus Manage and maintain can account for 55-65 percent of the exam, so enrollment, provisioning, configuration, and operations need the most practice.
- Weighting should guide time allocation, but every domain needs hands-on scenario practice because Microsoft often blends identity, compliance, apps, and security in one question.
Current Skills-Measured Map
The official MD-102 study guide lists four skills-measured domains effective as of April 28, 2026. Use these weights to decide where to spend hands-on practice time, but do not read them as isolated silos. Endpoint administration is integrated work: a Windows Autopilot deployment can include device groups, Enrollment Status Page settings, Microsoft 365 Apps installation, compliance, BitLocker policy, and update rings.
| Domain | Weight | Core study focus | High-yield decisions |
|---|---|---|---|
| Prepare infrastructure for devices | 25-30% | Microsoft Entra device join and registration, Intune enrollment, roles, compliance, Conditional Access, Windows Hello for Business, Windows LAPS, local group membership | Join type, enrollment method, compliance requirement, access condition |
| Manage and maintain devices | 30-35% | Windows Autopilot, provisioning packages, Windows 11 upgrades, Windows 365 Cloud PCs, configuration profiles, filters, Intune Suite capabilities, remote actions, monitoring | Deployment mode, profile type, assignment scope, remote remediation action |
| Manage applications | 15-20% | App packaging, deployment, Microsoft 365 Apps, Office policies, app stores, app protection, app configuration | Required versus available app, managed app versus managed device, Office deployment path |
| Protect devices | 15-20% | Antivirus, disk encryption, firewall, attack surface reduction, security baselines, Defender for Endpoint, update rings and platform updates | Security profile choice, Defender onboarding, update policy, encryption recovery |
Weighting Strategy
For an 80-hour study budget, a proportional plan would roughly look like this:
| Study bucket | Suggested hours | Why |
|---|---|---|
| Prepare infrastructure | 22 | It creates the identity, enrollment, compliance, and access foundation for many scenario questions. |
| Manage and maintain | 28 | It is the largest domain and includes deployment, configuration, Intune Suite, remote actions, and monitoring. |
| Manage applications | 14 | It is smaller by weight, but app deployment and app protection are common real-world decision points. |
| Protect devices | 16 | It overlaps with compliance, Defender, encryption, update management, and security operations. |
How to Read Cross-Domain Questions
When a question mentions a domain-specific tool, do not stop there. Ask what the business requirement is. If the requirement is to block access until a device meets policy, compliance and Conditional Access are central. If the requirement is to protect corporate data in apps without enrolling personal devices, app protection is central. If the requirement is to deploy brand-new Windows devices remotely with a known user experience, Autopilot and Enrollment Status Page design are central.
A useful weekly review pattern is to pick one operational story and map it across the four domains. Example: deploy 500 Windows 11 laptops to remote employees. The Prepare domain covers Microsoft Entra join, groups, enrollment, and compliance. Manage and maintain covers Autopilot, configuration profiles, filters, and remote actions. Manage applications covers Microsoft 365 Apps and required line-of-business apps. Protect devices covers BitLocker, Defender for Endpoint onboarding, attack surface reduction, and update rings.
What to Practice First
- Build confidence in join, registration, enrollment, compliance, and Conditional Access because these concepts are prerequisites for many other tasks.
- Drill Windows Autopilot, Enrollment Status Page, configuration profiles, filters, remote actions, Windows 365, and Intune Suite capabilities because this is the heaviest domain.
- Practice app deployment and mobile app protection scenarios separately so you do not confuse device management with app-level data protection.
- Tie endpoint security settings to outcomes: encryption, antivirus, firewall, attack surface reduction, baseline posture, Defender onboarding, and update reporting.
Which study priorities best reflect the current MD-102 domain weights? Select all that apply.
Select all that apply
Match each task to the most directly related MD-102 domain.
Match each item on the left with the correct item on the right