Category: AB-900

AB-900, Microsoft Certification

Exam Prep Hub for AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals

Welcome to the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub!

Welcome to the one-stop hub with information for preparing for the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals certification exam. The content for this exam helps prepare you to “understand Microsoft 365 services, admin tools, core objects, core security features, and modern AI-driven IT management practices”.
Upon successful completion of the exam, you earn the Microsoft 365 Certified: Copilot and Agent Administration Fundamentals certification.

This hub provides information directly here (topic-by-topic as outlined in the official study guide), links to a number of external resources, tips for preparing for the exam, practice tests, and section questions to help you prepare. Bookmark this page and use it as a guide to ensure that you are fully covering all relevant topics for the AB-900 exam and making use of as many of the resources available as possible.

Audience profile (from Microsoft’s site)

As a candidate for this Microsoft Certification, you should be familiar with Microsoft 365, including core services, security, identity and access, data protection, and governance, along with Microsoft 365 Copilot and agents.
Additionally, you should be familiar with the admin centers used to access Microsoft 365 workloads, such as Exchange Online, SharePoint in Microsoft 365, Microsoft Teams, Microsoft Entra, and Microsoft Purview. You need to have experience with AI-driven productivity tools and modern IT management practices.
You must be able to identify the roles of the core features and objects available in Microsoft 365, such as users, groups, teams, sites, and libraries. Plus, you should understand the core security features of Microsoft 365, such as authentication methods, conditional access policies, and single sign-on (SSO).

Skills at a glance (as specified in the official study guide)

  • Identify the core features and objects of Microsoft 365 services (30–35%)
  • Understand data protection and governance tasks for Microsoft 365 and Copilot (35–40%)
  • Perform basic administrative tasks for Copilot and agents (25–30%)

Topic-by-Topic Exam Content

[click a topic link to access the content and practice questions for that topic]

Identify the core features and objects of Microsoft 365 services (30–35%)

Identify the core objects of Microsoft 365 services

Understand the Microsoft 365 security principles

Identify the core security features of Microsoft 365 services

Understand data protection and governance tasks for Microsoft 365 and Copilot (35–40%)

Understand Microsoft Purview

Understand data security implications of Copilot

Identify data protection and governance risks for Microsoft 365 and Copilot

Identify and monitor oversharing in SharePoint in Microsoft 365

Perform basic administrative tasks for Copilot and agents (25–30%)

Understand features and capabilities of Copilot and agents

Perform basic administrative tasks for Copilot

Perform basic administrative tasks for agents

AB-900 Practice Exams

Important AB-900 Resources

Link to the free, comprehensive, self-paced course on Microsoft Learn: Introduction to Microsoft 365 and AI administration

https://learn.microsoft.com/en-us/training/courses/ab-900t00

This course has two learning paths:

(1) The first learning path is: Explore Microsoft 365 administration, located at this URL:
https://learn.microsoft.com/en-us/training/paths/explore-microsoft-365-administration

This learning path has 3 modules, located at the below URLs:

(2) The second learning path is: Explore Microsoft 365 Copilot and agent administration, located at this URL:
https://learn.microsoft.com/en-us/training/paths/explore-microsoft-365-copilot-agent-administration

This learning path has 3 modules, located at the below URLs:

Link to the certification page:

Link to the study guide:


YouTube resources:

Courses: There are several highly rated courses for AB-900 on Udemy:

Check out the previews of each course to decide which trainer is best for you. And a tip for you … if your timeline allows it, wait for the occasional Udemy sale and buy your course(s) then.

Good luck to you passing the AB-900 Exam!
However, the more preparation you have, the less luck you will need. 🙂

Visit this post to see the list of all the certification preparation hubs available on The Data Community.

AB-900, Microsoft Certification

AB-900 Practice Exam #4

AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Practice Exam

This practice exam is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.

Question 1 (Single Answer)

Which service is responsible for identity and access management in Microsoft 365?

A. Microsoft Defender
B. Microsoft Entra ID
C. Microsoft Purview
D. Microsoft Fabric

Correct Answer: B

Explanation

Microsoft Entra ID manages authentication, authorization, and identity lifecycle for Microsoft 365 users.

Question 2 (Multiple Answer)

Which THREE are core Microsoft 365 collaboration workloads used by Copilot?

A. SharePoint Online
B. Exchange Online
C. Microsoft Teams
D. Windows Registry
E. BIOS firmware

Correct Answers

✅ A
✅ B
✅ C

Explanation

Copilot uses Microsoft 365 workloads including SharePoint, Exchange, and Teams via Microsoft Graph.

Question 3 (Single Answer)

Which Microsoft service provides unified data access for Microsoft 365 Copilot?

A. Microsoft Graph
B. Microsoft Sentinel
C. Microsoft Defender
D. Azure DevOps

Correct Answer: A

Question 4 (Fill in the Blank)

Copilot respects existing Microsoft 365 __________ when retrieving data.

A. licenses
B. permissions
C. storage limits
D. device profiles

Correct Answer: B

Question 5 (Scenario)

An organization wants to measure Copilot adoption and usage trends across departments.

A. Microsoft Intune
B. Copilot Analytics
C. Azure Monitor
D. Exchange Admin Center

Correct Answer: B

Question 6 (Single Answer)

Which tool identifies overshared SharePoint sites?

A. Microsoft Defender XDR
B. SharePoint Data Access Governance Reports
C. Microsoft Entra ID
D. Azure Policy

Correct Answer: B

Question 7 (Multiple Answer)

Which TWO help reduce AI-related data exposure risks?

A. Microsoft Purview DSPM for AI
B. SharePoint Advanced Management
C. Windows Update
D. Microsoft Word Editor

Correct Answers

✅ A
✅ B

Question 8 (Single Answer)

Which feature allows restricting Copilot access to sensitive SharePoint sites?

A. Restricted Site Access
B. Site Templates
C. Teams Channels
D. OneDrive Sync

Correct Answer: A

Question 9 (Scenario)

A compliance team needs to search across emails and Teams messages for legal investigation.

A. Content Search
B. Microsoft Defender Firewall
C. Azure Monitor
D. Intune Compliance

Correct Answer: A

Question 10 (Single Answer)

Which model allows organizations to pay only for Copilot usage?

A. Per-device licensing
B. Pay-as-you-go
C. Volume licensing only
D. OEM licensing

Correct Answer: B

Question 11 (Multiple Answer)

Which THREE are valid Copilot data sources?

A. SharePoint
B. Exchange
C. Teams
D. Linux Kernel
E. VMware BIOS

Correct Answers

✅ A
✅ B
✅ C

Question 12 (Single Answer)

Which service handles compliance and governance?

A. Microsoft Entra ID
B. Microsoft Purview
C. Microsoft Defender
D. Microsoft Intune

Correct Answer: B

Question 13 (Scenario)

A user should only access Copilot content they are allowed to see.

A. Permissions
B. Licenses
C. Network speed
D. Storage quota

Correct Answer: A

Question 14 (Matching)

Match service to purpose:

  1. Entra ID
  2. Purview
  3. Defender

A. Identity
B. Compliance
C. Security

Correct Matching

1 → A
2 → B
3 → C

Question 15 (Single Answer)

Which tool provides Copilot adoption insights?

A. Copilot Analytics
B. Azure Firewall
C. Intune
D. Sentinel

Correct Answer: A

Question 16 (Scenario)

You want to build an HR assistant using internal documents.

A. Custom agent
B. Windows Copilot
C. PowerPoint Designer
D. Exchange Rules

Correct Answer: A

Question 17 (Multiple Answer)

Which THREE describe agent monitoring capabilities?

A. Usage metrics
B. Lifecycle tracking
C. Operational insights
D. BIOS updates
E. Disk formatting

Correct Answers

✅ A
✅ B
✅ C

Question 18 (Single Answer)

Which feature allows saving reusable prompts?

A. Prompt management
B. Intune profiles
C. Defender rules
D. Azure tags

Correct Answer: A

Question 19 (Scenario)

You want to ensure HR data is not used in Copilot responses until reviewed.

A. Restricted Site Access
B. Windows Firewall
C. Teams Policies
D. Azure VMs

Correct Answer: A

Question 20 (Single Answer)

Which Copilot agent performs advanced data analysis?

A. Analyst
B. Designer
C. Writer
D. Translator

Correct Answer: A

Question 21 (Multiple Answer)

Which are Copilot governance tools?

A. Data Access Governance Reports
B. DSPM for AI
C. BIOS manager
D. Windows registry editor

Correct Answers

✅ A
✅ B

Question 22 (Single Answer)

Copilot uses Microsoft ________ to access organizational data.

A. Graph
B. Sentinel
C. Intune
D. Fabric

Correct Answer: A

Question 23 (Scenario)

You want to monitor agent usage and lifecycle.

A. Microsoft 365 admin center
B. Excel
C. Word
D. Outlook

Correct Answer: A

Question 24 (Multiple Answer)

Which TWO admin centers manage agents?

A. Microsoft 365 admin center
B. Power Platform admin center
C. Azure DevOps
D. Windows Admin Center

Correct Answers

✅ A
✅ B

Question 25 (Single Answer)

Which Copilot capability is used for deep research?

A. Researcher
B. Analyst
C. Designer
D. Editor

Correct Answer: A

Question 26 (Fill in the Blank)

Copilot is built on Microsoft ________.

A. Graph
B. Azure DevOps
C. Sentinel
D. SQL Server

Correct Answer: A

Question 27 (Scenario)

You want to restrict Copilot costs based on usage.

A. Pay-as-you-go billing
B. Intune policies
C. Defender policies
D. BIOS settings

Correct Answer: A

Question 28 (Single Answer)

Which tool manages identity?

A. Entra ID
B. Purview
C. Defender
D. Copilot Analytics

Correct Answer: A

Question 29 (Multiple Answer)

Which THREE are Copilot benefits?

A. Productivity improvement
B. Data insights
C. Automated BIOS updates
D. Content generation

Correct Answers

✅ A
✅ B
✅ D

Question 30 (Single Answer)

Copilot agents are best described as:

A. Security tools
B. Identity providers
C. Task-specific AI assistants
D. Hardware devices

Correct Answer: C

Go to the AB-900 Exam Prep Hub main page

AB-900, Microsoft Certification

AB-900 Practice Exam #3

AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Practice Exam

This practice exam is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.

Question 1 (Scenario-Based Single Answer)

A company plans to deploy Microsoft 365 Copilot to all employees. Before assigning licenses, the IT department wants to verify that users have the required Microsoft 365 subscription.

Which action should the administrator perform first?

A. Enable Microsoft Defender for all users.

B. Verify that users have an eligible Microsoft 365 base license.

C. Create a custom agent for each department.

D. Configure Microsoft Purview retention labels.

Correct Answer: B

Explanation

Microsoft 365 Copilot requires users to have an eligible Microsoft 365 subscription (such as Microsoft 365 E3 or E5, or other qualifying plans) before a Copilot license can be assigned.

  • A improves security but is not a licensing prerequisite.
  • C is unrelated to licensing.
  • D governs data but does not determine Copilot eligibility.

Question 2 (Multiple Answer)

Which THREE Microsoft 365 workloads commonly provide organizational data that Microsoft 365 Copilot can use to generate responses?

A. SharePoint Online

B. Exchange Online

C. Microsoft Teams

D. Windows Registry

E. Azure Virtual Machines

Choose THREE answers.

Correct Answers

A

B

C

Explanation

Microsoft 365 Copilot works across Microsoft Graph and retrieves information from workloads such as:

  • SharePoint Online
  • Exchange Online
  • Microsoft Teams
  • OneDrive (not listed)

Windows Registry and Azure Virtual Machines are not Microsoft 365 content sources for Copilot.

Question 3 (Single Answer)

Which Microsoft service is primarily responsible for storing and managing user identities used by Microsoft 365?

A. Microsoft Defender XDR

B. Microsoft Purview

C. Microsoft Entra ID

D. Microsoft Intune

Correct Answer: C

Explanation

Microsoft Entra ID provides identity, authentication, authorization, and access management for Microsoft 365 users.

The other services perform security, governance, or device management functions.

Question 4 (Fill in the Blank)

Complete the sentence.

Microsoft 365 Copilot uses Microsoft __________ to securely retrieve organizational information across Microsoft 365 services.

A. Defender

B. Graph

C. Fabric

D. Power BI

Correct Answer: B

Explanation

Microsoft Graph provides a unified API and data layer that enables Microsoft 365 Copilot to access emails, meetings, files, chats, calendars, and other Microsoft 365 data while respecting existing permissions.

