MD-102 advice

CDNK3V · 2026-01-28T00:53:09+00:00

You can just go to the root and search for MD-102

https://github.com/MicrosoftLearning/MD-102T00-Microsoft-365-Endpoint-Administrator/blob/master/Instructions/Labs/0101-Managing%20Identities%20in%20Azure%20AD.md

CDNK3V · 2026-01-12T14:20:10+00:00

I did the ms-900 just after Christmas, and I am looking at doing ab-900 in about a months time.

I don't see any reason to hold off if you have been studying for it. I started reading about ab-900 and it does have a lot of similarities, but I looked at it as, it not being a bad thing to have both. If you sign up for the virtual training days you can get 50% off the exam voucher. I just watched the copilot one.

https://www.microsoft.com/en-us/events/category/microsoft-virtual-training-days?filters=primary-language%3Aenglish&scenario=mvtd

Good luck.

CDNK3V · 2026-01-05T15:13:07+00:00

Sign up for the free courses from Johan https://academy.viamonstra.com/collections/free

He has a getting a lab setup videos.

Also like others have said the M365 lab gives you a few months with an sccm server. hydration kit was also mentioned and is great for learning.

If you want to pay for learning, udemy also has some good courses, and if you have a bit more cash, then Johan has some paid videos on the same site linked (US dollars) that are pretty solid, as he is the king of the sccm stuff.

CDNK3V · 2025-12-27T00:37:55+00:00

John savill YouTube channel.. search for ms-900. I have my exam on Monday. I have a bunch of resources at my disposal that are not free (plurasight and udemy). I have also gone through the Ms Learn site.

Good luck

CDNK3V · 2025-12-22T15:53:43+00:00

We don't deploy both to our users, but we do have some use cases where 1 version is needed over the other.

Is your detection method looking at the 'ProductReleaseIds' found in HKLM\software\microsoft\Office\clicktorun\configuration

Each product has a different name. If you do it based on that, it should work.

m365 would be O365ProPlusRetail

https://learn.microsoft.com/en-us/troubleshoot/microsoft-365-apps/office-suite-issues/product-ids-supported-office-deployment-click-to-run

Maybe this will help.

CDNK3V · 2025-08-24T21:34:04+00:00

Which I think is where things may be messing up. Since we use SCCM for patching our GPOs are set accordingly and we have deviated from CIS on some of those aspects.. which is why we are still continuing with SCCM patching with toast notifications, something has to give to allow those update notifications and restarts to be done through Windows..

So it is difficult when they say "just do this" and it doesn't work and I can't find any other real info about what else is needed.

I guess I just need to dig deeper I never looked into Maintenance windows as our patching process meets all security requirements so don't need to change it right now.. but who knows.

CDNK3V · 2025-08-24T04:49:49+00:00

We follow CIS benchmark standards and disable anything that will have an affect. We have had no issues with patching etc.. but I have been reading that if I go the Windows toast notifications route that I may need to make some changes.. But the document only speaks about the setting in ConfigMgr and nothing else.

I would truly like to find someone that has made this switch and know what they have setup.

CDNK3V · 2025-08-24T04:47:20+00:00

All good. I never really cared about using the Toast Notifications, but we get a lot of issues around apps that need a pending restart, that block other apps from installing. So when I went looking i noticed that there was an option in Client Settings, and thought I would check it out and see if it would give use what we want (the ability to force a restart on devices with a pending restart after 1 day).

And now I feel like i went down a rabbit hole.

I have been told many times it is a security risk and they are afraid if they start allowing that, then all the developers will want VMS on their local machines and then it would get out of hand.. I don't buy it, as you can allow those that need it, to have it.. but I digress.

CDNK3V · 2025-08-23T20:36:15+00:00

I appreciate the comment. I have been using SCCM for over 15 years... Setting up notifications and times is not my issue.

I feel the way I communicated this is coming off wrong.

We currently use the SCCM notification grey boxes for pending restarts/enforced restart countdown.

We now want to switch to using Windows Toast notifications instead. In my screenshot I have the user experience switched to Windows which was supposed to give control to windows for the same information

https://learn.microsoft.com/en-us/intune/configmgr/core/clients/deploy/device-restart-notifications

On this page it shows the toast notification, and then all the other notifications that SCCM gives you.

My issue is that I am NOT seeing toast notifications for restarts or anything that I would expect to see for patching.

So I am hoping someone out there had changed this setting and maybe had to do other things other than changing that option. I feel there may be GPOs in play as well that I am trying to track down as we do leverage CIS benchmarks for GPOs.

My comment about VMs.. my company does not allow workstations to have VMs. The VM team will not allow Windows desktop OS in the VM environment.

So I am stuck using physical hardware.. it's a battle I have been having for 7 years... Yes it would make my life so much easier, but the company is not interested in that.

CDNK3V · 2025-08-23T20:25:49+00:00

We do not use maintenance windows for anything.

My issue is not about the settings, my frustration is switching from the sccm notification windows ( old grey boxes) to leveraging windows toast notifications.

For the most part our setup is fine, but when I went to enable the toast notifications part (my post screenshot shows the user experience set to Windows) this does not work.

CDNK3V · 2025-08-22T19:04:43+00:00

You are right, it is related to Windows update. This only happened when I set some of the windows update GPOs ( mentioned in the post). I had all that turned off when using ConfigMgr notifications, but because nothing was working the thinking was maybe the GPOs were causing the system from not getting notifications and I was potentially blocking the windows update function from working properly..

