AB-900, AI, AI Security, Microsoft Certification

Understand how Copilot uses permissions and other controls in Microsoft 365, Microsoft Purview, and Microsoft Defender to protect against risks (AB-900 Exam Prep)

 
This post is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.
This topic falls under these sections:
Understand data protection and governance tasks for Microsoft 365 and Copilot (35–40%)
   --> Understand data security implications of Copilot
      --> Understand how Copilot uses permissions and other controls in Microsoft 365, Microsoft Purview, and Microsoft Defender to protect against risks

Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.

Introduction

One of the most important security concepts for the AB-900 exam is understanding how Microsoft 365 Copilot protects organizational data. Because Copilot can access and summarize information from across Microsoft 365, organizations must ensure that sensitive information remains protected and that users only receive information they are authorized to access.

Microsoft 365 Copilot does not operate independently of an organization’s security framework. Instead, it inherits and respects the security, compliance, governance, and protection controls already configured in Microsoft 365. These controls come primarily from:

  • Microsoft 365 permissions
  • Microsoft Entra ID
  • Microsoft Purview
  • Microsoft Defender
  • SharePoint and OneDrive security
  • Teams security controls

Together, these technologies ensure that Copilot delivers useful responses while minimizing the risk of unauthorized access, data leakage, compliance violations, and insider threats.

The Security Foundation of Copilot

Microsoft 365 Copilot is built on three key principles:

  1. Access only authorized data
  2. Respect existing security controls
  3. Apply compliance and governance policies automatically

Copilot does not create new permissions.

Instead, it uses the permissions already assigned to users and resources throughout Microsoft 365.

This means that if a user cannot access a file directly, they also cannot access that file through Copilot.

Permission Trimming: The Core Security Mechanism

The most important security concept related to Copilot is permission trimming.

Permission trimming ensures that Copilot only retrieves information the user is authorized to access.

When a user submits a prompt:

  1. Microsoft Graph searches organizational data.
  2. Existing permissions are evaluated.
  3. Unauthorized content is excluded.
  4. Only authorized information is sent to the large language model.

For example:

  • HR files are accessible only to HR employees.
  • Finance reports are accessible only to finance personnel.
  • Confidential legal documents remain restricted to legal teams.

If another employee asks Copilot about those documents, the information is not included in the response.

How Microsoft 365 Permissions Protect Data

Microsoft 365 permissions form the first layer of Copilot security.

Permissions are inherited from services such as:

  • SharePoint Online
  • OneDrive for Business
  • Microsoft Teams
  • Exchange Online
  • Microsoft Loop

Examples include:

SharePoint Permissions

Users can only access sites, libraries, folders, and files for which they have permissions.

OneDrive Permissions

Users can access their own files and content explicitly shared with them.

Teams Permissions

Copilot respects team membership and channel access.

Exchange Permissions

Emails and calendar data are only available to authorized users.

Because Copilot uses Microsoft Graph, these permissions are automatically enforced.

Role of Microsoft Entra ID

Microsoft Entra ID provides identity and access management for Microsoft 365.

Copilot relies on Entra ID to verify:

  • User identity
  • Group membership
  • Role assignments
  • Conditional Access policies
  • Authentication status

Entra ID ensures that only authenticated and authorized users can access Microsoft 365 resources.

Examples

A Conditional Access policy may require:

  • Multifactor authentication (MFA)
  • Compliant devices
  • Approved locations

If requirements are not met, users may be blocked from accessing Microsoft 365 resources and Copilot.

How Microsoft Purview Protects Data Used by Copilot

Microsoft Purview provides compliance, governance, and data protection controls.

Because Copilot works with organizational content, Purview protections automatically apply to data used by Copilot.

Sensitivity Labels

Sensitivity labels classify and protect content.

Common labels include:

  • Public
  • General
  • Confidential
  • Highly Confidential

Labels can enforce:

  • Encryption
  • Access restrictions
  • Watermarking
  • Content markings

If a document is protected by a sensitivity label, Copilot respects those protections.

Data Loss Prevention (DLP)

DLP policies help prevent sensitive information from being exposed.

Examples include:

  • Credit card numbers
  • Social Security numbers
  • Healthcare records
  • Financial information

DLP policies can:

  • Detect sensitive data
  • Block sharing
  • Generate alerts
  • Notify administrators

Copilot interactions remain subject to DLP protections.

Data Classification

Microsoft Purview can automatically classify content based on:

  • Sensitive information types
  • Trainable classifiers
  • Custom classifications

This classification helps organizations understand what information exists and where risks may be present.

Retention Policies

Retention policies ensure information is retained or deleted according to organizational requirements.

Copilot only works with content that remains available within Microsoft 365 according to retention settings.

Data Security Posture Management (DSPM) for AI

DSPM for AI helps organizations identify and reduce AI-related risks.

DSPM can:

  • Discover overshared content
  • Identify risky permissions
  • Detect exposure of sensitive data
  • Recommend remediation actions

This is especially important because Copilot may reveal risks that already exist due to improper permissions.

How Microsoft Defender Protects Copilot Environments

Microsoft Defender provides threat detection, prevention, and response capabilities.

Defender helps protect both the data Copilot accesses and the users interacting with Copilot.

Microsoft Defender XDR

Microsoft Defender XDR provides:

  • Cross-domain threat detection
  • Incident correlation
  • Security investigation
  • Automated response

It helps security teams identify attacks that may affect Copilot-accessible data.

Identity Protection

Microsoft Defender and Entra ID can detect:

  • Risky sign-ins
  • Credential theft
  • Impossible travel events
  • Suspicious account activity

Compromised identities can be blocked before attackers access Copilot.