Question 5 (Scenario-Based Single Answer)

An administrator wants to identify users who have begun using Microsoft 365 Copilot but are rarely returning after their first week.

Which solution provides this information?

A. Microsoft Intune

B. Microsoft Defender

C. Copilot Analytics

D. Exchange Admin Center

Correct Answer: C

Explanation

Copilot Analytics provides insights into user adoption, repeat usage, engagement trends, and feature utilization.

The remaining tools do not provide Copilot adoption analytics.

Question 6 (Matching)

Match each Microsoft solution with its primary purpose.

Microsoft SolutionPurpose
1. Microsoft PurviewA. Identity management
2. Microsoft Entra IDB. Compliance and governance
3. Microsoft Defender XDRC. Threat detection and response

Correct Matching

  • 1 → B
  • 2 → A
  • 3 → C

Explanation

Each Microsoft solution has a specialized role:

  • Microsoft Purview manages compliance and governance.
  • Microsoft Entra ID manages identities.
  • Microsoft Defender XDR provides security monitoring and response.

Question 7 (Scenario-Based Multiple Answer)

A company wants to reduce the risk of Microsoft 365 Copilot exposing overshared files after deployment.

Which TWO actions should administrators take?

A. Review SharePoint permissions.

B. Run SharePoint Data Access Governance Reports.

C. Disable Microsoft Teams.

D. Use Microsoft Purview DSPM for AI to identify risks.

E. Delete Microsoft Graph.

Choose TWO answers.

Correct Answers

B

D

Explanation

SharePoint Data Access Governance Reports identify overshared content, while Microsoft Purview DSPM for AI identifies AI-related exposure risks and recommends remediation.

Reviewing SharePoint permissions is a useful administrative practice, but these two tools are specifically designed for discovering and assessing oversharing risks.

Question 8 (Single Answer)

Which statement correctly describes Microsoft 365 Copilot?

A. It ignores Microsoft 365 permissions when generating responses.

B. It only searches internet content.

C. It respects existing Microsoft 365 permissions and organizational policies.

D. It automatically grants access to restricted SharePoint sites.

Correct Answer: C

Explanation

Microsoft 365 Copilot always respects Microsoft 365 permissions and compliance controls. It cannot retrieve information users are not authorized to access.

The other statements are incorrect.

Question 9 (Scenario-Based Single Answer)

An organization is investigating the accidental sharing of confidential project documents.

Which Microsoft Purview feature should administrators use to locate those files across Exchange, SharePoint, and OneDrive?

A. Content Search

B. Microsoft Defender Antivirus

C. Azure Cost Management

D. Windows Event Viewer

Correct Answer: A

Explanation

Content Search allows investigators to search across Microsoft 365 workloads for emails, documents, Teams messages, and other content during investigations.

The remaining tools are unrelated.

Question 10 (Multiple Answer)

Which THREE capabilities are available in SharePoint Advanced Management?

A. Restricted Site Access

B. Data Access Governance Reports

C. Oversharing insights

D. Windows Update management

E. BIOS configuration

Choose THREE answers.

Correct Answers

A

B

C

Explanation

SharePoint Advanced Management provides capabilities that help organizations secure SharePoint content before and after deploying Microsoft 365 Copilot, including:

  • Restricted Site Access
  • Data Access Governance Reports
  • Oversharing insights and governance capabilities

Windows Update management and BIOS configuration are unrelated.

Question 11 (Scenario-Based Single Answer)

A compliance officer needs to locate all emails and Teams messages related to a legal investigation across Microsoft 365.

Which tool should be used?

A. Microsoft Purview Content Search
B. Microsoft Defender for Endpoint
C. Microsoft Entra ID sign-in logs
D. Microsoft Intune compliance policies

Correct Answer: A

Explanation

Microsoft Purview Content Search allows administrators to search across Exchange, SharePoint, OneDrive, and Teams for investigation and compliance purposes.

Other options are unrelated to content discovery.

Question 12 (Multiple Answer)

Which THREE capabilities are part of Microsoft Purview Data Loss Prevention (DLP)?

A. Detect sensitive information in emails and documents
B. Block or restrict sharing of sensitive data
C. Automatically increase Copilot licensing
D. Apply policies across Microsoft 365 workloads
E. Replace Microsoft Entra ID authentication

Choose THREE answers.

Correct Answers

A
B
D

Explanation

DLP helps:

  • Identify sensitive data
  • Prevent accidental sharing
  • Apply policies across Microsoft 365 services

It does not manage licensing or identity.

Question 13 (Single Answer)

Which Microsoft service enforces identity-based access control for Microsoft 365 Copilot users?

A. Microsoft Defender
B. Microsoft Entra ID
C. Microsoft Purview
D. Microsoft Fabric

Correct Answer: B

Explanation

Microsoft Entra ID manages authentication and authorization, ensuring users only access resources they are permitted to use, including Copilot.

Question 14 (Fill in the Blank)

Microsoft 365 Copilot relies on Microsoft __________ to access organizational data securely.

A. Graph
B. Sentinel
C. Intune
D. Power Automate

Correct Answer: A

Explanation

Microsoft Graph is the API layer that connects Copilot to Microsoft 365 data while enforcing permissions and security controls.

Question 15 (Scenario-Based Single Answer)

A company wants to ensure that confidential HR documents are not included in Copilot responses until they are reviewed.

Which solution should they use?

A. SharePoint Restricted Site Access
B. Microsoft Teams Channels
C. Windows Firewall
D. Azure DevOps Pipelines

Correct Answer: A

Explanation

Restricted Site Access in SharePoint Advanced Management can temporarily block Copilot and search indexing from accessing sensitive sites.

Question 16 (Matching)

Match each Copilot-related feature with its purpose.

FeaturePurpose
1. Copilot AnalyticsA. Build custom business assistants
2. Custom AgentsB. Measure adoption and usage
3. Prompt ManagementC. Save and reuse prompts

Correct Matching

  • 1 → B
  • 2 → A
  • 3 → C

Question 17 (Multiple Answer)

Which TWO actions can administrators perform in Copilot prompt management?

A. Save prompts
B. Share prompts
C. Encrypt Azure VMs
D. Delete prompts
E. Disable Microsoft Graph

Correct Answers

A
B

Explanation

Prompt management allows users to save and share prompts for reuse and productivity. Deletion may be available depending on configuration, but encryption and Graph changes are unrelated.

Question 18 (Scenario-Based Single Answer)

An organization wants to understand whether employees are using Copilot effectively and frequently returning to it after initial adoption.

Which tool should they use?

A. Microsoft Entra ID logs
B. Copilot Analytics
C. Azure Monitor
D. Microsoft Defender for Cloud

Correct Answer: B

Explanation

Copilot Analytics provides adoption, engagement, and retention metrics for Microsoft 365 Copilot usage.

Question 19 (Single Answer)

Which of the following best describes a custom agent in Microsoft 365 Copilot?

A. A tool that replaces Microsoft Teams
B. A browser extension for Edge
C. A specialized assistant built for organizational tasks and data sources
D. A security policy enforcement engine

Correct Answer: C

Explanation

Custom agents extend Copilot by providing tailored assistance based on organizational data, workflows, and knowledge sources.

Question 20 (Scenario-Based Multiple Answer)

An organization is preparing to deploy Microsoft 365 Copilot and wants to reduce data exposure risks in SharePoint.

Which TWO actions should the administrator take?

A. Run SharePoint Data Access Governance Reports
B. Enable Restricted Site Access
C. Disable Microsoft Entra ID
D. Remove Microsoft Purview policies
E. Turn off Microsoft Teams

Choose TWO answers.

Correct Answers

A
B

Explanation

To reduce oversharing risk:

  • Governance Reports identify risky sites
  • Restricted Site Access limits Copilot and search access to sensitive sites

Disabling identity or collaboration services is not appropriate.

Question 21 (Scenario-Based Single Answer)

A company wants to deploy Microsoft 365 Copilot but only pay for usage instead of assigning full user licenses.

Which billing model should they consider?

A. Pay-as-you-go
B. Per-device licensing
C. Free trial licensing only
D. Windows Enterprise licensing

Correct Answer: A

Explanation

Pay-as-you-go allows organizations to be billed based on usage rather than assigning full Copilot licenses to every user.

Other options are not valid Copilot billing models.

Question 22 (Single Answer)

Which requirement must be met before a user can be assigned a Microsoft 365 Copilot license?

A. They must be a SharePoint administrator
B. They must have an eligible Microsoft 365 base license
C. They must install Microsoft Edge extensions
D. They must disable Multi-Factor Authentication

Correct Answer: B

Explanation

Copilot requires a qualifying Microsoft 365 subscription (such as E3 or E5) before a Copilot license can be assigned.

Question 23 (Scenario-Based Multiple Answer)

An organization wants to monitor the health, usage, and lifecycle of agents deployed in Microsoft 365.

Which TWO admin centers should they use?

A. Microsoft 365 admin center
B. Microsoft Power Platform admin center
C. Azure DevOps admin center
D. Microsoft Word desktop app
E. Windows Control Panel

Choose TWO answers.

Correct Answers

A
B

Explanation

  • Microsoft 365 admin center provides tenant-level monitoring and management of Copilot and agents.
  • Power Platform admin center provides insights into agent lifecycle, usage, and governance for built agents.

Question 24 (Single Answer)

Which Copilot feature is designed to perform in-depth research across enterprise and web sources to produce structured insights?

A. Analyst
B. Designer
C. Outlook Copilot
D. Windows Recall

Correct Answer: A

Explanation

The Analyst agent is designed for advanced data analysis and structured insights.

Question 25 (Fill in the Blank)

Microsoft 365 Copilot agents are managed throughout their __________ lifecycle.

A. hardware
B. billing
C. application
D. email

Correct Answer: C

Explanation

Agents follow an application lifecycle: creation, deployment, monitoring, updating, and retirement.

Question 26 (Matching)

Match each Copilot capability with its description.

CapabilityDescription
1. ResearcherA. Builds structured insights from data analysis
2. AnalystB. Performs deep research across enterprise data
3. Pay-as-you-goC. Usage-based billing model

Correct Matching

  • 1 → B
  • 2 → A
  • 3 → C

Question 27 (Scenario-Based Single Answer)

A company wants to allow employees to use Copilot without assigning full licenses to everyone, but still wants to track usage costs.

What should they configure?

A. Microsoft Entra Domain Services
B. Pay-as-you-go billing for Copilot
C. Windows Autopilot
D. Microsoft Defender ATP

Correct Answer: B

Explanation

Pay-as-you-go enables usage-based billing, allowing organizations to track and control costs without assigning full licenses to all users.

Question 28 (Multiple Answer)

Which THREE actions are part of managing Microsoft 365 Copilot agents?

A. Monitor usage analytics
B. Manage lifecycle stages
C. Assign physical hardware
D. Control access permissions
E. Delete Microsoft Graph

Correct Answers

A
B
D

Explanation

Agent management includes:

  • Monitoring usage
  • Managing lifecycle (create, publish, update, retire)
  • Controlling access permissions

Hardware management and Graph deletion are unrelated.

Question 29 (Scenario-Based Single Answer)

An administrator wants to review which employees are actively using Copilot and how often they interact with it across departments.

Which tool provides this visibility?

A. Microsoft Intune
B. Copilot Analytics
C. Azure Key Vault
D. Microsoft Defender Firewall

Correct Answer: B

Explanation

Copilot Analytics provides adoption, usage frequency, and engagement metrics across departments and users.

Question 30 (Single Answer)

Which statement best describes Microsoft 365 Copilot agents?

A. They replace Microsoft Entra ID authentication
B. They are hardware devices installed on user machines
C. They extend Copilot with task-specific and organizational knowledge capabilities
D. They are only used for security monitoring

Correct Answer: C

Explanation

Copilot agents extend Copilot functionality by providing specialized, task-oriented capabilities based on organizational data and workflows.

Go to the AB-900 Exam Prep Hub main page

AB-900, Microsoft Certification

AB-900 Practice Exam #2

AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Practice Exam

This practice exam is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.

Question 1 (Single Answer)

A company plans to deploy Microsoft 365 Copilot to 300 employees. Before deployment, administrators want to reduce the possibility that Copilot will surface documents that were unintentionally shared with a broad audience.

Which action should administrators perform FIRST?

