Microsoft AB Exam Guides

AB-900 · Fundamentals

Copilot & Agent Administration Fundamentals

Validates your ability to configure, secure, and govern Microsoft 365 Copilot and AI agents. The hardest fundamentals exam Microsoft has ever produced.

FundamentalsIT AdminsNo prerequisites45 minutes

Passing Score

700

Questions

40-60

Duration

45 min

Study Time

2-4 wks

Cost

$99

DOMAIN WEIGHTS

Where to focus your time

30-35%M365 Core Features & Objects

35-40%Data Protection & Governance

25-30%Copilot & Agent Administration

SKILLS MEASURED

What you'll be tested on

STUDY PLAN

Four weeks to clarity

EXAM INTELLIGENCE

What exam veterans say

Purview is king

Exam veterans report Purview questions are extremely prominent. If you can only study one thing deeply, make it Purview.

Breadth over depth

The exam covers many topics at surface level. Know what each product does, where to manage it, and when to apply controls.

SC-900 overlap

Studying SC-900 material - especially Purview & Defender sections - is arguably more important than MS-900 for this exam.

No code required

No PowerShell scripts or step-by-step configurations. Focus on understanding concepts, not hands-on CLI work.

COMMON TRAPS

Where people get tripped up

Purview product name confusion

Microsoft Purview has over a dozen sub-products (Information Protection, DLP, Insider Risk, Communication Compliance, DSPM for AI, eDiscovery, Data Lifecycle Management). The exam expects you to know which sub-product handles which scenario. "Purview" alone is never the answer - you need the specific capability.

SharePoint oversharing vs. DLP

When the question describes sensitive data being accessible too broadly in SharePoint, the answer is usually Data Access Governance reports or SharePoint Advanced Management - not DLP. DLP prevents data from leaving the org. Oversharing is an internal permissions problem.

Defender XDR vs. Entra ID scope

Questions about suspicious sign-ins and risky users belong to Entra ID (Identity Protection, Conditional Access). Questions about threat detection across email, endpoints, and apps belong to Defender XDR. The exam will describe scenarios that could plausibly go either way - read carefully for whether the threat is identity-based or multi-signal.

Copilot licensing trap

The exam distinguishes between Microsoft 365 Copilot (monthly per-user license) and pay-as-you-go agent consumption. Questions about cost management often hinge on whether the scenario describes a licensed Copilot user or an agent running on consumption billing.

PIM vs. Conditional Access

Privileged Identity Management (PIM) is for just-in-time role activation - admin needs temporary elevated access. Conditional Access is for policy enforcement - block or require MFA based on conditions. If the question says "temporarily elevate," it's PIM. If it says "require MFA when accessing from outside the network," it's Conditional Access.

CHEAT SHEET

Key concepts at a glance

Purview Capabilities

Information Protection Apply sensitivity labels to classify and protect documents and emails

Data Loss Prevention (DLP) Prevent sensitive data from being shared outside the org via policies on email, Teams, SharePoint, and endpoints

Insider Risk Management Detect risky user behavior patterns (data theft, policy violations) using ML signals

Communication Compliance Monitor Teams/email/Copilot communications for policy violations, harassment, or regulatory issues

DSPM for AI Data Security Posture Management for AI - monitor and govern how AI interacts with sensitive data

eDiscovery Search, hold, and export content across M365 for legal and compliance investigations

Data Lifecycle Management Retention and deletion policies - how long to keep content and when to delete it

Compliance Manager Assessment tool that scores your compliance posture and recommends improvement actions

Admin Centers

Microsoft 365 Admin Center Users, licenses, domains, org settings, billing. The hub for everything.

Exchange Admin Center Mailboxes, mail flow rules, distribution lists, transport rules

SharePoint Admin Center Sites, sharing policies, storage, migration, Data Access Governance

Teams Admin Center Teams policies, meeting settings, voice, app permissions, channels

Power Platform Admin Center Environments, DLP policies for connectors, Copilot agent management

Security Concepts

Zero Trust Verify explicitly, use least privilege, assume breach. Never trust, always verify.

Conditional Access If/then policies - if user meets conditions (location, device, risk), then allow/block/require MFA

Identity Secure Score Percentage score in Entra ID that measures how well your identity security follows best practices

Sensitivity Labels Classifications applied to content (Confidential, Internal, Public) that can enforce encryption, watermarks, and access restrictions

PRACTICE SCENARIOS

Test your knowledge

1

Your organization has deployed Microsoft 365 Copilot. A manager reports that Copilot is returning content from a confidential HR SharePoint site in responses to regular employees.

What is the most likely root cause?

2

An admin needs to prevent users from sharing documents labeled "Highly Confidential" via email to external recipients.

Which Microsoft Purview capability should they configure?

3

Your security team wants to monitor how Copilot is being used across the organization - specifically which users are using it, how often, and what types of prompts are being submitted.

Where should they look first?

4

A new IT admin needs to temporarily have Global Administrator privileges to perform a one-time tenant configuration change. The security team wants to minimize standing admin access.

Which feature should they use?

RESOURCES

Everything you need

Official Microsoft Study Guide Certification Page & Learning Paths Exam Sandbox - practice the interface

Microsoft AB Exam Series