Microsoft 365 Copilot and Agent Administration Fundamentals · Domain 1 · 33% of exam

Identify the core features and objects of Microsoft 365 services

Drill 20 practice questions focused entirely on Identify the core features and objects of Microsoft 365 services for the Microsoft AB-900 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.

Verified answer20 questions
Question 1 of 20

A compliance officer reports that a confidential file stored in SharePoint Online was deleted last week, and management wants to know exactly which user account performed the deletion and when. As the Microsoft 365 administrator, which feature should you use to find this information?

Reviewed for accuracy · Report an issue
Question 2 of 20

Your organization has enabled multi-factor authentication for all users, but the security team notices that several accounts are still being accessed through older email clients that bypass MFA prompts. These clients use protocols like IMAP and POP3 that do not support modern authentication. As the Microsoft 365 administrator, what should you configure to prevent these sign-ins while allowing modern clients to continue working?

Reviewed for accuracy · Report an issue
Question 3 of 20

Your organization wants to ensure that users can access SharePoint Online and Exchange Online only from devices that are enrolled and marked as compliant in Microsoft Intune. Users on unmanaged personal devices should be blocked. Which Microsoft Entra ID feature should you configure to enforce this requirement?

Reviewed for accuracy · Report an issue
Question 4 of 20

A user reports they were blocked from signing in to Microsoft 365 this morning. In the Microsoft Entra admin center, you see the sign-in was flagged as high risk because it originated from an atypical location using valid credentials. Your organization has a conditional access policy that blocks high-risk sign-ins. Which Microsoft Entra ID capability generated the high-risk flag that triggered this policy?

Reviewed for accuracy · Report an issue
Question 5 of 20

A security analyst at Contoso notices that when malware executes on a managed laptop, they want a single Microsoft Defender XDR workload that can detect the malicious process, isolate the device from the network, and provide investigation timeline data about what the file did on the endpoint. Which Defender XDR component provides these endpoint detection and response capabilities?

Reviewed for accuracy · Report an issue
Question 6 of 20

Your organization has been receiving emails containing malicious attachments that traditional signature-based antivirus fails to detect until after users have opened them. The security team wants a solution that detonates unknown email attachments in an isolated virtual environment to analyze their behavior before delivery to the recipient's mailbox. Which Microsoft Defender feature meets this requirement?

Reviewed for accuracy · Report an issue
Question 7 of 20

The sales department wants a single email address, sales@contoso.com, where external customer inquiries arrive. Multiple agents must be able to open the messages, see the full conversation history, and reply from that shared address so replies appear to come from sales@contoso.com rather than each agent's personal mailbox. Which Exchange admin center object should the administrator create to best meet this requirement?

Reviewed for accuracy · Report an issue
Question 8 of 20

Your organization wants to enable single sign-on for a third-party SaaS application that another company developed and published to the Microsoft Entra application gallery. As the Microsoft 365 administrator, which Microsoft Entra ID object should you configure to integrate this application with your tenant?

Reviewed for accuracy · Report an issue
Question 9 of 20

A security analyst needs to determine which administrator recently changed the membership of a security group and when the change occurred. Which Microsoft Entra ID log should the analyst review to find this information?

Reviewed for accuracy · Report an issue
Question 10 of 20

Your organization wants to reduce reliance on passwords and adopt a phishing-resistant authentication method for employees signing in to Microsoft 365. Users should be able to sign in using a PIN or biometric gesture tied to their specific device, with no password transmitted. Which Microsoft Entra authentication method should you deploy?

Reviewed for accuracy · Report an issue
Question 11 of 20

Your organization wants to reduce multifactor authentication (MFA) prompts for employees when they sign in from the corporate office public IP ranges, while still requiring MFA everywhere else. As the Entra ID administrator, what should you configure first so a Conditional Access policy can reference the office network?

Reviewed for accuracy · Report an issue
Question 12 of 20

A security administrator wants to introduce a new Conditional Access policy that requires multifactor authentication for all users accessing the finance application. Before enforcing it, the administrator needs to understand how the policy would affect sign-ins without actually blocking or prompting any users. Which configuration should the administrator use when creating the policy?

Reviewed for accuracy · Report an issue
Question 13 of 20

Your organization wants Conditional Access to force a password change whenever a user account is determined to be compromised over time based on leaked credentials and suspicious activity patterns. Which Identity Protection risk signal should the Conditional Access policy be based on to meet this specific requirement?

Reviewed for accuracy · Report an issue
Question 14 of 20

A user at Contoso installs a third-party productivity add-in and grants it permission to read their mailbox and calendar. Weeks later, the security team wants to review which delegated permissions were consented to for this application and revoke access organization-wide if needed. In which Microsoft Entra admin center location should they perform this review and revocation?

Reviewed for accuracy · Report an issue
Question 15 of 20

Contoso wants group membership to update automatically whenever an employee's department changes in Microsoft Entra ID, so that users in the Sales department are always granted access to a specific set of applications without any manual intervention by administrators. Which type of group should the identity administrator create?

Reviewed for accuracy · Report an issue
Question 16 of 20

A company uses hybrid identity with Microsoft Entra Connect synchronizing on-premises Active Directory to Microsoft Entra ID. The IT team wants remote users to reset their own passwords from the Microsoft 365 sign-in page, and the new password must also update their on-premises AD account so they can log in to domain-joined computers. Which capability must be configured to meet this requirement?

Reviewed for accuracy · Report an issue
Question 17 of 20

A new compliance analyst needs to review configuration and settings across your Microsoft 365 tenant, including Exchange, SharePoint, and security policies, in order to produce audit reports. The analyst must NOT be able to change any settings. Following the Zero Trust principle of least privilege, which Microsoft Entra role should you assign?

Reviewed for accuracy · Report an issue
Question 18 of 20

A help desk technician receives a ticket from a new employee who cannot complete sign-in. The employee's Conditional Access policy requires multi-factor authentication, but instead of being prompted for a code, the employee is stuck on a screen asking them to set up additional security information before continuing. The technician confirms the account is enabled and the password is correct. What is the most likely cause of this behavior?

Reviewed for accuracy · Report an issue
Question 19 of 20

Your organization uses Microsoft Entra Privileged Identity Management (PIM). A senior administrator needs standing access to a role for the next two weeks while covering another team, and does not want to activate the role each day. However, most other admins should only get the role when they explicitly request and justify it. As the identity administrator, how should you configure these two assignment scenarios in PIM?

Reviewed for accuracy · Report an issue
Question 20 of 20

A small organization on Microsoft 365 Business Basic (no Entra ID P1/P2 licenses) wants to require multifactor authentication for all users with the least administrative effort and no additional cost. Which approach should the administrator use?

Reviewed for accuracy · Report an issue

More AB-900 practice

Keep going with the other Microsoft 365 Copilot and Agent Administration Fundamentals domains, or take a full timed mock exam.

← Back to AB-900 overview