A. Increase mailbox storage quotas.

B. Run SharePoint Advanced Management reports to identify oversharing.

C. Assign Copilot licenses to all users.

D. Enable Microsoft Defender for Endpoint.

Correct Answer

B

Explanation

SharePoint Advanced Management provides reports that identify overshared sites and content. Reviewing and correcting permissions before deployment reduces the risk of Copilot surfacing sensitive information to users who already have access.

  • A is unrelated.
  • C deploys Copilot before addressing governance concerns.
  • D improves endpoint security but does not address oversharing.

Question 2 (Multiple Response)

Which THREE Microsoft 365 services commonly provide organizational data that Microsoft 365 Copilot can use through Microsoft Graph?

(Choose three.)

A. SharePoint Online

B. Exchange Online

C. Microsoft Teams

D. Azure Kubernetes Service

Correct Answers

A, B, and C

Explanation

Microsoft Graph connects Microsoft 365 services, including:

  • SharePoint Online
  • Exchange Online
  • Microsoft Teams
  • Outlook
  • OneDrive
  • Calendar

Azure Kubernetes Service is an Azure infrastructure service and is not a Microsoft 365 productivity workload used as a primary grounding source.

Question 3 (Scenario)

A compliance administrator wants to investigate whether users have recently used Microsoft 365 Copilot to access files containing credit card numbers.

Which Microsoft Purview capability is MOST appropriate?

A. Activity Explorer

B. Microsoft Defender XDR

C. Microsoft Intune

D. Azure Monitor

Correct Answer

A

Explanation

Activity Explorer helps administrators investigate user activities involving sensitive information, including Copilot interactions when supported by Microsoft Purview auditing and compliance features.

The remaining services focus on endpoint management, security operations, or Azure monitoring.

Question 4 (Best Answer)

An organization wants to find every document and email related to “Project Orion” across Exchange Online, SharePoint Online, and OneDrive.

Which Microsoft Purview feature should be used?

A. Data Loss Prevention

B. Activity Explorer

C. Content Search (eDiscovery)

D. Communication Compliance

Correct Answer

C

Explanation

Content Search enables administrators to search across Microsoft 365 workloads for emails, files, Teams messages, and other supported content.

Activity Explorer monitors activities rather than searching stored content.

Question 5 (Matching)

Match each administrative tool with its primary purpose.

ToolPurpose
1. Copilot AnalyticsA. Discover AI-related risks
2. DSPM for AIB. Measure Copilot adoption
3. Microsoft 365 Admin CenterC. Assign licenses and manage users

Choose the correct answer.

A.

1-B

2-A

3-C

B.

1-A

2-C

3-B

C.

1-C

2-B

3-A

D.

1-B

2-C

3-A

Correct Answer

A

Explanation

  • Copilot Analytics measures adoption and usage.
  • DSPM for AI identifies AI-related security and governance risks.
  • Microsoft 365 Admin Center manages users, licenses, and Microsoft 365 services.

Question 6 (Scenario)

An organization wants a conversational assistant that answers only Human Resources questions using approved HR documentation.

Which solution best satisfies this requirement?

A. Microsoft Purview eDiscovery

B. Exchange Online

C. Custom agent

D. Microsoft Defender for Cloud Apps

Correct Answer

C

Explanation

A custom agent can be configured with:

  • Specific instructions
  • Approved knowledge sources
  • Department-specific behaviors
  • Controlled user access

This makes it ideal for HR, Finance, Legal, or IT support scenarios.

Question 7 (Multiple Response)

Which TWO statements correctly describe Microsoft 365 Copilot licensing?

(Choose two.)

A. Copilot licenses are assigned to individual users.

B. Some Copilot services support pay-as-you-go billing.

C. Every Copilot capability requires monthly licensing.

D. Copilot licensing automatically grants Global Administrator permissions.

Correct Answers

A and B

Explanation

Microsoft supports:

  • Per-user licensing for Microsoft 365 Copilot.
  • Consumption-based (pay-as-you-go) billing for certain Copilot experiences and services.

Licensing never grants administrative permissions.

Question 8 (Scenario)

An administrator wants to understand how frequently employees are using Copilot in Word, Excel, Outlook, and Teams.

Which tool provides this information?

A. Microsoft Defender Portal

B. Copilot Analytics

C. Exchange Admin Center

D. Microsoft Intune

Correct Answer

B

Explanation

Copilot Analytics provides reporting on:

  • Active users
  • Adoption trends
  • Usage by application
  • Organizational engagement
  • Return on investment insights

Question 9 (Fill in the Blank)

Microsoft 365 Copilot retrieves organizational context through the __________ while respecting existing security permissions.

A. Azure Virtual Network

B. Windows Registry

C. Microsoft Graph

D. SQL Server Agent

Correct Answer

C

Explanation

Microsoft Graph securely connects Microsoft 365 applications and organizational data. Copilot uses Microsoft Graph to retrieve business context while honoring existing permissions.

Question 10 (Scenario-Based Case Study)

A company has completed a pilot deployment of Microsoft 365 Copilot. Administrators notice that some employees rarely use Copilot while others use it daily.

Management asks the IT department to identify:

  • adoption trends,
  • frequently used Microsoft 365 applications,
  • active users,
  • opportunities to improve adoption.

Which solution BEST meets these requirements?

A. Microsoft Purview Audit

B. Microsoft Defender XDR

C. Microsoft Entra ID

D. Copilot Analytics

Correct Answer

D

Explanation

Copilot Analytics is specifically designed to provide insights into:

  • Adoption rates
  • User engagement
  • Application usage
  • Organizational trends
  • Opportunities to increase Copilot adoption

The other services are designed for auditing, security, or identity management rather than adoption reporting.

Question 11 (Single Answer)

A Microsoft 365 administrator wants to determine whether users are actively using Microsoft 365 Copilot after licenses have been assigned.

Which tool provides adoption and usage metrics specifically for Copilot?

A. Microsoft Entra admin center

B. Copilot Analytics

C. Azure Monitor

D. Microsoft Defender XDR

Correct Answer: B

Explanation

Copilot Analytics provides adoption metrics, usage trends, active users, feature usage, and business insights for Microsoft 365 Copilot.

  • A is incorrect because Entra manages identities.
  • C monitors Azure resources.
  • D focuses on security incidents.

Question 12 (Multiple Answer)

A company wants to reduce oversharing before deploying Microsoft 365 Copilot.

Which TWO tools specifically help identify oversharing?

A. SharePoint Data Access Governance Reports

B. SharePoint Advanced Management

C. Microsoft Word Editor

D. Microsoft Purview DSPM for AI

E. Windows Event Viewer

Choose TWO answers.

Correct Answers:

A

D

Explanation

Data Access Governance Reports identify sites with excessive permissions, while DSPM for AI identifies AI-related exposure risks and recommends remediation.

  • B helps administer SharePoint but isn’t specifically an oversharing discovery tool by itself.
  • C and E are unrelated.

Question 13 (Scenario)

A legal department needs to locate every email discussing a confidential acquisition during the last six months.

Which Microsoft Purview feature should the administrator use?

A. Insider Risk Management

B. Communication Compliance

C. Content Search

D. Data Loss Prevention

Correct Answer: C

Explanation

Content Search allows administrators to search Exchange mailboxes, SharePoint, OneDrive, and Teams content for investigations and legal discovery.

The other solutions perform different governance functions.

Question 14 (Fill in the Blank)

Complete the sentence.

Microsoft 365 Copilot only returns information that a user is already __________ to access.

A. configured

B. licensed

C. authorized

D. synchronized

Correct Answer: C

Explanation

Copilot honors existing Microsoft 365 permissions. Users only receive information they are already authorized to access.

Question 15 (Match the Answers)

Match each Microsoft 365 service with its primary purpose.

ServicePurpose
1. Microsoft Entra IDA. Data governance and compliance
2. Microsoft PurviewB. Identity and authentication
3. Microsoft DefenderC. Threat protection

Correct Matching

  • 1 → B
  • 2 → A
  • 3 → C

Explanation

  • Microsoft Entra manages identities.
  • Microsoft Purview manages governance and compliance.
  • Microsoft Defender protects against threats.

Question 16 (Single Answer)

Which administrator is most likely responsible for configuring Microsoft 365 Copilot licenses?

A. SharePoint Site Owner

B. Exchange User

C. Global Administrator

D. Power BI Viewer

Correct Answer: C

Explanation

Global Administrators (or other appropriately delegated licensing administrators) can assign Copilot licenses.

The remaining roles cannot generally assign organization-wide licenses.

Question 17 (Scenario)

A company wants to monitor which departments are adopting Copilot most rapidly.

Which report would best meet this requirement?

A. Azure Cost Management

B. Copilot Analytics Adoption Report

C. Windows Performance Monitor

D. Exchange Queue Report

Correct Answer: B

Explanation

Copilot Analytics includes organizational adoption trends broken down by departments and user groups.

The other reports are unrelated.

Question 18 (Multiple Answer)

Which actions can administrators perform when managing Microsoft 365 Copilot prompts?

A. Save prompts

B. Share prompts

C. Schedule prompts

D. Permanently modify Microsoft Graph

E. Delete prompts

Choose THREE answers.

Correct Answers

A

B

E

Explanation

Users can:

  • Save prompts
  • Share prompts
  • Delete prompts

While Microsoft continues to expand prompt management capabilities, scheduling depends on the experience and scenario and is not a universal prompt-management capability tested at the AB-900 level.

Modifying Microsoft Graph is unrelated.

Question 19 (Scenario)

An organization wants sensitive SharePoint sites to be inaccessible to Microsoft 365 Copilot until additional review has been completed.

Which SharePoint Advanced Management capability supports this goal?

A. Restricted Site Access

B. Anonymous Sharing

C. Site Templates

D. Version History

Correct Answer: A

Explanation

Restricted Site Access allows administrators to temporarily exclude selected SharePoint sites from organizational search and Copilot experiences while permissions or content are reviewed.

Question 20 (Single Answer)

Which statement correctly describes custom agents?

A. They permanently replace Microsoft 365 Copilot.

B. They only answer questions using internet data.

C. They are designed to automate and assist with organization-specific business scenarios.

D. They require every user to have Global Administrator permissions.

Correct Answer: C

Explanation

Custom agents extend Copilot by providing specialized knowledge, workflows, and automation tailored to an organization’s processes.

  • They do not replace Copilot.
  • They are not limited to internet data.
  • Users do not need Global Administrator permissions to use them.

Question 21 (Scenario-Based Single Answer)

A company plans to deploy Microsoft 365 Copilot to its Finance department. Before enabling Copilot, administrators want to identify SharePoint sites that contain excessive permissions which could expose confidential financial data.

Which Microsoft capability should they use first?

A. Microsoft Defender XDR

B. SharePoint Data Access Governance Reports

C. Microsoft Intune

D. Exchange Online Message Trace

Correct Answer: B

Explanation

Data Access Governance Reports help administrators identify overshared SharePoint sites by analyzing permissions, external sharing, and potentially excessive access. This allows organizations to remediate permissions before enabling Microsoft 365 Copilot.

  • A focuses on threat detection.
  • C manages devices.
  • D tracks email delivery.

Question 22 (Multiple Answer)

Which THREE statements correctly describe Microsoft Purview Data Security Posture Management (DSPM) for AI?

A. It identifies AI-related data exposure risks.

B. It helps discover AI activity across Microsoft 365.

C. It replaces Microsoft Defender Antivirus.

D. It provides recommendations to reduce AI-related risks.

E. It creates Microsoft 365 licenses.

Choose THREE answers.

Correct Answers

A

B

D

Explanation

DSPM for AI helps organizations:

  • Discover AI usage.
  • Identify AI-related security risks.
  • Recommend remediation actions.

It does not replace endpoint protection or manage licensing.

Question 23 (Single Answer)

Which Microsoft 365 administrator role typically has the permissions required to manage Microsoft 365 Copilot settings across the tenant?

A. SharePoint Visitor

B. Billing Reader

C. Global Administrator

D. Teams Meeting Organizer

Correct Answer: C

Explanation

Global Administrators have broad permissions to configure Microsoft 365 services, including Microsoft 365 Copilot administration.

The remaining roles have much more limited permissions.

Question 24 (Scenario-Based Single Answer)

An administrator wants to review the number of active Copilot users, adoption trends, and feature usage across the organization.

Which tool should they use?

A. Microsoft Entra Admin Center

B. Azure Monitor

C. Microsoft Defender Portal

D. Copilot Analytics

Correct Answer: D

Explanation

Copilot Analytics provides insights into:

  • Adoption
  • Active users
  • Feature usage
  • Organizational trends
  • Business value indicators

The other tools serve different purposes.

