🔒 Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided MD-102 Domain 2
Domain 2 — Module 10 of 10 100%
17 of 27 overall

MD-102 Study Guide

Domain 1: Prepare Infrastructure for Devices

  • Device Identity: Join, Register & Hybrid Free
  • Build the Right Device Groups
  • Intune Enrollment Essentials Free
  • Auto-Enrollment & Bulk Enrollment
  • Intune RBAC & Windows Hello for Business
  • Compliance Policies & Conditional Access
  • Windows LAPS & Local Group Management

Domain 2: Manage and Maintain Devices

  • Windows Autopilot: Choose Your Path Free
  • Autopilot: Device Names, ESP & Rollout
  • Provisioning Packages & Windows 11 Upgrades
  • Windows 365: Your PC in the Cloud
  • Configure Windows Devices with Intune
  • Config Profiles: Android, iOS & macOS
  • Control Admin Rights with EPM
  • Intune Suite: Apps, Analytics & Remote Help
  • Cloud PKI & Tunnel for MAM
  • Remote Actions & Device Queries

Domain 3: Manage Applications

  • App Deployment: Prepare & Package
  • Deploy Apps with Intune & App Stores
  • Microsoft 365 Apps: Deploy, Customize & Manage
  • App Protection Policies & Conditional Access
  • App Configuration: Managed Apps & Managed Devices

Domain 4: Protect Devices

  • Endpoint Security: Antivirus, Firewall & Encryption
  • Attack Surface Reduction & Security Baselines
  • Defender for Endpoint: Integrate & Onboard
  • Plan and Manage Windows Updates
  • Cross-Platform Updates & Delivery Optimization

MD-102 Study Guide

Domain 1: Prepare Infrastructure for Devices

  • Device Identity: Join, Register & Hybrid Free
  • Build the Right Device Groups
  • Intune Enrollment Essentials Free
  • Auto-Enrollment & Bulk Enrollment
  • Intune RBAC & Windows Hello for Business
  • Compliance Policies & Conditional Access
  • Windows LAPS & Local Group Management

Domain 2: Manage and Maintain Devices

  • Windows Autopilot: Choose Your Path Free
  • Autopilot: Device Names, ESP & Rollout
  • Provisioning Packages & Windows 11 Upgrades
  • Windows 365: Your PC in the Cloud
  • Configure Windows Devices with Intune
  • Config Profiles: Android, iOS & macOS
  • Control Admin Rights with EPM
  • Intune Suite: Apps, Analytics & Remote Help
  • Cloud PKI & Tunnel for MAM
  • Remote Actions & Device Queries

Domain 3: Manage Applications

  • App Deployment: Prepare & Package
  • Deploy Apps with Intune & App Stores
  • Microsoft 365 Apps: Deploy, Customize & Manage
  • App Protection Policies & Conditional Access
  • App Configuration: Managed Apps & Managed Devices

Domain 4: Protect Devices

  • Endpoint Security: Antivirus, Firewall & Encryption
  • Attack Surface Reduction & Security Baselines
  • Defender for Endpoint: Integrate & Onboard
  • Plan and Manage Windows Updates
  • Cross-Platform Updates & Delivery Optimization
Domain 2: Manage and Maintain Devices Premium ⏱ ~11 min read

Remote Actions & Device Queries

From your desk, you can sync, restart, wipe, or retire any managed device. Plus: run real-time KQL queries to investigate device issues without waiting for inventory sync.

Remote actions overview

☕ Simple explanation

Think of remote actions like a building manager’s control panel.

From one screen, you can lock any door, turn off any light, reset any alarm, or — in extreme cases — evacuate a floor. You don’t need to physically walk to each room. Intune’s remote actions give you the same power over managed devices: sync policies, restart a frozen laptop, wipe a stolen phone, or retire an old device — all from the Intune admin center.

Remote actions in Intune let administrators perform management tasks on enrolled devices without physical access. Actions range from non-destructive (sync, restart) to destructive (wipe, factory reset). All actions are logged and auditable. Bulk actions allow applying the same action to hundreds of devices simultaneously.

The remote actions you need to know

Intune Remote Actions
FeatureSyncRestartRetireWipe
What it doesForces policy/app check-inReboots the deviceRemoves company data onlyFactory resets the entire device
User data preservedYesYesPersonal data staysNo — everything deleted
Company data preservedYesYesRemovedRemoved
Device stays enrolledYesYesNo — unenrolledNo — unenrolled
Use caseForce a policy to apply NOWFix a frozen deviceEmployee leaves — clean corporate dataDevice stolen — nuke everything
ReversibleYesYesNoNo
DestructivenessNoneLow (just a reboot)Medium (company data gone)High (everything gone)

When Riko uses each action at Pixel & Co

ScenarioActionWhy
Designer says “my new app isn’t showing up”SyncForces the device to check in and download pending apps/policies
Designer’s Mac is frozen and they’re remoteRestartReboots without needing the designer to hold the power button
Designer leaves the company (personal iPhone with work profile)RetireRemoves company email, apps, and data — personal photos stay
Company iPad stolen from the officeWipeFactory reset — all data destroyed, device returns to OOBE
Intern’s laptop has malwareWipeClean slate — reimaging is safer than trying to clean the infection

Bulk remote actions

For large-scale operations, Intune supports bulk actions:

  1. Intune admin center → Devices → All devices → Bulk device actions
  2. Select the action (restart, sync, retire, wipe, etc.)
  3. Select the target OS platform
  4. Choose devices (by filter, group, or manual selection)
  5. Confirm and execute

Example: Sam at Tui Solutions runs a bulk sync on all 500 Windows devices after deploying a critical security policy — ensuring every device picks it up within minutes.

