AB-900, Microsoft Certification

Identify the tools to troubleshoot oversharing in an organization (AB-900 Exam Prep)

 
This post is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.
This topic falls under these sections:
Understand data protection and governance tasks for Microsoft 365 and Copilot (35–40%)
   --> Identify data protection and governance risks for Microsoft 365 and Copilot
      --> Identify the tools to troubleshoot oversharing in an organization

Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.

Introduction

This topic measures your understanding of how Microsoft 365 administrators can identify, investigate, and reduce oversharing of organizational data. As organizations adopt Microsoft 365 Copilot and AI-powered experiences, ensuring that users only have access to the information they should see becomes increasingly important.

For the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals exam, you should understand:

  • What oversharing is
  • Why oversharing is a security and governance concern
  • The Microsoft tools used to identify and troubleshoot oversharing
  • How these tools work together
  • Best practices for reducing oversharing before and after deploying Microsoft 365 Copilot

You are not expected to configure these tools in detail, but you should know their purpose and common use cases.

What Is Oversharing?

Oversharing occurs when users have access to files, folders, emails, or sites that they do not need to perform their job.

Because Microsoft 365 Copilot respects existing Microsoft 365 permissions, users can potentially discover information through Copilot that they already have permission to access—even if that access was unintentionally granted.

For example:

  • A SharePoint site allows “Everyone except external users” access.
  • A confidential HR folder inherits overly broad permissions.
  • A OneDrive file is shared organization-wide instead of with a specific team.
  • A Teams site contains sensitive documents accessible by unnecessary members.

Copilot does not bypass security—it simply surfaces information users are already authorized to access.

Why Troubleshooting Oversharing Is Important

Oversharing can lead to:

  • Exposure of confidential business information
  • Disclosure of financial data
  • HR privacy issues
  • Intellectual property leaks
  • Increased insider risk
  • Compliance violations
  • Unintentional exposure through Microsoft 365 Copilot

The goal is to identify excessive permissions before sensitive information is exposed.

Common Causes of Oversharing

Oversharing often results from:

  • Incorrect SharePoint permissions
  • Excessive sharing links
  • Broken inheritance
  • Organization-wide sharing
  • Large Microsoft 365 Groups
  • Incorrect Teams membership
  • Overly permissive OneDrive sharing
  • Legacy permissions that were never reviewed
  • Users manually sharing files without understanding permissions

Microsoft Tools Used to Troubleshoot Oversharing

Microsoft provides several complementary tools.

1. SharePoint Advanced Management

One of the primary tools for identifying oversharing is SharePoint Advanced Management.

It helps administrators:

  • Discover overshared sites
  • Identify risky permissions
  • Detect excessive sharing
  • Review permission inheritance
  • Monitor external sharing

Administrators can prioritize remediation efforts before deploying Copilot broadly.

2. SharePoint Site Permissions

Administrators should review:

  • Site Owners
  • Site Members
  • Site Visitors

Questions to ask include:

  • Does everyone need access?
  • Are external users still required?
  • Are permissions inherited correctly?
  • Are there unnecessary site members?

3. Site Access Reviews

Regular permission reviews help identify:

  • Inactive users
  • Former employees
  • Contractors
  • Oversized groups
  • Outdated access

Periodic reviews significantly reduce oversharing.

4. Microsoft Purview Data Security Posture Management (DSPM) for AI

DSPM for AI helps organizations understand AI-related security risks.

It can identify:

  • Sensitive data exposed to Copilot
  • AI usage patterns
  • High-risk data locations
  • Overshared sensitive files
  • Permission-related risks

DSPM combines AI activity with data classification to prioritize remediation.

5. Microsoft Purview Data Explorer

Data Explorer provides visibility into where sensitive information exists.

Administrators can discover:

  • Credit card numbers
  • Passport numbers
  • Financial records
  • Health information
  • Confidential documents

Once sensitive data is identified, administrators can determine whether it is overshared.

6. Microsoft Purview Activity Explorer

Activity Explorer helps investigate how sensitive content is being used.

It displays activities such as:

  • File sharing
  • Downloads
  • Label application
  • Label removal
  • DLP events

This helps identify whether overshared content is actively being accessed.

7. Microsoft Purview Content Search

Content Search helps locate:

  • Emails
  • Documents
  • Teams conversations
  • SharePoint files
  • OneDrive files

Investigators can search for sensitive information and determine whether it resides in overshared locations.