Question 25 (Match the Answers)

Match each Microsoft technology with its primary purpose.

TechnologyPurpose
1. Microsoft Purview Content SearchA. Discover content during investigations
2. SharePoint Advanced ManagementB. Reduce oversharing risks
3. Copilot AnalyticsC. Measure Copilot adoption

Correct Matching

  • 1 → A
  • 2 → B
  • 3 → C

Explanation

Each solution addresses a different administrative responsibility:

  • Content Search supports investigations.
  • SharePoint Advanced Management helps reduce oversharing.
  • Copilot Analytics measures adoption.

Question 26 (Scenario-Based Multiple Answer)

A company plans to publish a custom agent for Human Resources.

Which TWO activities should occur before broad deployment?

A. Verify organizational approval requirements.

B. Validate the agent’s knowledge sources.

C. Disable Microsoft Entra ID.

D. Remove Microsoft Purview compliance policies.

E. Delete SharePoint permissions.

Choose TWO answers.

Correct Answers

A

B

Explanation

Before deployment, administrators should:

  • Complete any approval process.
  • Verify that the agent uses accurate and authorized knowledge sources.

The remaining options reduce security or are unrelated.

Question 27 (Fill in the Blank)

Microsoft 365 Copilot respects existing __________ when retrieving organizational information.

A. passwords

B. licenses

C. permissions

D. storage quotas

Correct Answer: C

Explanation

Copilot never bypasses Microsoft 365 permissions. Users only receive information they already have permission to access.

Question 28 (Scenario-Based Single Answer)

An organization wants to create an AI assistant that answers internal Human Resources questions using approved HR documentation.

Which solution best meets this requirement?

A. Create a custom agent

B. Enable Windows Copilot

C. Deploy Microsoft Defender

D. Configure Microsoft Intune

Correct Answer: A

Explanation

A custom agent can be built using approved HR documents as its knowledge source, allowing employees to receive accurate answers tailored to organizational policies.

The remaining options do not provide organization-specific conversational AI.

Question 29 (Multiple Answer)

Which THREE activities can administrators perform while monitoring Microsoft 365 agents?

A. Review usage statistics.

B. Monitor operational insights.

C. Track the agent lifecycle.

D. Install Windows updates.

E. Replace Microsoft Graph.

Choose THREE answers.

Correct Answers

A

B

C

Explanation

Administrators can monitor:

  • Usage
  • Operational health
  • Lifecycle status

These capabilities are available through the Microsoft 365 admin center and, for applicable agents, the Microsoft Power Platform admin center.

Windows updates and Microsoft Graph replacement are unrelated.

Question 30 (Scenario-Based Single Answer)

A company has completed a pilot deployment of Microsoft 365 Copilot. Management asks the administrator to determine whether employee adoption is increasing and whether users are regularly interacting with Copilot.

Which solution provides the most appropriate information?

A. Microsoft Defender Secure Score

B. Azure Cost Management

C. Exchange Online Mail Flow Reports

D. Copilot Analytics

Correct Answer: D

Explanation

Copilot Analytics is specifically designed to measure:

  • User adoption
  • Active users
  • Usage frequency
  • Feature utilization
  • Organizational trends

The other reporting tools focus on security, cloud spending, or email traffic rather than Copilot adoption.

Go to the AB-900 Exam Prep Hub main page

AB-900, Microsoft Certification

AB-900 Practice Exam #1

AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Practice Exam

This practice exam is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.

Question 1 (Single Answer)

A company is preparing to deploy Microsoft 365 Copilot. The IT administrator wants to ensure Copilot can generate responses using organizational documents stored in Microsoft 365 while still respecting existing security permissions.

Which statement is correct?

A. Copilot ignores Microsoft 365 permissions and searches all tenant data.

B. Copilot only accesses documents that have sensitivity labels.

C. Copilot only returns information the signed-in user already has permission to access.

D. Copilot automatically grants temporary access to files needed to answer prompts.

Correct Answer

C

Explanation

Microsoft 365 Copilot honors existing Microsoft 365 security, identity, and permission models. Users only receive information they are already authorized to access.

  • A is incorrect because Copilot never bypasses permissions.
  • B is incorrect because permissions—not sensitivity labels alone—determine access.
  • D is incorrect because Copilot does not modify permissions.

Question 2 (Multiple Answer)

Which TWO Microsoft 365 services commonly provide grounding data for Microsoft 365 Copilot?

(Choose two.)

A. SharePoint Online

B. Exchange Online

C. Azure DevOps

D. Windows Registry

Correct Answers

A and B

Explanation

Microsoft 365 Copilot retrieves business context from Microsoft Graph, which includes services such as:

  • SharePoint Online
  • Exchange Online
  • Teams
  • OneDrive
  • Outlook
  • Calendar

Azure DevOps is not a core Microsoft 365 workload for Copilot grounding, and the Windows Registry is unrelated.

Question 3 (Scenario)

A compliance administrator wants to determine whether employees are using Copilot to summarize documents that contain sensitive information.

Which Microsoft Purview feature provides visibility into these AI interactions?

A. eDiscovery Content Search

B. Data Loss Prevention

C. Activity Explorer

D. SharePoint Version History

Correct Answer

C

Explanation

Microsoft Purview Activity Explorer displays user activities involving sensitive information, including activities related to Microsoft 365 Copilot and AI usage.

  • eDiscovery searches stored content.
  • DLP protects sensitive information.
  • Version History tracks document revisions.

Question 4 (Fill in the Blank)

Complete the following sentence.

Microsoft 365 Copilot retrieves organizational context primarily through the __________.

A. Azure Resource Manager

B. Microsoft Graph

C. Microsoft Defender Portal

D. Azure Key Vault

Correct Answer

B

Explanation

Microsoft Graph securely connects Microsoft 365 workloads and provides Copilot with organizational context while respecting user permissions.

Question 5 (Matching)

Match each Microsoft Purview capability with its primary purpose.

CapabilityPurpose
1. Activity ExplorerA. Investigate files and emails
2. Content SearchB. Monitor sensitive activities
3. DSPM for AIC. Identify AI-related risks

Choose the correct mapping.

A.
1-B
2-A
3-C

B.
1-C
2-B
3-A

C.
1-A
2-C
3-B

D.
1-B
2-C
3-A

Correct Answer

A

Explanation

  • Activity Explorer monitors user activities.
  • Content Search locates emails and files.
  • DSPM for AI identifies AI-related security and data risks.

Question 6 (Scenario)

An organization recently enabled Microsoft 365 Copilot. Leadership is concerned that employees may unintentionally expose confidential documents because SharePoint permissions were configured too broadly years ago.

Which Microsoft solution is specifically designed to identify oversharing risks?

A. Exchange Admin Center

B. Azure Cost Management

C. Microsoft Teams Admin Center

D. SharePoint Advanced Management

Correct Answer

D

Explanation

SharePoint Advanced Management provides reports and tools that help identify overshared content and manage site permissions before or after deploying Copilot.

The other options do not analyze SharePoint oversharing.

Question 7 (Multiple Answer)

Which TWO statements about Microsoft 365 Copilot licensing are true?

(Choose two.)

A. Copilot can be licensed through a per-user monthly subscription.

B. Some Copilot capabilities also support pay-as-you-go billing.

C. Every Copilot feature requires a pay-as-you-go model.

D. SharePoint agents cannot use pay-as-you-go billing.

Correct Answers

A and B

Explanation

Microsoft supports both:

  • Per-user monthly licensing
  • Pay-as-you-go consumption for certain Copilot experiences, including some SharePoint-related capabilities

The remaining statements are incorrect.

Question 8 (Best Answer)

Which administrative portal is primarily used to assign Microsoft 365 Copilot licenses?

A. Microsoft Entra Admin Center

B. Microsoft 365 Admin Center

C. Azure Portal

D. Microsoft Purview Portal

Correct Answer

B

Explanation

Administrators assign Microsoft 365 Copilot licenses through the Microsoft 365 Admin Center under Users > Active Users > Licenses and Apps.

Although Microsoft Entra manages identities, license assignment is typically performed in the Microsoft 365 Admin Center.

Question 9 (Scenario)

A company wants an AI assistant that answers HR questions using only company HR policies and employee handbooks.

Which solution best fits this requirement?

A. Microsoft Defender

B. Microsoft Purview eDiscovery

C. A custom Copilot agent

D. SharePoint Document Library

Correct Answer

C

Explanation

Custom agents can be configured with specialized knowledge sources and instructions, making them ideal for department-specific assistants such as HR, Finance, or IT Help Desk.

The other options are not conversational AI assistants.

Question 10 (Ordering)

A Microsoft 365 administrator wants to investigate a possible data exposure involving Copilot.

Arrange the following actions in the most logical order.

  1. Review Activity Explorer.
  2. Identify unusual AI-related activity.
  3. Review permissions on affected SharePoint sites.
  4. Apply appropriate permission corrections.

A.
1 → 2 → 3 → 4

B.
2 → 1 → 4 → 3

C.
3 → 2 → 1 → 4

D.
1 → 3 → 2 → 4

Correct Answer

A

Explanation

A logical investigation sequence is:

  1. Open Activity Explorer.
  2. Identify suspicious or unusual AI activity.
  3. Review the permissions on the affected content.
  4. Correct any oversharing or permission issues.

This workflow reflects recommended practices when investigating potential oversharing risks in Microsoft 365.

Question 11 (Single Answer)

An administrator wants to locate all emails and SharePoint documents that contain a specific project name as part of an internal investigation.

Which Microsoft Purview feature should the administrator use?

A. Activity Explorer

B. Content Search (eDiscovery)

C. Data Loss Prevention

D. Microsoft Defender XDR

Correct Answer

B

Explanation

Content Search in Microsoft Purview eDiscovery allows administrators to search across Exchange Online mailboxes, SharePoint Online sites, OneDrive accounts, and Microsoft Teams content.

  • A monitors activities but does not perform comprehensive content searches.
  • C prevents data leakage rather than locating historical content.
  • D focuses on security threats rather than content discovery.

Question 12 (Multiple Answer)

Which TWO capabilities are provided by Microsoft Purview Data Security Posture Management (DSPM) for AI?

(Choose two.)

A. Discover AI applications used within the organization

B. Identify AI-related data exposure risks

C. Automatically assign Microsoft 365 licenses

D. Replace Microsoft Entra ID authentication

Correct Answers

A and B

Explanation

DSPM for AI helps organizations:

  • Discover AI applications and services.
  • Identify AI-related security and governance risks.
  • Assess sensitive data exposure.
  • Improve AI governance.

It does not manage licensing or identity services.

Question 13 (Scenario)

A company recently enabled Microsoft 365 Copilot. Management wants to know how frequently employees are using Copilot and which Microsoft 365 applications have the highest adoption.

Which solution should the administrator use?

A. Microsoft Purview Audit

B. Microsoft Entra ID

C. Copilot Analytics

D. SharePoint Admin Center

Correct Answer

C

Explanation

Copilot Analytics provides insights into:

  • Adoption trends
  • Active users
  • Usage by Microsoft 365 application
  • Organizational engagement

The other tools serve different purposes.

Question 14 (Best Answer)

An administrator discovers that a SharePoint site grants access to “Everyone except external users.”

Why could this present a risk after deploying Microsoft 365 Copilot?

A. Copilot automatically republishes files externally.

B. Copilot may surface documents to any employee who already has access.

C. Copilot encrypts every document.

D. Copilot deletes inherited permissions.

Correct Answer

B

Explanation

Copilot honors existing permissions. If a large audience already has access to documents, Copilot may surface those documents during conversations, increasing the visibility of overshared information.

Question 15 (Matching)

Match each administrative portal to its primary responsibility.

PortalResponsibility
1. Microsoft 365 Admin CenterA. Data governance and compliance
2. Microsoft Purview PortalB. User licensing and Microsoft 365 administration
3. Power Platform Admin CenterC. Manage agents and Power Platform environments

Choose the correct answer.

A.
1-C
2-B
3-A

B.
1-B
2-C
3-A

C.
1-B
2-A
3-C

D.
1-A
2-C
3-B

Correct Answer

C

Explanation

  • Microsoft 365 Admin Center manages users, licenses, and Microsoft 365 services.
  • Microsoft Purview manages compliance, governance, and data protection.
  • Power Platform Admin Center manages Power Platform environments and many custom agents.

Question 16 (Scenario)

A business unit wants to deploy a custom agent for employees.

