AB-900 cheat sheet
A one-page reference for the Microsoft 365 Copilot and Agent Administration Fundamentals exam: the format, how the domains are weighted, and the glossary terms for this exam.
Exam at a glance
Vendor
Microsoft
Level
Foundational
Questions
60
Time
45 min
Mock pass mark
70%
Domains
3
Practice Qs
147
Code
AB-900
Domain weightings
How much of the exam each domain covers. Spend your study time in proportion — the heavier the domain, the more questions you'll see.
Key terms
- Microsoft 365 Copilot
- Microsoft 365 Copilot is the generative AI assistant embedded across Microsoft 365 apps that grounds responses in your work content via Microsoft Graph. AB-900 centers on administering and securing it.
- Agent
- An agent is a configurable AI assistant in Microsoft 365 that can use knowledge and tools to perform tasks beyond a plain chat experience. AB-900 covers creating, sharing, and monitoring agents.
- Agent Store
- The Agent Store is the catalog where users find and add prebuilt Microsoft 365 agents rather than building their own. AB-900 covers deciding when to use the Agent Store versus creating a new agent.
- Microsoft Graph
- Microsoft Graph is the unified API and data layer that exposes Microsoft 365 content and signals, and it grounds Copilot responses in your organization's data. AB-900 covers how Graph influences what Copilot can access.
- Microsoft Purview
- Microsoft Purview is the governance and compliance suite covering information protection, DLP, insider risk, and lifecycle management across Microsoft 365. AB-900 covers Purview's role in protecting Copilot data.
- Sensitivity label
- A sensitivity label is a Microsoft Purview classification applied to content to enforce protection such as encryption and access limits, which Copilot honors. AB-900 covers sensitivity-label use cases.
- Data Loss Prevention
- Data Loss Prevention (DLP) is a Microsoft Purview capability that detects and restricts the sharing of sensitive information across Microsoft 365 workloads. AB-900 covers responding to DLP alerts and events.
- DSPM for AI
- DSPM for AI (Data Security Posture Management for AI) is the Microsoft Purview capability that discovers and manages AI-related data activity and risk. AB-900 covers using it to govern Copilot and agent data use.
- Microsoft Entra ID
- Microsoft Entra ID is Microsoft's cloud identity and access management service that authenticates users and enforces access policies. AB-900 covers Entra ID features such as conditional access and SSO.
- Conditional access
- Conditional access is a Microsoft Entra policy engine that grants or blocks access based on signals such as user, device, and risk. AB-900 covers conditional access as a core Microsoft 365 security control.
- Multifactor authentication
- Multifactor authentication (MFA) requires two or more verification factors to sign in, reducing account-compromise risk. AB-900 covers MFA among the tools to troubleshoot sign-in issues.
- Single sign-on
- Single sign-on (SSO) lets users authenticate once and access multiple applications without signing in again. AB-900 covers the purpose and benefits of SSO in Microsoft 365.
- Microsoft Defender XDR
- Microsoft Defender XDR is the extended detection and response suite that unifies threat protection across identities, endpoints, email, and apps. AB-900 covers its features as part of Microsoft 365 threat protection.
- Zero Trust
- Zero Trust is a security model that verifies every request explicitly, enforces least privilege, and assumes breach rather than trusting the network perimeter. AB-900 covers core Zero Trust principles.
- Privileged Identity Management
- Privileged Identity Management (PIM) is a Microsoft Entra service that provides just-in-time, time-bound, and audited access to privileged roles. AB-900 covers PIM's role in an organization.