MS-102 – Implement Endpoint Protection (Microsoft Defender for Endpoint)
1. What is Microsoft Defender for Endpoint?
Enterprise endpoint security platform
Email security gateway
Network firewall appliance
Defender for Endpoint protects enterprise endpoints.
2. Which operating systems are supported by Microsoft Defender for Endpoint?
Windows only
Windows and Linux only
Windows, macOS, Linux, Android, iOS
It supports all major desktop and mobile OS.
3. What provides the frontline of defense in Defender for Endpoint?
Attack surface reduction
Automated remediation
Advanced hunting
ASR is the first security pillar.
4. Which component collects behavioral signals from endpoints?
Firewall logs
Endpoint behavioral sensors
SIEM agents
Sensors are built into Windows 10/11.
5. What does cloud security analytics provide?
Local device encryption
Email filtering
Insights, detections, and responses
Cloud analytics turns signals into detections.
6. Which plan includes Advanced Hunting and EDR?
Plan 1
Defender Antivirus
Microsoft Defender for Endpoint Plan 2
Plan 2 includes advanced capabilities.
7. What role does Microsoft Intune play with Defender for Endpoint?
Threat intelligence only
Device onboarding, compliance, and remediation
Email protection
Intune enforces policies and remediation.
8. What happens if multiple policies manage the same onboarding setting?
Policy conflicts may occur
Devices are automatically fixed
Policies merge automatically
Conflicting policies can affect devices.
9. Which discovery mode actively probes the network?
Standard discovery
Basic discovery
Passive discovery
Standard discovery is active and recommended.
10. What does Basic discovery provide?
Full device inventory
Active scanning
Limited passive visibility
Basic mode does not generate traffic.
11. What feature prioritizes vulnerabilities using risk context?
Microsoft Defender Vulnerability Management
Secure Score
Conditional Access
It uses threat and business context.
12. Which vulnerability management feature blocks risky apps?
Asset discovery
Threat analytics
Remediation and tracking
It can block vulnerable applications.
13. What does device discovery help identify?
Unmanaged and unknown devices
Email threats
User identities
It finds unmanaged endpoints and IoT.
14. What indicates high exposure score?
70–100
0–29
30–50
70–100 means high risk.
15. What should you do after onboarding devices to verify success?
Create new policies
Run a detection test
Disable antivirus
Detection test confirms onboarding.