Before the agent becomes broadly available, the organization requires managerial review and approval.

What is the primary purpose of the approval process?

A. Improve network performance

B. Reduce Azure costs

C. Automatically create SharePoint sites

D. Ensure the agent meets organizational governance and compliance requirements

Correct Answer

D

Explanation

Approval workflows help ensure that agents:

  • Meet security standards.
  • Follow governance policies.
  • Use approved data sources.
  • Comply with organizational requirements.

Question 17 (Multiple Answer)

Which TWO actions can administrators commonly perform for Microsoft 365 Copilot in the Microsoft 365 Admin Center?

(Choose two.)

A. Assign Copilot licenses

B. Review Copilot usage reports

C. Design Power BI semantic models

D. Configure Windows Firewall policies

Correct Answers

A and B

Explanation

The Microsoft 365 Admin Center enables administrators to:

  • Assign licenses.
  • View adoption reports.
  • Manage service settings.
  • Monitor Copilot usage.

Power BI modeling and Windows Firewall management occur elsewhere.

Question 18 (Fill in the Blank)

Microsoft 365 Copilot respects existing __________ when retrieving organizational content.

A. Azure subscriptions

B. SharePoint branding

C. Microsoft 365 permissions

D. Windows registry settings

Correct Answer

C

Explanation

Copilot only retrieves information users are already authorized to access through Microsoft 365 permissions.

It never bypasses existing security controls.

Question 19 (Scenario)

An administrator wants to identify which custom agents are actively being used, how frequently they are accessed, and whether some should be retired.

Which combination of administrative capabilities best supports this objective?

A. Review operational insights and lifecycle information in the Microsoft 365 Admin Center and Power Platform Admin Center.

B. Configure Microsoft Defender Antivirus.

C. Run Windows Event Viewer.

D. Review Exchange transport rules.

Correct Answer

A

Explanation

Administrators can monitor:

  • Agent usage
  • Operational health
  • Adoption
  • Lifecycle status
  • Publishing status

through the Microsoft 365 Admin Center and Power Platform Admin Center.

The remaining options are unrelated.

Question 20 (Case Study)

A financial services organization has enabled Microsoft 365 Copilot for 500 employees.

After deployment, administrators discover that several sensitive documents appear in Copilot responses more often than expected. Investigation reveals that the documents reside in a SharePoint site with broad internal permissions.

Which sequence of actions represents the BEST response?

A.

  1. Delete Microsoft 365 Copilot.
  2. Restore SharePoint.
  3. Recreate documents.
  4. Reassign licenses.

B.

  1. Disable Microsoft Graph.
  2. Create a new tenant.
  3. Restore OneDrive.
  4. Reinstall Microsoft 365.

C.

  1. Increase Copilot licenses.
  2. Publish more SharePoint sites.
  3. Enable guest access.
  4. Run Copilot Analytics.

D.

  1. Review SharePoint permissions.
  2. Use SharePoint Advanced Management reports to identify oversharing.
  3. Restrict access where appropriate.
  4. Continue monitoring through Microsoft Purview and Copilot Analytics.

Correct Answer

D

Explanation

This follows Microsoft’s recommended governance approach:

  • Review permissions.
  • Identify oversharing.
  • Correct access controls.
  • Continue monitoring with governance and analytics tools.

Deleting Copilot or rebuilding the tenant would not solve the underlying permissions issue.

Question 21 (Single Answer)

A company wants to provide Microsoft 365 Copilot only to employees in the Finance department during a pilot deployment.

What is the simplest way to accomplish this?

A. Assign Microsoft 365 Copilot licenses only to Finance users.

B. Disable Microsoft Graph for all other users.

C. Create a separate Microsoft 365 tenant.

D. Disable SharePoint Online for everyone except Finance.

Correct Answer

A

Explanation

Assigning Copilot licenses only to Finance users is the recommended and simplest method for piloting Microsoft 365 Copilot. No additional tenant or service changes are required.

Question 22 (Multiple Answer)

Which TWO administrative tasks can be performed for Microsoft 365 Copilot using the Microsoft 365 Admin Center?

(Choose two.)

A. Assign Copilot licenses.

B. View Copilot adoption and usage reports.

C. Configure Microsoft Defender Antivirus policies.

D. Create Microsoft Fabric workspaces.

Correct Answers

A and B

Explanation

The Microsoft 365 Admin Center enables administrators to:

  • Assign and remove licenses.
  • Monitor Copilot adoption and usage.
  • Manage users and Microsoft 365 services.

Defender and Microsoft Fabric are managed in separate administration portals.

Question 23 (Scenario)

An organization wants to understand why Microsoft 365 Copilot is surfacing sensitive documents during conversations.

Which issue is MOST likely responsible?

A. Copilot is bypassing Microsoft Entra ID.

B. Copilot has been granted Global Administrator permissions.

C. Existing SharePoint permissions allow users to access those documents.

D. Microsoft Graph automatically expands user permissions.

Correct Answer

C

Explanation

Copilot never bypasses existing security. If users can already access sensitive documents because of broad SharePoint permissions, Copilot can include those documents in responses.

Question 24 (Best Answer)

Which Microsoft Purview capability helps administrators understand AI-related risks across organizational data?

A. SharePoint Version History

B. Data Security Posture Management (DSPM) for AI

C. Microsoft Planner

D. Exchange Mail Flow Rules

Correct Answer

B

Explanation

DSPM for AI helps organizations:

  • Discover AI usage.
  • Identify sensitive data exposure.
  • Assess AI-related risks.
  • Improve governance.

The other options do not provide AI governance capabilities.

Question 25 (Matching)

Match each feature with its primary purpose.

FeaturePurpose
1. Copilot AnalyticsA. Monitor adoption and usage
2. Activity ExplorerB. Review user activities involving sensitive data
3. SharePoint Advanced ManagementC. Identify oversharing risks

Choose the correct mapping.

A.

1-A

2-B

3-C

B.

1-C

2-A

3-B

C.

1-B

2-C

3-A

D.

1-A

2-C

3-B

Correct Answer

A

Explanation

  • Copilot Analytics monitors adoption and usage.
  • Activity Explorer tracks sensitive data activities.
  • SharePoint Advanced Management identifies oversharing risks.

Question 26 (Scenario)

A newly created custom agent is available only to its creator.

The administrator wants everyone in the Human Resources department to use the agent.

What should the administrator do?

A. Delete and recreate the agent.

B. Assign the appropriate user access permissions to the HR users or group.

C. Purchase additional Microsoft 365 licenses.

D. Enable Microsoft Defender for Office 365.

Correct Answer

B

Explanation

Administrators control which users or groups can access custom agents. Sharing or assigning permissions to the HR group makes the agent available to authorized users.

Question 27 (Multiple Answer)

Which TWO statements accurately describe Microsoft 365 Copilot prompts?

(Choose two.)

A. Users can save prompts for future use.

B. Users can share prompts with others when supported.

C. Prompts permanently modify SharePoint permissions.

D. Prompts automatically create new Microsoft 365 users.

Correct Answers

A and B

Explanation

Microsoft 365 Copilot allows users to:

  • Save prompts.
  • Reuse prompts.
  • Share prompts where supported.
  • Schedule certain prompts in supported experiences.

Prompts never modify permissions or user accounts.

Question 28 (Scenario)

A company wants to understand whether newly deployed agents are actively being used and whether some agents should be retired.

Which information should administrators review?

A. Windows Performance Monitor

B. Azure Resource Health

C. Operational insights and agent lifecycle information

D. Exchange mailbox quotas

Correct Answer

C

Explanation

Agent lifecycle information includes:

  • Usage
  • Adoption
  • Operational health
  • Publication status
  • Lifecycle stage

These metrics help determine whether agents continue to provide business value.

Question 29 (Fill in the Blank)

Microsoft 365 Copilot never grants users additional permissions because it always respects existing __________.

A. licensing assignments

B. Microsoft 365 security permissions

C. Power Platform environments

D. Exchange transport rules

Correct Answer

B

Explanation

One of the most important concepts for the AB-900 exam is that Microsoft 365 Copilot respects existing Microsoft 365 permissions. It does not elevate privileges or expose information users cannot already access.

Question 30 (Comprehensive Scenario)

A global organization plans to deploy Microsoft 365 Copilot to thousands of employees.

Before expanding deployment, administrators want to:

  • identify overshared SharePoint content,
  • monitor AI adoption,
  • investigate AI-related activities,
  • manage user licenses,
  • monitor custom agent usage.

Which combination of Microsoft tools BEST satisfies all of these requirements?

A.

  • Microsoft Defender
  • Azure Portal
  • Windows Admin Center

B.

  • Exchange Admin Center
  • Azure Cost Management
  • Microsoft Intune

C.

  • Microsoft Purview Activity Explorer
  • Microsoft 365 Admin Center
  • Copilot Analytics
  • SharePoint Advanced Management
  • Power Platform Admin Center

D.

  • Microsoft Planner
  • Power BI Desktop
  • Visual Studio Code

Correct Answer

C

Explanation

This combination provides complete administrative coverage:

  • Microsoft Purview Activity Explorer monitors AI-related activities involving sensitive information.
  • Microsoft 365 Admin Center manages users, licensing, and Microsoft 365 administration.
  • Copilot Analytics measures Copilot adoption and usage.
  • SharePoint Advanced Management identifies oversharing risks and governance issues.
  • Power Platform Admin Center manages many custom agents and their lifecycle.

The other options do not collectively address governance, administration, analytics, licensing, and agent management.

AB-900, Agentic AI, AI Governance, Microsoft Certification

Monitor agents, including usage, operational insights, and agent lifecycle, by working with the Microsoft 365 Admin Center and the Microsoft Power Platform Admin Center (AB-900 Exam Prep)

 
This post is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.
This topic falls under these sections:
Perform basic administrative tasks for Copilot and agents (25–30%)
   --> Perform basic administrative tasks for agents
      --> Monitor agents, including usage, operational insights, and agent lifecycle, by working with the Microsoft 365 Admin Center and the Microsoft Power Platform Admin Center

Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.

Introduction

As organizations deploy more Microsoft 365 Copilot agents, effective administration extends beyond simply creating and publishing them. Administrators must continuously monitor agent usage, operational health, adoption, security, and lifecycle to ensure that agents continue to provide business value while meeting organizational governance and compliance requirements.

Microsoft provides two primary administrative portals for monitoring and managing agents:

  • Microsoft 365 admin center
  • Microsoft Power Platform admin center

Each portal serves a different purpose. The Microsoft 365 admin center focuses on Microsoft 365 services, Copilot adoption, licensing, and organizational administration, while the Power Platform admin center focuses on environments, Copilot Studio, Power Platform resources, and operational management of custom agents.

For the AB-900 exam, you should understand which portal is used for which administrative tasks, the types of monitoring information available, and the basic lifecycle of an agent.

Why Monitoring Agents Is Important

Monitoring helps administrators answer questions such as:

  • Are users actually using the agent?
  • Is the agent providing business value?
  • Are there operational issues?
  • Is adoption increasing?
  • Are users encountering errors?
  • Should the agent be updated or retired?
  • Are governance policies being followed?

Without monitoring, organizations cannot determine whether their AI investments are successful.

Administrative Portals

Microsoft 365 Admin Center

The Microsoft 365 admin center provides organization-wide administration for Microsoft 365 services, including Copilot.

Administrators commonly use it to:

  • View Copilot adoption
  • Monitor Copilot usage
  • Assign licenses
  • Manage users
  • Manage billing
  • View service health
  • Review reports
  • Monitor tenant-wide administration

It provides a business-level view of how Microsoft 365 Copilot is being used across the organization.

Microsoft Power Platform Admin Center

The Power Platform admin center focuses on the operational management of Power Platform resources, including custom agents created with Copilot Studio.

Administrators use it to:

  • Manage environments
  • Monitor agent health
  • Manage Dataverse resources
  • Review capacity
  • Configure security
  • Manage connectors
  • Review operational information
  • Manage Power Platform policies

It provides technical administration for custom AI solutions.

Monitoring Agent Usage

Usage monitoring helps organizations understand adoption.

Common usage metrics include:

  • Number of users
  • Active users
  • Conversations
  • Sessions
  • Frequency of use
  • Popular agents
  • Usage trends over time

These metrics help determine whether users are benefiting from the deployed agents.

