Microsoft 365 Certified: Copilot and Agent Administration Fundamentals (AB-900) Practice Exam

Microsoft 365 Certified: Copilot and Agent Administration Fundamentals (AB-900) Practice Exam

About Microsoft 365 Certified: Copilot and Agent Administration Fundamentals (AB-900) 

This certification is designed for professionals who work with Microsoft 365 and want to strengthen their understanding of its services, security capabilities, and AI-driven tools. You’re expected to know the core Microsoft 365 ecosystem, including identity and access management, data protection, governance, and how Copilot and agents fit into everyday workflows. As a professional, you should also be comfortable navigating the various admin centers that support Microsoft 365 workloads. That includes services like Exchange Online, SharePoint, Teams, Microsoft Entra, and Microsoft Purview. Hands-on experience with modern IT management practices and AI-powered productivity tools will help you get the most out of the exam.

Skills Required

• Strong understanding of Microsoft 365 core services and architecture
• Knowledge of identity, access management, and data governance
• Familiarity with Exchange Online, SharePoint, Teams, Entra, and Purview admin portals
• Experience using Copilot, Microsoft 365 AI tools, and automation features
• Ability to manage users, groups, teams, sites, and content structures
• Clear understanding of security controls such as authentication, MFA, SSO, and conditional access
• Practical experience with modern device and application management practices

Who should take This Exam?

This certification fits anyone who manages or supports Microsoft 365 environments and wants to advance into roles focused on cloud administration, security, or AI-enabled productivity. It’s ideal for:

• IT administrators and support engineers
• Cloud security and identity professionals
• Modern workplace specialists
• System administrators moving toward cloud-first environments
• Professionals responsible for governance, compliance, or data protection
• Anyone looking to expand their skills in AI-assisted productivity tools

Knowledge Gained

By preparing for and earning this certification, you will build confidence in:

• Managing core Microsoft 365 services and user environments
• Navigating and configuring key admin centers across Microsoft 365
• Applying security best practices for identity, authentication, and access
• Using AI features like Copilot to streamline workflows and improve efficiency
• Understanding how data protection, governance, and compliance work in Microsoft 365
• Supporting collaboration tools such as Teams, SharePoint, and Exchange
• Implementing modern management strategies for devices, apps, and cloud resources

Course Outline

The Microsoft 365 Certified: Copilot and Agent Administration Fundamentals (AB-900) Exam covers topics - 

Domain 1 - Understand to Identify the core features and objects of Microsoft 365 services (30–35%)

1.1 Explain how to identify the core objects of Microsoft 365 services

• Learn how license types assigned to users and groups affect access to Microsoft 365 features
• Learn the organization configurations by using the Microsoft 365 admin center (domain names and org settings)
• Learn to identify the appropriate objects to configure by using the Exchange Online admin center (mailboxes and distribution lists)
• Learn to identify the appropriate objects to configure by using the SharePoint in Microsoft 365 admin center (sites, libraries, and folders)
• Learn to identify the appropriate roles and permissions for sites in SharePoint in Microsoft 365
• Learn to identify the appropriate objects to configure by using the Teams admin center (teams, channels, and policies)

1.2 Explain the Microsoft 365 security principles

• Learn the core Zero Trust principles
• Learn and understand authorization
• Learn authentication methods
• Learn threat protection and intelligence
• Learn the features and capabilities of Microsoft Defender XDR

1.3 Explain how to identify the core security features of Microsoft 365 services

• Learn the features and capabilities of Microsoft Entra
• Learn and understand conditional access policies
• Learn the purpose and benefits of SSO
• Learn to identify the appropriate security object to use in an organization (users and groups)
• Learn to identify the appropriate tools to troubleshoot common sign-in issues (multifactor authentication [MFA], conditional access, and risky sign-ins)
• Learn to interpret Identity Secure Score in Microsoft Entra ID
• Learn to use the appropriate tools to review audit logs for user and admin activity
• Learn to Identify the role of Privileged Identity Management (PIM) in an organization
• Learn to understand App registrations and Enterprise apps

Domain 2 - Understand data protection and governance tasks for Microsoft 365 and Copilot (35–40%)

2.1 Explain and Understand Microsoft Purview

• Learn features and capabilities of Microsoft Purview Information Protection, Microsoft Purview Data Loss Prevention (DLP), Microsoft Purview Insider Risk Management, Microsoft Purview Communication Compliance, Microsoft Purview Data Security Posture Management (DSPM) for AI, and Microsoft Purview Data Lifecycle Management
• Learn to identify the use cases for sensitivity labels in Microsoft Purview
• Learn data classification in Microsoft Purview
• Learn and understand retention

2.2 Explain the data security implications of Copilot

• Learn how Copilot accesses data
• Learn how Microsoft Graph influences Copilot responses
• Learn how Copilot uses permissions and other controls in Microsoft 365, Microsoft Purview, and Microsoft Defender to protect against risks
• Learn responsible AI principles

2.3 Explain how to identify data protection and governance risks for Microsoft 365 and Copilot

• Learn to identify compliance risks and recommendations by using Microsoft Purview Compliance Manager
• Learn to identify sensitive information by using Microsoft Purview Data Explorer
• Learn to identify risks by using Insider Risk Management
• Learn to identify and respond to alerts generated by Microsoft Purview DLP
• Learn to identify policy violations generated by Communication Compliance
• Learn identify user activities reported by Microsoft Purview activity explorer
• Learn discover and manage AI activity by using DSPM for AI
• Learn search for files and emails by using Content search in Microsoft Purview eDiscovery

2.4 Explain how to identify and monitor oversharing in SharePoint in Microsoft 365

• Learn to identify the tools to troubleshoot oversharing in an organization
• Learn to run a data access governance report in SharePoint
• Learn the features and capabilities of SharePoint Advanced Management, including restricted site access

Domain 3 - Understand how to perform basic administrative tasks for Copilot and agents (25–30%)

3.1 Understanding the features and capabilities of Copilot and agents

• Learn to compare the built-in capabilities of Copilot and agents
• Learn to compare Copilot monthly license model to pay-as-you-go, including SharePoint
• Learn to identify which Copilot features can be enabled or disabled
• Learn to identify use cases for Researcher
• Learn to identify use cases for Analyst
• Learn to identify use cases for custom agents

3.2 Explain how to perform basic administrative tasks for Copilot

• Learn to assign Copilot licenses
• Learn to monitor and manage Copilot pay-as-you-go billing policies
• Learn to monitor Copilot usage and adoption, including Copilot Analytics and the Microsoft 365 admin center
• Learn to manage prompts, including saving, sharing, scheduling, and deleting

3.3 Explain how to perform basic administrative tasks for agents

• Learn to identify how to configure user access to agents
• Learn to create an agent
• Learn the approval process for agents
• Learn to monitor agents, including usage, operational insights, and agent lifecycle, by working with the Microsoft 365 admin center and the Microsoft Power Platform admin center