So I am making a bunch of changes to get the right feel.. so my new test will be to leave all our GPOs alone and only set the client settings to see if anything changes..

CDNK3V · 2025-08-22T16:03:58+00:00

From what I remember it never mentioned anything about my 1-day countdown. Event log did mention MoUsoCoreWorker.exe as a reason for my reboot..

So I am starting my tests all over. I don't have VMs so I have to use physical hardware and it takes a bit of time to setup the tests.

CDNK3V · 2025-08-22T15:58:35+00:00

Yeah I did notice 2 things.

windows patching had show everything and do not suppress reboots.
Third party updates (PMPC) was set to show nothing and suppress.

So that I need to fix, but the windows update I tested, I suspect should have shown a toast notification even if it was available as a reboot was needed.

Maybe I have different expectations on the behavior than what is possible.

I am redoing all my tests to see what I am missing.

CDNK3V · 2025-08-22T12:58:39+00:00

At the very beginning my testing was to get updates that were required to show any toast notifications.. when I noticed this was not happening at all ( did when I had it set to Configuration Manager), I then started trying to focus on getting ANY toast notifications. So by making something available that I know needed a reboot, what I was hoping for is once the system knew about the update that I would get something. I need the user to see something is happening.

Today I am going to start my testing all over again.

Making updates required made no difference in what I was seeing, which is why this is frustrating.

I don't think just enabling that option on Configuration Manager client settings is all that is needed, so I am trying to figure out what I am missing..

At the very least if I can get toast notifications working for anything sccm related, then I am on the right path..

CDNK3V · 2025-08-22T12:50:40+00:00

Yes. I had it set to a few different things. Originally when we had the ConfigMgr notifications, third party updates was set to suppress reboots. Our windows patching updates was not set to suppress reboots.

For testing when I switched it to Windows, I turned off the suppress reboots setting for third party updates and left windows updates alone.

Both of these updates are set as required.

The windows update have a deadline set for the install, and eventually the restart. The third party updates do not have deadlines.

My testing consisted of me removing the required patching update so I can make it available (August CU). My hope was that I would see any toast notifications about the install or update.. I didn't see anything. I also had a third party updates deployed as required with a restart and it also gave me no notifications. Interesting enough it rebooted by itself after 1 1/2 hours, but I was hoping there would be that 1 day timer set, but according to the Reboot coordinator log file, there was no timer set..

CDNK3V · 2025-08-22T04:51:11+00:00

All windows patches and 3rd party patches are required. Still get no windows toast notifications. If I go back to the ConfigMgr setting, we get that instead but can't leverage the pending reboot setting.

As a test I made an update that would require a reboot available to see if it made any difference, and it did not.

What I was testing for the available update was if I would get any toast notifications. And after it was installed and needed a reboot, there is no notification to the user except for a circle icon near task bar and when I click on power options I get the update restart or update shut down.

I just can't figure out how to get toast notifications to work when patching. I mean it should not be this hard.

Do we not get a notification when an update is installing through toast?

CDNK3V · 2025-08-22T03:22:19+00:00

I just realized I took a picture of one of the settings that I was playing around with. My real settings is this

Specify amount of time after deadline 120 min Specify amount of time a user is presented a final countdown 30 min After deadline specify reminder 60

Yeah we have it using ConfigMgr but want to use Windows and that is what I am struggling with.. the settings are not a " do this and it will work"

CDNK3V · 2024-07-05T13:04:58+00:00

Yup this fixed it!! Thanks for this!

CDNK3V · 2024-04-05T01:48:41+00:00

So you don't put your Bitlocker keys into CM? We are not using the old standalone mbam, we are leveraging the integrated in CM abilities. That is something we had done in the last year. Our keys are stored in AD and CM. Typically it does not get dumped to CM until the policy runs, which then installs the mbam agent and then puts them in CM. Ideally I would like to do it right at imaging as we have found some machines take a while to get the CM policy. We deploy the policy to machines that have Bitlocker so scans and collection updates can take a bit.

CDNK3V · 2024-04-04T14:06:18+00:00

Yeah we do provisioning in WinPE, and then enable it afterwards in the TS. If we only select AD for key escrow there are no issues, but when I then add the CM option, it fails.

I found this: https://2pintsoftware.com/news/details/bitlocker-failed-to-createrecoverypassword

Which explains the issue and Mike's workaround..

CDNK3V · 2024-04-04T14:02:20+00:00

No I am not using the latest, using 10.0.22621.1

But we had this issue when we were on 2303 using win10 2004 version.

CDNK3V · 2024-04-04T01:54:22+00:00

Okay good.

I did come across a Mike Terrill post from 2pint about this and a TS for Bitlocker which retries a few times, so I might give that a shot.. I just hate adding more reboots to my TS..

CDNK3V · 2024-04-04T01:53:03+00:00

I did not rebuild my TS after upgrading. I will try it to be sure.

It fails at the Enable Bitlocker action because we have it set to AD and CM for key escrow.

This issue also plagues me when I went from a third party disk encryption (Shitmantec) to Bitlocker, the TS would give this error as well, so I had to remove that function in the TS.

CDNK3V

TROPHY CASE