Usage Scenarios

An administrator might monitor:

  • Daily active users
  • Weekly adoption growth
  • Monthly conversation counts
  • Frequently used agents
  • Least-used agents

Low adoption may indicate:

  • Lack of awareness
  • Poor training
  • Limited usefulness
  • Difficult user experience

Operational Insights

Operational insights help administrators understand how agents are performing.

Examples include:

  • Agent availability
  • Service status
  • Response success
  • Failed requests
  • Processing errors
  • Environment health
  • Connector status
  • Workflow execution

Operational monitoring focuses on technical performance rather than business adoption.

Examples of Operational Issues

Administrators may investigate:

  • Failed API connections
  • Broken Power Automate flows
  • Authentication failures
  • Connector problems
  • Environment capacity limits
  • Dataverse issues

Identifying these issues early minimizes disruption for users.

Monitoring Agent Lifecycle

Every agent follows a lifecycle from creation to retirement.

Typical lifecycle stages include:

  1. Planning
  2. Design
  3. Development
  4. Testing
  5. Approval
  6. Publishing
  7. Monitoring
  8. Updating
  9. Republishing
  10. Retirement

Administrators monitor agents throughout this lifecycle.

Lifecycle Management Activities

During an agent’s lifecycle, administrators may:

  • Update instructions
  • Improve prompts
  • Add new knowledge sources
  • Remove outdated content
  • Modify connectors
  • Improve security
  • Publish new versions
  • Disable obsolete agents
  • Archive retired agents

Lifecycle management is an ongoing process rather than a one-time task.

Adoption Monitoring

One important responsibility is measuring adoption.

Organizations often monitor:

  • Licensed users
  • Active users
  • Usage growth
  • Conversation volume
  • Department adoption
  • Business impact

High adoption generally indicates that users find the agent valuable.

Performance Monitoring

Performance monitoring focuses on the quality of the user experience.

Administrators may evaluate:

  • Response times
  • Reliability
  • Availability
  • Error rates
  • Successful interactions
  • Failed interactions

Consistent performance builds user confidence in AI solutions.

Security Monitoring

Monitoring also includes security.

Administrators watch for:

  • Unauthorized access
  • Permission issues
  • Authentication failures
  • Suspicious activity
  • Compliance alerts
  • Data access concerns

Security monitoring helps ensure that agents continue to comply with organizational policies.

Governance Monitoring

Governance activities include monitoring:

  • Approved agents
  • Published agents
  • Ownership
  • Data sources
  • Permissions
  • Connector usage
  • Compliance policies

Organizations should periodically review whether agents still meet governance requirements.

Environment Monitoring

The Power Platform admin center allows administrators to monitor environments that host agents.

Typical information includes:

  • Environment health
  • Capacity usage
  • Storage
  • Dataverse utilization
  • Resource allocation

Healthy environments help ensure reliable agent performance.

Monitoring Connectors

Many agents rely on connectors to access business systems.

Administrators may monitor:

  • Connector availability
  • Authentication status
  • Connection errors
  • Connector permissions
  • External system connectivity

Problems with connectors often result in incomplete or failed agent responses.

Monitoring User Feedback

Organizations should also gather user feedback.

Useful indicators include:

  • User satisfaction
  • Reported issues
  • Feature requests
  • Accuracy concerns
  • Suggested improvements

Feedback helps guide future improvements to the agent.

Retirement of Agents

Not every agent remains useful forever.

Administrators may retire agents when:

  • Business needs change.
  • New agents replace older versions.
  • Information becomes outdated.
  • Security risks increase.
  • Adoption declines significantly.

Retired agents should be archived or removed according to organizational governance policies.

Best Practices

Organizations should:

  • Monitor usage regularly.
  • Review adoption reports.
  • Monitor operational health.
  • Investigate errors promptly.
  • Review security frequently.
  • Track lifecycle status.
  • Keep documentation current.
  • Update agents regularly.
  • Remove obsolete agents.
  • Use both Microsoft 365 and Power Platform administration tools appropriately.

Microsoft 365 Admin Center vs. Power Platform Admin Center

Microsoft 365 Admin CenterPower Platform Admin Center
User administrationEnvironment administration
License managementDataverse management
Copilot adoptionAgent operations
Usage reportingEnvironment health
BillingConnector management
Service healthCapacity monitoring
Organization-wide administrationPower Platform governance
Copilot reportsOperational insights

Exam Tips

For the AB-900 exam, remember these key points:

  • The Microsoft 365 admin center focuses on Microsoft 365 administration, licensing, Copilot usage, adoption, and organizational reporting.
  • The Power Platform admin center focuses on operational management of custom agents, environments, connectors, Dataverse, and Power Platform resources.
  • Usage monitoring measures adoption and business value.
  • Operational insights focus on technical health and performance.
  • Agents should be monitored throughout their entire lifecycle.
  • Administrators should regularly review performance, governance, and security after an agent is deployed.

Practice Exam Questions

Question 1

Which administrative portal is primarily used to monitor Microsoft 365 Copilot adoption and licensing?

A. Microsoft 365 admin center

B. Microsoft Defender portal

C. Azure Portal

D. Microsoft Purview portal

Answer: A

Explanation: The Microsoft 365 admin center provides organization-wide administration, including Copilot licensing, adoption reports, and usage monitoring.

Question 2

What is the primary purpose of monitoring agent usage?

A. To increase internet bandwidth

B. To determine adoption and business value

C. To install software updates

D. To configure SharePoint permissions

Answer: B

Explanation: Usage metrics help organizations understand whether agents are delivering value and being actively used.

Question 3

Which portal is primarily responsible for monitoring environments, connectors, and Dataverse resources for custom agents?

A. Microsoft Entra admin center

B. Microsoft Purview portal

C. Microsoft Power Platform admin center

D. Exchange admin center

Answer: C

Explanation: The Power Platform admin center manages environments, Dataverse, connectors, capacity, and operational aspects of custom agents.

Question 4

Which metric best represents agent adoption?

A. CPU utilization

B. Network latency

C. Number of active users

D. Available storage space

Answer: C

Explanation: Active users are a key indicator of how widely an agent is being adopted.

Question 5

Which activity is part of an agent’s lifecycle after publication?

A. Ongoing monitoring and updates

B. Automatic deletion

C. Disabling Microsoft 365

D. Removing all connectors

Answer: A

Explanation: Administrators continuously monitor, update, and improve agents after they are deployed.

Question 6

Which of the following is considered an operational insight?

A. Number of licensed users

B. Employee vacation requests

C. Failed connector authentication

D. SharePoint storage quota purchase

Answer: C

Explanation: Operational insights include technical issues such as connector failures, authentication problems, and service errors.

Question 7

Why should administrators monitor agent performance?

A. To increase hardware prices

B. To ensure reliable responses and a positive user experience

C. To disable audit logs

D. To reduce Microsoft 365 storage

Answer: B

Explanation: Performance monitoring helps ensure agents remain reliable, responsive, and useful.

Question 8

Which administrative activity helps identify agents that are no longer providing business value?

A. Monitoring adoption trends

B. Updating Windows drivers

C. Installing Office applications

D. Configuring printers

Answer: A

Explanation: Declining adoption trends may indicate that an agent should be improved or retired.

Question 9

What should administrators monitor to help identify security concerns related to agents?

A. Desktop wallpaper settings

B. Keyboard layouts

C. Unauthorized access attempts and permission issues

D. Browser home pages

Answer: C

Explanation: Monitoring permissions, authentication failures, and unauthorized access helps maintain security.

Question 10

Which statement best describes the relationship between the Microsoft 365 admin center and the Microsoft Power Platform admin center?

A. Both portals perform exactly the same administrative functions.

B. The Microsoft 365 admin center is used only for Exchange Online.

C. The Power Platform admin center replaces the Microsoft 365 admin center for all administration.

D. The Microsoft 365 admin center focuses on organizational Microsoft 365 administration and Copilot usage, while the Power Platform admin center focuses on environments and operational management of custom agents.

Answer: D

Explanation: The two portals complement one another. The Microsoft 365 admin center provides tenant-wide administration, licensing, and adoption reporting, while the Power Platform admin center provides operational management of environments, connectors, Dataverse resources, and custom agents built with Copilot Studio.

Go to the AB-900 Exam Prep Hub main page

AB-900, Agentic AI, AI, AI Governance, Microsoft Certification

Understand the approval process for agents (AB-900 Exam Prep)

 
This post is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.
This topic falls under these sections:
Perform basic administrative tasks for Copilot and agents (25–30%)
   --> Perform basic administrative tasks for agents
      --> Understand the approval process for agents

Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.

Introduction

As organizations increasingly adopt Microsoft 365 Copilot and AI-powered agents, governance becomes just as important as functionality. Without proper oversight, users could inadvertently create agents that expose sensitive information, perform unintended actions, or fail to comply with organizational policies.

For this reason, Microsoft provides an approval process that enables organizations to review, validate, and govern agents before they are made available to users. While the exact approval workflow depends on the type of agent, the organization’s governance policies, and the deployment platform (such as Microsoft Copilot Studio), administrators should understand how approval processes help ensure that agents are secure, compliant, and aligned with business requirements.

For the AB-900 exam, you are not expected to know every detailed configuration step, but you should understand why approvals exist, when they are required, who participates in the approval process, and what happens before and after an agent is approved.

Why Agent Approval is Important

Unlike general-purpose Microsoft 365 Copilot experiences, custom agents often:

  • Access organizational knowledge
  • Connect to business systems
  • Trigger automated workflows
  • Perform business-specific tasks
  • Use sensitive organizational data

Because of these capabilities, organizations typically require an approval process before an agent is published to production.

Approval helps ensure that:

  • The agent performs its intended function.
  • Security requirements are met.
  • Compliance policies are followed.
  • Data access is appropriate.
  • Users receive a trustworthy AI experience.

Goals of the Approval Process

An effective approval process helps organizations:

  • Reduce security risks
  • Prevent accidental oversharing
  • Ensure regulatory compliance
  • Improve quality of AI responses
  • Validate business usefulness
  • Maintain organizational standards
  • Establish accountability

Typical Agent Lifecycle

A simplified lifecycle includes:

  1. Design
  2. Build
  3. Configure
  4. Test
  5. Review
  6. Approve
  7. Publish
  8. Monitor
  9. Update
  10. Retire

Approval occurs after testing but before broad deployment.

Typical Approval Workflow

Although every organization may customize the workflow, the process generally follows these steps.

Step 1: Agent Creation

A developer or business user creates the agent.

They configure:

  • Instructions
  • Knowledge sources
  • Actions
  • Connectors
  • Conversation flow

Step 2: Initial Testing

Before requesting approval, the creator tests the agent.

Typical testing includes:

  • Prompt accuracy
  • Correct responses
  • Hallucination reduction
  • Data grounding
  • Error handling
  • Business logic

Step 3: Security Review

Security administrators verify that:

  • Permissions are appropriate.
  • Data sources are approved.
  • Authentication is configured correctly.
  • Sensitive information is protected.
  • Least-privilege access is maintained.

Step 4: Compliance Review

Compliance teams evaluate whether the agent aligns with organizational governance policies.

Areas reviewed include:

  • Data Loss Prevention (DLP)
  • Sensitivity labels
  • Microsoft Purview policies
  • Data retention
  • Regulatory requirements
  • Audit logging

Step 5: Business Review

Business owners determine whether:

  • The agent solves the intended problem.
  • Responses are accurate.
  • Business terminology is correct.
  • Processes are followed correctly.
  • Users will benefit from the solution.

Step 6: Approval

Once reviews are complete, the designated approver authorizes publication.

Only approved agents should become available to end users.

Step 7: Publishing

After approval, the agent can be:

  • Published
  • Assigned to users
  • Shared with groups
  • Made available in Microsoft Teams
  • Integrated into Microsoft 365 Copilot

Who May Participate in the Approval Process?

Several roles may be involved depending on the organization.

Agent Creator

Responsible for:

  • Designing the agent
  • Testing functionality
  • Fixing issues
  • Submitting for review

Business Owner

Responsible for:

  • Verifying business value
  • Confirming correct business logic
  • Approving organizational use

IT Administrator

Responsible for:

  • Platform administration
  • Environment configuration
  • Deployment
  • User access

Security Administrator

Responsible for:

  • Permission validation
  • Identity verification
  • Connector review
  • Security assessment

Compliance Administrator

Responsible for:

  • Governance policies
  • Data protection
  • Microsoft Purview compliance
  • Regulatory alignment

What is Reviewed During Approval?

Reviewers typically examine:

Purpose

Does the agent solve a legitimate business problem?