8. Microsoft Purview Audit

Audit logs provide visibility into user actions.

Examples include:

  • File viewed
  • File shared
  • Permission changed
  • Link created
  • Link removed
  • Site membership changed

Audit records help determine:

  • Who shared a document
  • When sharing occurred
  • Which users accessed the content

9. Microsoft Purview Data Loss Prevention (DLP)

Although DLP does not directly identify oversharing, it helps prevent sensitive information from leaving approved locations.

DLP policies can:

  • Block sharing
  • Warn users
  • Prevent uploads
  • Restrict downloads
  • Notify administrators

DLP reduces the impact of accidental oversharing.

10. Microsoft Purview Information Protection

Sensitivity labels classify and protect information.

Labels can:

  • Encrypt documents
  • Restrict access
  • Prevent forwarding
  • Apply visual markings
  • Require authentication

Even if a document is accidentally shared, encryption can prevent unauthorized access.

11. Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps provides insight into cloud file sharing.

Administrators can identify:

  • Publicly shared files
  • Anonymous links
  • External sharing
  • Risky user behavior
  • Unusual downloads

It helps detect cloud-based oversharing risks.

12. Microsoft Entra ID

Microsoft Entra ID helps troubleshoot identity-related oversharing by reviewing:

  • Group memberships
  • Role assignments
  • Dynamic groups
  • Guest users
  • External identities

Sometimes oversharing occurs because users belong to inappropriate security groups.

Reviewing Sharing Links

Sharing links are a common source of oversharing.

Administrators should review whether links are:

  • Anyone links
  • Organization links
  • Specific people links
  • Existing access links

Generally:

  • “Specific people” links are the most restrictive.
  • “Anyone” links present the greatest oversharing risk.

Reviewing Permission Inheritance

SharePoint uses permission inheritance.

A folder may inherit permissions from:

  • Site
  • Library
  • Parent folder

Broken inheritance can accidentally expose sensitive information.

Administrators should verify whether:

  • Inheritance is appropriate
  • Unique permissions are necessary
  • Sensitive folders have restricted access

Using Sensitivity Labels to Reduce Oversharing

Sensitivity labels provide another layer of protection.

Examples include:

  • Public
  • General
  • Confidential
  • Highly Confidential

Labels may automatically:

  • Encrypt content
  • Restrict downloads
  • Prevent printing
  • Block copying
  • Limit sharing

Copilot respects these protections.

Using Audit Logs During Investigations

If oversharing is suspected, administrators often review audit logs.

Audit logs answer questions such as:

  • Who shared the file?
  • When was it shared?
  • Was an anonymous link created?
  • Who opened the document?
  • Was the file downloaded?
  • Were permissions modified?

This information is critical during investigations.

Relationship to Microsoft 365 Copilot

Copilot does not ignore Microsoft 365 security.

Instead, it:

  • Uses Microsoft Graph to retrieve content
  • Honors Microsoft 365 permissions
  • Respects sensitivity labels
  • Honors encryption
  • Respects DLP protections
  • Uses existing access controls

If permissions are too broad, Copilot can surface information to users who already have that access.

Therefore, reducing oversharing before deployment is considered a best practice.

Typical Oversharing Investigation Workflow

A common workflow includes:

  1. Identify sensitive data using Data Explorer.
  2. Review AI exposure using DSPM for AI.
  3. Examine permissions in SharePoint.
  4. Review sharing links.
  5. Check Audit logs.
  6. Investigate user activity in Activity Explorer.
  7. Restrict permissions where necessary.
  8. Apply sensitivity labels.
  9. Implement DLP policies.
  10. Continue monitoring for future risks.

Best Practices

Organizations should:

  • Review SharePoint permissions regularly.
  • Remove unnecessary access.
  • Limit organization-wide sharing.
  • Use “Specific people” sharing links whenever possible.
  • Classify sensitive information.
  • Apply sensitivity labels.
  • Implement DLP policies.
  • Monitor audit logs.
  • Conduct periodic access reviews.
  • Review oversharing before enabling Microsoft 365 Copilot organization-wide.

