AB-900 cheat sheet

A one-page reference for the Microsoft 365 Copilot and Agent Administration Fundamentals exam: the format, how the domains are weighted, and the glossary terms for this exam.

Exam at a glance

Vendor
Microsoft
Level
Foundational
Questions
60
Time
45 min
Mock pass mark
70%
Domains
3
Practice Qs
147
Code
AB-900

Domain weightings

How much of the exam each domain covers. Spend your study time in proportion — the heavier the domain, the more questions you'll see.

Key terms

Microsoft 365 Copilot
Microsoft 365 Copilot is the generative AI assistant embedded across Microsoft 365 apps that grounds responses in your work content via Microsoft Graph. AB-900 centers on administering and securing it.
Agent
An agent is a configurable AI assistant in Microsoft 365 that can use knowledge and tools to perform tasks beyond a plain chat experience. AB-900 covers creating, sharing, and monitoring agents.
Agent Store
The Agent Store is the catalog where users find and add prebuilt Microsoft 365 agents rather than building their own. AB-900 covers deciding when to use the Agent Store versus creating a new agent.
Microsoft Graph
Microsoft Graph is the unified API and data layer that exposes Microsoft 365 content and signals, and it grounds Copilot responses in your organization's data. AB-900 covers how Graph influences what Copilot can access.
Microsoft Purview
Microsoft Purview is the governance and compliance suite covering information protection, DLP, insider risk, and lifecycle management across Microsoft 365. AB-900 covers Purview's role in protecting Copilot data.
Sensitivity label
A sensitivity label is a Microsoft Purview classification applied to content to enforce protection such as encryption and access limits, which Copilot honors. AB-900 covers sensitivity-label use cases.
Data Loss Prevention
Data Loss Prevention (DLP) is a Microsoft Purview capability that detects and restricts the sharing of sensitive information across Microsoft 365 workloads. AB-900 covers responding to DLP alerts and events.
DSPM for AI
DSPM for AI (Data Security Posture Management for AI) is the Microsoft Purview capability that discovers and manages AI-related data activity and risk. AB-900 covers using it to govern Copilot and agent data use.
Microsoft Entra ID
Microsoft Entra ID is Microsoft's cloud identity and access management service that authenticates users and enforces access policies. AB-900 covers Entra ID features such as conditional access and SSO.
Conditional access
Conditional access is a Microsoft Entra policy engine that grants or blocks access based on signals such as user, device, and risk. AB-900 covers conditional access as a core Microsoft 365 security control.
Multifactor authentication
Multifactor authentication (MFA) requires two or more verification factors to sign in, reducing account-compromise risk. AB-900 covers MFA among the tools to troubleshoot sign-in issues.
Single sign-on
Single sign-on (SSO) lets users authenticate once and access multiple applications without signing in again. AB-900 covers the purpose and benefits of SSO in Microsoft 365.
Microsoft Defender XDR
Microsoft Defender XDR is the extended detection and response suite that unifies threat protection across identities, endpoints, email, and apps. AB-900 covers its features as part of Microsoft 365 threat protection.
Zero Trust
Zero Trust is a security model that verifies every request explicitly, enforces least privilege, and assumes breach rather than trusting the network perimeter. AB-900 covers core Zero Trust principles.
Privileged Identity Management
Privileged Identity Management (PIM) is a Microsoft Entra service that provides just-in-time, time-bound, and audited access to privileged roles. AB-900 covers PIM's role in an organization.