6.4 Final Seven-Day Review Plan and Mixed Scenario Priorities
Key Takeaways
- Use the final week to review the current April 28, 2026 Microsoft skills outline, then drill weak objectives with mixed scenarios instead of rereading notes passively.
- Protect devices is 15-20% of MD-102, but it blends with compliance, Conditional Access, app protection, Autopilot, remote actions, monitoring, and platform configuration.
- Know current readiness facts: the certification page lists 100 minutes for MD-102, Microsoft scoring guidance says 700 or greater is required to pass, and the certification renews annually.
- Mixed scenario questions usually reward the complete workflow: configure the device, evaluate the state, enforce access, monitor results, and remediate exceptions.
- Spend the last day on official logistics, exam sandbox familiarity, missed-question review, and a compact decision matrix rather than new deep study.
Start from the current blueprint
Use the official Microsoft Learn study guide as your final source of truth. As of the current MD-102 study guide, the skills measured are effective April 28, 2026, and the four domains are Prepare infrastructure for devices, Manage and maintain devices, Manage applications, and Protect devices. Protect devices is listed at 15-20%.
Current readiness facts
| Fact | Current study action |
|---|---|
| Skills measured effective April 28, 2026 | Review the current outline, not old MD-100/MD-101 or pre-refresh notes |
| Protect devices weight: 15-20% | Give it focused review time, but practice it in mixed scenarios with compliance, Conditional Access, and monitoring |
| Exam duration: 100 minutes | Practice pacing and do not spend too long on one long scenario |
| Passing score: 700 or greater on Microsoft certification exams | Aim for consistent margin on practice sets, not just one barely passing run |
| Practice assessment and exam sandbox are available from Microsoft Learn | Use them to check wording style and interface familiarity before exam day |
| Renewal frequency: 12 months for the certification | Understand that Microsoft expects current skills, not static memorization |
Official anchors:
Seven-day plan
| Day | Focus | Deliverable |
|---|---|---|
| Day 7 | Blueprint map | Mark every official objective as green, yellow, or red; Protect devices objectives should include security policies, Defender onboarding, and updates |
| Day 6 | Endpoint security policies | Build a one-page matrix for antivirus, disk encryption, firewall, ASR, EDR, account protection, and baselines |
| Day 5 | Defender for Endpoint integration | Practice the full connector -> onboarding -> risk compliance -> Conditional Access chain |
| Day 4 | Updates | Drill update rings vs feature updates vs expedited quality updates vs Delivery Optimization, then add Apple and Android controls |
| Day 3 | Mixed workflows | Combine compliance, Conditional Access, app protection, Defender risk, BitLocker, remote actions, and monitoring in one scenario set |
| Day 2 | Timed practice | Run a timed mixed set, tag every miss by objective, and redo only missed concepts after a break |
| Day 1 | Final readiness | Review official logistics, exam sandbox, policy decision matrix, and your top 20 missed-question lessons |
Mixed scenario priorities
MD-102 rarely tests a single isolated button. A realistic item may say that finance users have managed Windows laptops, Microsoft 365 access must be blocked when devices are high risk, BitLocker must stay enabled, monthly updates must be staged, and the security team needs visibility into failures. That scenario touches Defender for Endpoint, compliance, Conditional Access, disk encryption, update rings, reports, and remediation.
Use this five-part checklist when answers look similar:
- Configure the device with the right policy family.
- Evaluate state with compliance, Defender risk, or reporting.
- Enforce access with Conditional Access when resource access is part of the requirement.
- Monitor assignment, per-setting status, update state, risk, and failures.
- Remediate with targeted actions such as key rotation, security tasks, device isolation, expedited updates, or policy correction.
Last-week decision matrix
| If the stem says... | Think first |
|---|---|
| "Require compliant device for Microsoft 365" | Intune compliance policy plus Conditional Access |
| "High Defender risk should block access" | Defender connector, onboarding, risk-based compliance, Conditional Access |
| "Deploy Microsoft-recommended settings quickly" | Security baseline, then tune exceptions and conflicts |
| "Configure BitLocker" | Endpoint security disk encryption |
| "Configure firewall profiles or firewall rules" | Endpoint security firewall |
| "Block malicious macro and exploit behaviors" | Attack surface reduction rules |
| "Control regular Windows update timing and restarts" | Update rings |
| "Hold devices at a Windows release" | Feature update policy |
| "Patch a critical vulnerability immediately" | Expedited quality update policy |
| "Reduce WAN impact of updates" | Delivery Optimization |
| "Show update failures or readiness" | Update reports and device-level monitoring |
What not to do in the final week
Do not memorize portal paths without understanding the policy intent. Do not assume every security requirement is a baseline. Do not treat a successful assignment as proof that a device is secure or updated. Do not ignore non-Windows devices; Apple and Android update management appear in the current Protect devices objective list.
Order the best workflow for using Defender for Endpoint risk to block access to Microsoft 365 resources.
Arrange the items in the correct order
Which activities are high-value during the final seven days before MD-102? Select all that apply.
Select all that apply
A scenario asks you to stage monthly Windows updates to pilot and production groups, control restart deadlines, and then review deployment failures. Which answer pattern is strongest?
You've completed this section
Continue exploring other exams