Microsoft 365 Certified Endpoint Administrator (MD-102) Practice Test

What is a requirement for “Bring Your Own Device” (BYOD) enrollment in Configuration Manager?

• A. The device must be domain-joined.
• B. The device must be running a supported version of Windows.
• C. The device must have a TPM 2.0 chip.
• D. The device must have a valid PKI certificate.

The correct answer is: The device must have a valid PKI certificate.

For "Bring Your Own Device" (BYOD) enrollment in Configuration Manager, having a valid Public Key Infrastructure (PKI) certificate is essential. This requirement is rooted in the need for secure communication and authentication within an enterprise environment. The PKI certificate helps to establish trust between the device and the corporate resources, ensuring that only authorized devices can access sensitive data and applications. When employees use their own devices, the organization must implement security measures to maintain control over its networks while accommodating personal devices. A valid PKI certificate provides the necessary methods for identity verification, and encryption of data in transit, enhancing overall security. This enables the device to authenticate against the management server and allows the deployment of policies and security features appropriate for that device, which is critical in a BYOD context. While aspects like being domain-joined, running a supported version of Windows, and having a TPM 2.0 chip can contribute to security and compatibility, they are not the primary requirements for enabling BYOD enrollment specifically in Configuration Manager. The focus is on ensuring that the device can securely communicate and be managed through the use of a valid PKI certificate.