Endpoint Protection

Microsoft Defender for Endpoint protects devices used to access Copilot.

It helps detect:

  • Malware
  • Ransomware
  • Unauthorized access attempts
  • Device compromise

Threat Intelligence

Microsoft Defender uses global threat intelligence to identify:

  • Known malicious actors
  • Emerging threats
  • Attack techniques

This helps reduce the likelihood that attackers gain access to sensitive organizational information.

Oversharing Risks and Copilot

Copilot does not create oversharing problems.

However, it can expose existing oversharing issues more efficiently.

For example:

If a confidential SharePoint folder has accidentally been shared with all employees:

  • Employees may not discover the folder manually.
  • Copilot may locate relevant content and summarize it.

Because of this, organizations should regularly review:

  • File permissions
  • Site permissions
  • Group memberships
  • Sharing settings

DSPM for AI helps identify these risks.

Security Controls Working Together

The protection of Copilot data relies on multiple layers:

Security LayerPurpose
Microsoft Entra IDIdentity verification and access control
Conditional AccessRestrict access based on risk and conditions
Microsoft 365 PermissionsControl resource access
Microsoft GraphApplies permission trimming
Microsoft PurviewGovernance, compliance, and data protection
Microsoft DefenderThreat detection and response
DSPM for AIAI-specific risk identification

These controls work together to create a secure AI environment.

Key Exam Tips

For the AB-900 exam, remember the following:

  • Copilot does not bypass existing permissions.
  • Permission trimming ensures users only see authorized content.
  • Microsoft Graph enforces access controls during data retrieval.
  • Microsoft Entra ID provides identity and access management.
  • Conditional Access can restrict Copilot access based on organizational policies.
  • Microsoft Purview protects data through sensitivity labels, DLP, classification, retention, and DSPM for AI.
  • Microsoft Defender protects identities, endpoints, and organizational resources from threats.
  • Copilot may reveal existing oversharing risks but does not create them.
  • DSPM for AI helps organizations identify and remediate AI-related data exposure risks.

Practice Exam Questions

Question 1

What security mechanism ensures that Copilot only retrieves information a user is authorized to access?

A. Endpoint isolation
B. Data retention
C. Data replication
D. Permission trimming

Answer: D

Explanation: Permission trimming evaluates a user’s permissions and excludes unauthorized content from Copilot responses.

Question 2

A user asks Copilot about a confidential HR document they do not have permission to view. What will happen?

A. Copilot summarizes the document anyway
B. Copilot requests administrator approval automatically
C. The document is excluded from the response due to permission trimming
D. The document is copied into the user’s OneDrive

Answer: C

Explanation: Copilot respects existing permissions and cannot retrieve content users are not authorized to access.

Question 3

Which Microsoft service provides the identity platform that Copilot relies on for authentication and authorization?

A. Microsoft Defender XDR
B. Microsoft Entra ID
C. Microsoft Purview Insider Risk Management
D. Microsoft Intune

Answer: B

Explanation: Microsoft Entra ID manages identities, authentication, authorization, and access controls for Microsoft 365 services.

Question 4

Which Microsoft Purview capability helps prevent sensitive information such as credit card numbers from being improperly shared?

A. Retention policies
B. Conditional Access
C. Privileged Identity Management
D. Data Loss Prevention (DLP)

Answer: D

Explanation: DLP policies detect and protect sensitive information by blocking or monitoring risky sharing activities.

Question 5

What is the primary purpose of sensitivity labels in Microsoft Purview?

A. Manage operating system updates
B. Monitor network performance
C. Classify and protect content based on sensitivity levels
D. Create backup copies of documents

Answer: C

Explanation: Sensitivity labels classify content and can apply protections such as encryption and access restrictions.

Question 6

Which Microsoft Purview solution helps organizations discover overshared content that may present AI-related risks?

A. Data Security Posture Management (DSPM) for AI
B. Microsoft Planner
C. Exchange Online Protection
D. Windows Defender Firewall

Answer: A

Explanation: DSPM for AI identifies sensitive data exposure risks and recommends remediation actions.

Question 7

How does Microsoft Defender help protect environments that use Copilot?

A. By creating user accounts automatically
B. By replacing Microsoft Entra ID permissions
C. By detecting threats, compromised identities, and suspicious activities
D. By bypassing DLP policies

Answer: C

Explanation: Microsoft Defender provides threat detection, investigation, and response capabilities that protect organizational resources.

Question 8

Which statement best describes the relationship between Copilot and oversharing?

A. Copilot automatically fixes overshared content
B. Copilot creates oversharing by default
C. Copilot ignores shared permissions entirely
D. Copilot may reveal existing oversharing issues because it can efficiently locate accessible content

Answer: D

Explanation: Copilot does not create oversharing problems but can make improperly shared content easier to discover.

Question 9

Which security control can require multifactor authentication before a user accesses Microsoft 365 resources and Copilot?

A. SharePoint version history
B. Conditional Access
C. Retention labels
D. Exchange journaling

Answer: B

Explanation: Conditional Access policies can require MFA, compliant devices, or other conditions before granting access.

Question 10

Which statement about Copilot security is correct?

A. Copilot has unrestricted access to all tenant data.
B. Copilot ignores Microsoft Purview protections.
C. Copilot only follows Microsoft Defender policies.
D. Copilot inherits existing Microsoft 365 permissions and compliance controls.

Answer: D

Explanation: Copilot respects permissions, security settings, compliance policies, and governance controls already configured within Microsoft 365.

Go to the AB-900 Exam Prep Hub main page

Leave a comment