Instructions

Are system instructions clear?

Do they prevent inappropriate behavior?

Knowledge Sources

Are approved sources used?

Examples include:

  • SharePoint
  • Microsoft Graph
  • Dataverse
  • Internal documentation

Actions

Can the agent:

  • Send emails?
  • Update records?
  • Trigger workflows?
  • Access external systems?

Higher-risk actions usually require more careful review.

Permissions

Does the agent only access information users are already authorized to see?

Microsoft 365 security trimming should remain intact.

Connectors

Reviewers verify that external connectors:

  • Are trusted
  • Are approved
  • Meet organizational policies

Privacy

Organizations verify that:

  • Personal data is protected.
  • Confidential information is handled appropriately.
  • AI responses do not expose sensitive content.

Governance During Approval

Agent approval is part of broader AI governance.

Organizations often require:

  • Data classification
  • Sensitivity labels
  • DLP policies
  • Audit logs
  • Risk assessments
  • Periodic reviews

These controls help ensure responsible AI deployment.

Approval vs Publishing

These concepts are different.

Approval means the organization authorizes the agent for deployment.

Publishing makes the approved agent available to users.

An approved agent is not necessarily published immediately.

Likewise, a draft agent cannot be published without completing required approvals (if organizational policies require them).

What Happens After Approval?

Approval is not the end of governance.

Administrators continue to monitor:

  • Usage
  • Adoption
  • Errors
  • User feedback
  • Performance
  • Security events
  • Compliance alerts

Agents may later be:

  • Updated
  • Republished
  • Disabled
  • Archived
  • Deleted

Best Practices

Organizations should:

  • Define a formal approval workflow.
  • Require business ownership.
  • Review data access carefully.
  • Test before publishing.
  • Limit permissions using least privilege.
  • Monitor production usage.
  • Periodically review existing agents.
  • Remove unused or outdated agents.
  • Maintain documentation for governance and auditing.

Exam Tips

For the AB-900 exam, remember these key points:

  • Approval helps ensure agents are secure, compliant, and useful before deployment.
  • Multiple stakeholders—including creators, business owners, IT administrators, security administrators, and compliance administrators—may participate in the approval process.
  • Testing occurs before approval.
  • Publishing occurs after approval.
  • Organizations can customize approval workflows based on governance requirements.
  • Security, permissions, data access, compliance, and business value are common review areas.
  • Agent governance continues after publication through ongoing monitoring and management.

Practice Exam Questions

Question 1

Why do organizations typically require an approval process before publishing custom agents?

A. To reduce deployment speed

B. To ensure the agent meets security, compliance, and business requirements

C. To prevent Microsoft 365 licensing

D. To disable Microsoft Graph access

Answer: B

Explanation: Approval ensures agents are reviewed for security, compliance, data access, and business value before being made available to users.

Question 2

Which activity normally occurs immediately before an agent is submitted for approval?

A. Assigning licenses

B. Deleting old agents

C. Testing the agent

D. Archiving the environment

Answer: C

Explanation: Creators typically validate the agent through testing before requesting formal approval.

Question 3

Which team is primarily responsible for reviewing whether an agent complies with data governance requirements?

A. Marketing

B. Finance

C. Human Resources

D. Compliance administrators

Answer: D

Explanation: Compliance administrators review governance policies, regulatory requirements, data protection, and Microsoft Purview controls.

Question 4

Which aspect is most likely reviewed during an agent approval process?

A. The color theme of Microsoft Teams

B. The Windows desktop wallpaper

C. The user’s internet browser

D. The agent’s permissions and data sources

Answer: D

Explanation: Reviewers verify that permissions and knowledge sources comply with organizational security policies.

Question 5

What is the primary purpose of reviewing an agent’s knowledge sources?

A. To increase processor speed

B. To ensure the agent uses approved organizational information

C. To update Windows

D. To install Microsoft Office

Answer: B

Explanation: Approved knowledge sources help ensure accurate responses while protecting sensitive information.

Question 6

Which statement correctly describes approval and publishing?

A. Publishing always occurs before approval.

B. Approval and publishing are identical.

C. Approval authorizes deployment, while publishing makes the agent available to users.

D. Approval permanently locks the agent.

Answer: C

Explanation: Approval authorizes the agent for release, while publishing distributes it to its intended audience.

Question 7

Who is primarily responsible for confirming that an agent solves the intended business problem?

A. Business owner

B. Printer administrator

C. Network technician

D. Database operator

Answer: A

Explanation: Business owners validate that the agent provides value and meets organizational objectives.

Question 8

Which security principle should agents follow when accessing organizational information?

A. Unlimited access

B. Anonymous authentication

C. Guest-only permissions

D. Least privilege

Answer: D

Explanation: Agents should only access the information necessary for their intended function, following the principle of least privilege.

Question 9

After an agent has been approved and published, what should administrators continue to do?

A. Disable audit logging

B. Ignore user feedback

C. Monitor usage, performance, and compliance

D. Remove all permissions

Answer: C

Explanation: Ongoing monitoring helps ensure the agent remains secure, compliant, and effective as business needs evolve.

Question 10

Which statement best describes organizational approval workflows for agents?

A. Every Microsoft 365 tenant uses the exact same approval process.

B. Approval is optional for all organizations.

C. Approval workflows are fixed and cannot be customized.

D. Organizations can customize approval workflows to meet their governance requirements.

Answer: D

Explanation: Microsoft provides flexible governance capabilities, allowing organizations to implement approval workflows that align with their security, compliance, and operational policies.

Go to the AB-900 Exam Prep Hub main page

AB-900, Agentic AI, AI, Microsoft Certification

Create an agent (AB-900 Exam Prep)

 
This post is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.
This topic falls under these sections:
Perform basic administrative tasks for Copilot and agents (25–30%)
   --> Perform basic administrative tasks for agents
      --> Create an agent

Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.

(Microsoft 365 Copilot & Agent Administration Fundamentals)

Agents in the Microsoft 365 Copilot ecosystem are AI-powered assistants that extend Copilot’s capabilities by focusing on specific tasks, organizational knowledge, or business processes. Creating an agent involves defining its purpose, selecting its data sources, configuring its behavior, and publishing it so users can interact with it securely within Microsoft 365 apps.

This topic is central to understanding how administrators and power users enable tailored AI experiences using tools such as Microsoft Copilot Studio and the broader Microsoft 365 ecosystem.

1. What an agent is in Microsoft 365

An agent is a configurable AI experience built on top of Microsoft Copilot that can:

  • Answer domain-specific questions (HR, IT, finance, etc.)
  • Perform guided tasks (ticket creation, policy lookup, onboarding steps)
  • Use organizational data securely (SharePoint, Microsoft Graph, Dataverse)
  • Follow defined instructions and guardrails

Agents can be:

  • Declarative agents (configured with minimal or no-code settings)
  • Custom agents (built and extended in Copilot Studio)
  • Embedded agents (used within apps like Teams or Microsoft 365 Copilot experiences)

2. Where agents are created

Agents can be created in several Microsoft 365-aligned environments:

a. Copilot Studio

The primary tool for building and customizing agents.

Key capabilities:

  • Define agent purpose and instructions
  • Connect knowledge sources
  • Add actions (Power Automate, APIs)
  • Test and publish agents

b. Microsoft 365 Copilot experience

Admins can enable or manage prebuilt or organizational agents that appear in Copilot surfaces.

c. Power Platform environment (under the hood)

Agents often rely on Power Platform components such as:

  • Dataverse
  • Connectors
  • Power Automate flows

3. Prerequisites for creating an agent

Before creating an agent, ensure:

  • Appropriate licensing (Copilot and/or Copilot Studio access)
  • Permissions in the Power Platform environment
  • Access to organizational data sources (e.g., SharePoint sites)
  • Governance policies configured in Microsoft Purview

4. Key steps to create an agent

Step 1: Define the agent purpose

  • Identify the business scenario
  • Determine scope (e.g., HR helpdesk, IT support, sales assistant)

Step 2: Configure instructions

  • Provide system-level behavior guidance
  • Define tone, boundaries, and response rules
  • Specify what the agent should NOT do (important for compliance)

Step 3: Add knowledge sources

Common sources include:

  • SharePoint sites
  • Microsoft Graph data
  • Uploaded documents
  • Structured data (Dataverse tables)

Step 4: Add actions (optional)

Actions extend agent capability:

  • Create tickets in service systems
  • Trigger workflows via Power Automate
  • Query external APIs

Step 5: Test the agent

  • Validate responses in Copilot Studio test environment
  • Check grounding accuracy and hallucination risk
  • Adjust prompts or data sources

Step 6: Publish and share

  • Publish to organizational catalog
  • Assign user or group access
  • Make available in Microsoft 365 Copilot or Teams

5. Governance and control considerations

When creating agents, administrators must ensure:

  • Data access aligns with Microsoft 365 security policies
  • Sensitive data is protected using Purview labels and DLP rules
  • Only authorized users can access specific agents
  • Activity is monitored through Microsoft 365 admin and compliance tools

Agents inherit security trimming, meaning users only see data they already have permission to access.

6. Common exam focus points

You should understand:

  • Difference between Copilot and custom agents
  • Role of Copilot Studio in agent creation
  • Data sources used by agents (SharePoint, Graph, connectors)
  • Publishing and access control methods
  • Governance and compliance alignment

Practice Exam Questions (10)

1. Which tool is primarily used to build and customize Microsoft 365 Copilot agents?

A. Microsoft Teams Admin Center
B. Copilot Studio
C. Microsoft Entra ID
D. SharePoint Admin Center

Answer: B
Copilot Studio is the primary platform for creating and configuring custom Copilot agents, including instructions, knowledge sources, and actions.

2. What is the primary purpose of defining instructions when creating an agent?

A. To assign licenses to users
B. To configure data retention policies
C. To control agent behavior and response style
D. To enable Power BI integration

Answer: C
Instructions define how the agent behaves, including tone, boundaries, and response rules.

3. Which data source is commonly used by agents for organizational knowledge?

A. Microsoft Paint files
B. SharePoint sites
C. Windows Registry
D. Local desktop folders

Answer: B
SharePoint is a primary structured knowledge source used by Copilot agents.

4. What is a key benefit of adding actions to an agent?

A. They replace Microsoft 365 licensing requirements
B. They allow agents to execute workflows and integrate systems
C. They disable security trimming
D. They remove the need for testing

Answer: B
Actions enable agents to perform tasks such as triggering Power Automate flows or calling APIs.

5. Which platform component is commonly used behind agent workflows?

A. Dataverse
B. Windows Defender Firewall
C. Internet Information Services (IIS)
D. Microsoft Paint

Answer: A
Dataverse is often used as part of the Power Platform foundation supporting agents.

6. What happens when an agent is published?

A. It becomes available to assigned users or groups
B. It deletes previous versions automatically
C. It disables Copilot globally
D. It removes SharePoint permissions

Answer: A
Publishing makes the agent available for consumption based on assigned access controls.

7. What principle ensures users only see data they are allowed to access through an agent?

A. Data duplication
B. Security trimming
C. Token caching
D. Load balancing

Answer: B
Security trimming ensures agents respect existing Microsoft 365 permissions.

8. Which Microsoft service helps enforce compliance for data used in agents?

A. Microsoft Purview
B. Microsoft Edge
C. Windows Update
D. Azure DevTest Labs

Answer: A
Microsoft Purview provides governance, labeling, and compliance controls for data used in AI systems.

9. What is the first recommended step when creating a new agent?

A. Publish the agent immediately
B. Define the agent’s purpose and scope
C. Assign users to the agent
D. Add external APIs

Answer: B
Defining purpose ensures the agent is scoped correctly before configuration begins.

10. Where can agents be made available to end users after creation?

A. Only in Power BI dashboards
B. Only in Outlook desktop client
C. Across Microsoft 365 Copilot and integrated apps like Teams
D. Only in Azure portal

Answer: C
Agents can be deployed across Microsoft 365 Copilot experiences and integrated apps such as Teams.

Go to the AB-900 Exam Prep Hub main page

AB-900, Agentic AI, AI Governance, AI Security, Microsoft Certification

Identify how to configure user access to agents (AB-900 Exam Prep)

 
This post is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.
This topic falls under these sections:
Perform basic administrative tasks for Copilot and agents (25–30%)
   --> Perform basic administrative tasks for agents
      --> Identify how to configure user access to agents

Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.