Defender Antivirus security intelligence updates

You can force Microsoft Defender Antivirus to update its virus definitions immediately:

  1. Select the device in Intune admin center
  2. Remote action → Update Windows Defender security intelligence
  3. Device downloads the latest threat definitions from Microsoft

When to use: After a zero-day threat announcement — don’t wait for the scheduled update. Force all devices to get the latest definitions immediately.

BitLocker recovery key rotation

BitLocker encrypts the drive, and the recovery key is the “emergency key” that unlocks it if the normal method fails. Intune can:

  1. Store BitLocker recovery keys in Entra ID (automatic during encryption)
  2. View recovery keys in the Intune admin center (Devices → select device → Recovery keys)
  3. Rotate the recovery key after it’s been used or viewed

Key rotation: After a recovery key is used (e.g., helpdesk unlocked a device), the key should be rotated so the old key no longer works. Intune can do this automatically or via remote action.

💡 Exam tip: retire vs wipe

This is one of the most commonly tested distinctions:

  • Retire = company data only. Personal data survives. Device unenrolls from Intune. Use when an employee leaves or a personal device needs corporate cleanup.
  • Wipe = everything. Factory reset. All data destroyed. Use for stolen/lost devices or devices being repurposed.

If the exam says “employee’s personal phone” + “they’re leaving the company” → Retire (don’t wipe their personal photos). If the exam says “corporate laptop stolen” → Wipe (destroy everything).

Device queries with KQL

Device query (part of Advanced Analytics / Intune Suite) lets you run real-time queries against enrolled devices using KQL (Kusto Query Language):

Example queries

Query PurposeKQL Example
List installed appsInstalledApplications
Find a specific appInstalledApplications | where Name contains "Zoom"
Check disk spaceDiskDrive
List running servicesServices | where State == "Running"
Check OS versionDeviceInfo

How it works

  1. Intune admin center → Devices → select a device → Device query
  2. Type a KQL query
  3. Query runs in real-time against the device (via Intune management extension)
  4. Results return immediately — not from cached inventory

Key exam concept: Device queries return live data, not cached inventory. This makes them a powerful troubleshooting tool — you can check what’s installed, running, or configured right now without waiting for the next inventory sync.

ℹ️ Deep dive: KQL basics for Intune

You don’t need to be a KQL expert for the exam, but know the basics:

  • Tables — InstalledApplications, Services, DiskDrive, DeviceInfo, Registry
  • Filters — | where Name contains "value" or | where State == "Running"
  • Projection — | project Name, Version, Publisher (select specific columns)
  • Sorting — | sort by Name asc

Example: “Find all devices with Chrome version less than 120”:

InstalledApplications | where Name contains "Chrome" | where Version < "120"

The exam tests whether you know device query exists and what it can do — not complex KQL syntax.

🎬 Video walkthrough

🎬 Video coming soon

Remote Actions & Device Queries — MD-102 Module 17

Remote Actions & Device Queries — MD-102 Module 17

~11 min

Flashcards

Question

What's the difference between Retire and Wipe?

Click or press Enter to reveal answer

Answer

Retire removes company data only (email, apps, profiles) — personal data stays, device unenrolls. Wipe factory-resets the entire device — everything deleted. Use Retire for departing employees' personal devices. Use Wipe for stolen devices.

Click to flip back
Question

What does a device query with KQL return?

Click or press Enter to reveal answer

Answer

Live, real-time data from the device — not cached inventory. You can query installed apps, running services, disk space, registry keys, and device info. Results come directly from the device via the Intune management extension.

Click to flip back
Question

When should you rotate a BitLocker recovery key?

Click or press Enter to reveal answer

Answer

After the recovery key has been used to unlock a device or after it's been viewed by helpdesk. Rotation ensures the old key no longer works, preventing unauthorised reuse. Intune can rotate keys via remote action.

Click to flip back

Knowledge Check

Knowledge Check

A designer at Pixel & Co leaves the company. They used a personal iPhone with a work profile (Entra Registered, app protection policies). Riko needs to remove all company data but preserve the designer's personal photos and apps. What remote action should Riko use?
Knowledge Check

Sam needs to verify that a specific security patch is installed on a device right now — not what inventory reported yesterday. What should Sam use?

Next up: App Deployment: Prepare & Package — understanding app types, packaging Win32 apps, and preparing for Intune deployment.

← Previous

Cloud PKI & Tunnel for MAM

Next →

App Deployment: Prepare & Package

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.