Key Exam Tips

Remember these important points for the AB-900 exam:

  • Oversharing occurs when users have unnecessary access to data.
  • Microsoft 365 Copilot respects existing permissions—it does not bypass security.
  • SharePoint Advanced Management helps identify overshared sites and permissions.
  • Microsoft Purview DSPM for AI helps identify AI-related exposure risks.
  • Data Explorer identifies where sensitive information resides.
  • Activity Explorer shows how sensitive data is being used.
  • Audit logs reveal sharing and permission changes.
  • Sensitivity labels and DLP help reduce the risks associated with oversharing.
  • Regular permission reviews are one of the most effective ways to prevent oversharing.

Practice Exam Questions

Question 1

Which Microsoft solution is specifically designed to help administrators identify overshared SharePoint sites before deploying Microsoft 365 Copilot?

A. Microsoft Defender Antivirus

B. SharePoint Advanced Management

C. Exchange Online Protection

D. Microsoft Intune

Correct Answer: B

Explanation: SharePoint Advanced Management provides visibility into oversharing risks, site permissions, and excessive access, helping organizations prepare for AI deployments.

Question 2

Why is oversharing considered a concern when using Microsoft 365 Copilot?

A. Copilot ignores Microsoft 365 permissions.

B. Copilot automatically shares documents externally.

C. Copilot can surface information that users already have permission to access.

D. Copilot disables sensitivity labels.

Correct Answer: C

Explanation: Copilot respects existing Microsoft 365 permissions. If permissions are overly broad, users may discover sensitive information they technically have access to but should not.

Question 3

Which Microsoft Purview feature helps identify where sensitive information such as credit card numbers and passport numbers is stored?

A. Compliance Manager

B. Insider Risk Management

C. Data Explorer

D. Communication Compliance

Correct Answer: C

Explanation: Data Explorer provides visibility into the location and distribution of sensitive information across Microsoft 365.

Question 4

An administrator wants to determine who shared a confidential document and when it was shared. Which tool should they use?

A. Microsoft Purview Audit

B. Microsoft Planner

C. Microsoft Viva Insights

D. Microsoft Bookings

Correct Answer: A

Explanation: Audit logs record sharing events, permission changes, and other user activities, making them essential for investigations.

Question 5

Which type of SharePoint sharing link generally presents the greatest oversharing risk?

A. Existing access

B. Specific people

C. Organization

D. Anyone

Correct Answer: D

Explanation: “Anyone” links allow access without authentication (unless restricted by policy), making them the highest-risk sharing option.

Question 6

Which Microsoft Purview solution helps administrators understand AI-related exposure risks and overshared sensitive information?

A. Data Security Posture Management (DSPM) for AI

B. Compliance Manager

C. eDiscovery

D. Message Encryption

Correct Answer: A

Explanation: DSPM for AI identifies sensitive data exposure, AI usage, and risks associated with Microsoft 365 Copilot and other AI applications.

Question 7

Which Microsoft Purview feature helps administrators review how sensitive files have been shared, downloaded, or labeled?

A. Data Lifecycle Management

B. Activity Explorer

C. Content Search

D. Records Management

Correct Answer: B

Explanation: Activity Explorer provides visibility into user activities involving sensitive content, including sharing, labeling, and DLP events.

Question 8

What is one effective way to reduce oversharing in SharePoint?

A. Increase anonymous sharing.

B. Remove all sensitivity labels.

C. Grant every employee site owner permissions.

D. Perform regular permission and access reviews.

Correct Answer: D

Explanation: Periodic permission reviews help identify unnecessary access, outdated memberships, and excessive permissions before they become security risks.

Question 9

Which statement correctly describes Microsoft 365 Copilot?

A. It bypasses Microsoft Purview protections.

B. It ignores SharePoint permissions.

C. It respects existing Microsoft 365 permissions and security controls.

D. It automatically encrypts all documents.

Correct Answer: C

Explanation: Copilot only accesses content that users are already authorized to view and honors permissions, sensitivity labels, encryption, and other Microsoft 365 security controls.

Question 10

Which combination of tools provides the most complete approach to troubleshooting oversharing?

A. Microsoft Paint and Notepad

B. Microsoft Purview Audit, Data Explorer, Activity Explorer, DSPM for AI, and SharePoint Advanced Management

C. Microsoft Teams and Outlook only

D. Microsoft Excel and Word

Correct Answer: B

Explanation: These tools complement one another by identifying sensitive data, monitoring activity, reviewing AI exposure, auditing sharing events, and analyzing SharePoint permissions, enabling administrators to effectively investigate and remediate oversharing risks.

Go to the AB-900 Exam Prep Hub main page

Leave a comment