Introduction

In Microsoft 365 Copilot, agents are specialized AI assistants designed to perform focused tasks such as answering domain-specific questions, retrieving organizational knowledge, or executing workflows. Because agents can access organizational data and systems, controlling who can use them and under what conditions is a critical administrative responsibility.

Configuring user access ensures that the right users can interact with the right agents while maintaining security, compliance, and least-privilege principles.

1. What “agent access” means

User access to agents determines:

  • Which users can discover an agent
  • Which users can interact with or run an agent
  • Whether an agent is available organization-wide or restricted to specific groups
  • Whether external or guest users can use agents (if allowed)

Access is typically controlled through a combination of:

  • Microsoft 365 identity and access controls
  • Entra ID (Azure AD) group membership
  • Copilot and agent-specific policies

2. Key methods to configure access to agents

A. Assigning access via Microsoft Entra ID groups

One of the most common approaches is group-based access control.

Administrators can:

  • Assign an agent to specific security groups or Microsoft 365 groups
  • Restrict usage to departments (e.g., HR, Finance, IT)
  • Manage access at scale without assigning users individually

Benefits:

  • Scalable management
  • Easier onboarding/offboarding
  • Centralized governance

B. Tenant-wide vs scoped availability

Agents can be configured as:

1. Tenant-wide agents

  • Available to all licensed users in the organization
  • Used for general productivity scenarios (e.g., company policy assistant)

2. Scoped agents

  • Limited to specific users or groups
  • Used for sensitive or department-specific data (e.g., HR policy agent)

C. Role-based access control (RBAC)

Some agent administration actions require specific roles in Microsoft 365 or Entra ID:

  • Global Administrator
  • AI Administrator / Copilot Administrator
  • Service-specific admin roles

RBAC ensures:

  • Only authorized admins can publish or modify agents
  • Governance over agent deployment lifecycle

D. Conditional Access policies

Conditional Access can indirectly control agent usage by enforcing:

  • Device compliance requirements
  • Multi-factor authentication (MFA)
  • Location-based restrictions
  • Risk-based sign-in rules

This ensures that even if a user has access to an agent, they must meet security requirements before using it.

E. Application and permission scopes

Agents may require access to:

  • Microsoft 365 data (SharePoint, Outlook, Teams)
  • External connectors or APIs
  • Graph permissions

Administrators control:

  • What data the agent can access
  • Whether consent is required
  • Whether permissions are user-delegated or app-level

3. Lifecycle considerations for agent access

Provisioning

  • Define target audience (group or tenant-wide)
  • Assign initial permissions
  • Validate compliance requirements

Modification

  • Update group membership to change access
  • Adjust policies as organizational needs evolve

Deprovisioning

  • Remove users or groups when no longer needed
  • Disable or retire the agent if required
  • Ensure data access is revoked appropriately

4. Governance best practices

To securely manage agent access:

  • Use least privilege access (only necessary users/groups)
  • Prefer group-based assignment over individual assignment
  • Regularly review agent usage and permissions
  • Restrict sensitive agents to controlled departments
  • Monitor access logs for unusual activity
  • Align with Microsoft Purview policies where applicable

5. Common use cases

  • HR agent accessible only to HR staff
  • IT helpdesk agent available to all employees
  • Finance reporting agent restricted to finance team
  • Executive summary agent limited to leadership group

6. Key exam takeaway

For AB-900, remember:

  • Agent access is primarily controlled through Entra ID groups, roles, and policies
  • Access can be tenant-wide or scoped
  • Security is enforced through RBAC and Conditional Access
  • Governance ensures agents are only available to the appropriate users

Practice Exam Questions (10)

1.

What is the most common method used to manage user access to Microsoft 365 agents at scale?

A. Individual user assignment
B. Local device policies
C. Entra ID group-based assignment
D. DNS configuration

Answer: C
Explanation: Entra ID group-based assignment is the scalable and recommended way to manage agent access.

2.

Which configuration limits an agent to only HR department users?

A. Tenant-wide publishing
B. Scoped group assignment
C. Public sharing link
D. Guest user activation

Answer: B
Explanation: Scoped assignment using groups restricts access to specific departments like HR.

3.

Which role is typically required to manage Copilot or agent deployment settings?

A. SharePoint Site Owner
B. Global Administrator
C. Teams Guest User
D. Exchange Recipient User

Answer: B
Explanation: Global Administrators (or similar privileged roles) manage high-level agent deployment settings.

4.

What is the purpose of Conditional Access in relation to agent usage?

A. To increase storage capacity
B. To control data indexing speed
C. To enforce security requirements before access
D. To create new agents automatically

Answer: C
Explanation: Conditional Access ensures users meet security conditions like MFA or device compliance.

5.

What happens when a user is removed from an Entra ID group assigned to an agent?

A. They retain permanent access
B. Their access is automatically revoked
C. The agent is deleted
D. The entire tenant loses access

Answer: B
Explanation: Group membership changes immediately affect access to assigned resources, including agents.

6.

Which access model makes an agent available to all licensed users in a tenant?

A. Scoped access
B. Tenant-wide access
C. External sharing mode
D. Device-based access

Answer: B
Explanation: Tenant-wide access allows all licensed users to use the agent.

7.

Which control helps restrict what data an agent can access?

A. Network firewall rules
B. Permission scopes and Graph permissions
C. Printer access policies
D. Windows registry settings

Answer: B
Explanation: Permission scopes define what data and services an agent can access.

8.

What is a key benefit of using group-based access for agents?

A. It disables auditing
B. It simplifies scalable management
C. It removes the need for authentication
D. It bypasses licensing requirements

Answer: B
Explanation: Group-based access simplifies administration, especially in large organizations.

9.

Which scenario best describes proper agent governance?

A. All users can create unrestricted agents
B. Agents are available without authentication
C. Sensitive agents are limited to specific departments
D. Agents bypass compliance policies

Answer: C
Explanation: Sensitive agents should be restricted to appropriate departments for security and compliance.

10.

What is a recommended best practice when configuring access to agents?

A. Assign access individually to each user
B. Use least privilege access principles
C. Allow anonymous access by default
D. Disable group usage entirely

Answer: B
Explanation: Least privilege ensures users only get the access they need, improving security and governance.

Go to the AB-900 Exam Prep Hub main page

AB-900, Agentic AI, AI Governance, Generative AI, Microsoft Certification

Manage prompts, in Microsoft Copilot, including saving, sharing, scheduling, and deleting (AB-900 Exam Prep)

 
This post is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.
This topic falls under these sections:
Perform basic administrative tasks for Copilot and agents (25–30%)
   --> Perform basic administrative tasks for Copilot
      --> Manage prompts, in Microsoft Copilot, including saving, sharing, scheduling, and deleting

Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.

Introduction

Microsoft 365 Copilot allows users to create and reuse prompts to streamline repetitive work such as drafting emails, summarizing documents, generating reports, or analyzing data. From an administrative perspective, understanding how prompts are managed is important for governance, productivity, and consistency across an organization.

Prompts can be treated as reusable productivity assets that users can store, distribute, and manage over time—especially when Copilot is used at scale across Microsoft 365 apps.

1. What are Copilot prompts?

A Copilot prompt is a natural language instruction given to Copilot to generate output. For example:

  • “Summarize this meeting in five bullet points.”
  • “Draft a project update email for stakeholders.”
  • “Analyze this Excel dataset and highlight trends.”

Prompts can be:

  • One-time (ad hoc usage)
  • Saved for reuse
  • Shared across users or teams
  • Scheduled for recurring execution (in supported scenarios)

2. Saving prompts

Saving prompts allows users to reuse effective instructions without rewriting them.

Key characteristics:

  • Stored in a user-accessible prompt library or prompt experience
  • Can be reused across Microsoft 365 apps (Word, Teams, Outlook, etc.)
  • Helps standardize repetitive business tasks

Benefits:

  • Increases productivity
  • Encourages consistent output formatting
  • Reduces time spent recreating complex prompts

Example:

A finance analyst saves a prompt:

“Summarize quarterly revenue performance and highlight anomalies.”

3. Sharing prompts

Prompts can be shared with other users or teams to promote consistency.

Sharing capabilities include:

  • Sharing with individuals or groups
  • Embedding prompts into team workflows
  • Distributing best-practice prompts across departments

Use cases:

  • Standard HR onboarding email drafts
  • Sales proposal templates
  • IT troubleshooting responses

Governance consideration:

Shared prompts should align with organizational policies to avoid:

  • Exposure of sensitive instructions
  • Use of non-compliant content templates

4. Scheduling prompts

Scheduling allows prompts to be executed at defined intervals or triggered conditions (depending on Copilot capabilities and integration context).

Examples of scheduled prompt usage:

  • Daily summary of emails in Outlook
  • Weekly project status report generation
  • Regular data analysis summaries in Excel

Benefits:

  • Automates repetitive reporting tasks
  • Ensures timely information delivery
  • Reduces manual effort

Important note:

Scheduling capabilities may depend on:

  • Copilot-enabled workflows
  • Microsoft 365 integrations (Power Automate or agent-based automation)

5. Deleting prompts

Prompts can be deleted when they are no longer needed or are outdated.

Reasons for deletion:

  • Prompt is obsolete or inaccurate
  • Organizational standards have changed
  • Security or compliance concerns
  • User no longer needs the prompt

Administrative considerations:

  • Deleted prompts may not be recoverable depending on retention policies
  • Enterprises may enforce governance policies around prompt lifecycle management

6. Administrative and governance considerations

When managing prompts at scale, administrators should consider:

Security

  • Prevent sharing of sensitive prompts containing confidential logic
  • Ensure prompts do not encourage data leakage

Compliance

  • Align prompt usage with Microsoft Purview policies
  • Ensure prompts do not bypass organizational controls

Lifecycle management

  • Define rules for retention, reuse, and deletion
  • Standardize prompt libraries for departments

User enablement

  • Provide curated prompt libraries
  • Encourage adoption of approved prompt templates

7. Key exam takeaway

For AB-900, focus on the fact that Copilot prompt management includes:

  • Saving prompts for reuse
  • Sharing prompts across users or teams
  • Scheduling prompts for recurring tasks (where supported)
  • Deleting prompts for governance and lifecycle control

These capabilities support productivity while requiring governance oversight in enterprise environments.

Practice Exam Questions (10)

1.

What is the primary benefit of saving Copilot prompts?

A. It increases network bandwidth usage
B. It allows reuse of effective instructions
C. It disables prompt security controls
D. It deletes old conversations automatically

Answer: B
Explanation: Saving prompts enables reuse of effective instructions, improving productivity and consistency.

2.

An organization wants to standardize email drafts across departments. Which feature supports this goal?

A. Prompt deletion
B. Prompt sharing
C. Device enrollment
D. Data loss prevention

Answer: B
Explanation: Sharing prompts allows standardized templates and instructions to be distributed across teams.

3.

Which scenario best represents a scheduled Copilot prompt?

A. A one-time email draft request
B. A manually typed search query
C. A daily summary report generated automatically
D. A deleted conversation thread

Answer: C
Explanation: Scheduled prompts run at defined intervals, such as daily report generation.

4.

Why might an administrator enforce governance rules on shared prompts?

A. To increase storage capacity
B. To reduce CPU usage
C. To prevent exposure of sensitive or non-compliant content
D. To disable Copilot licensing

Answer: C
Explanation: Shared prompts may contain sensitive logic, so governance ensures compliance and security.

5.

What typically happens when a prompt is deleted?

A. It is permanently removed from the prompt library
B. It becomes read-only
C. It is converted into a system alert
D. It is automatically shared with all users

Answer: A
Explanation: Deleting a prompt removes it from the library, although retention policies may affect recoverability.

6.

Which of the following is a valid use case for saved prompts?

A. Running antivirus scans
B. Reusing a formatted project status report request
C. Managing device drivers
D. Configuring network routing

Answer: B
Explanation: Saved prompts are used for repeatable tasks like structured reports or summaries.

7.

What is a key risk of unmanaged prompt sharing?

A. Increased CPU performance
B. Exposure of sensitive instructions or business logic
C. Faster email delivery
D. Reduced storage costs

Answer: B
Explanation: Unmanaged sharing can expose sensitive organizational logic or data-handling instructions.

8.

Which Microsoft 365 principle is most relevant to managing Copilot prompts?

A. Hardware lifecycle management
B. Identity federation
C. Information governance
D. Network segmentation

Answer: C
Explanation: Prompt management relates to information governance, including control over content and usage.

9.

What is a benefit of scheduling prompts in Copilot-enabled workflows?

A. It eliminates user authentication
B. It automates repetitive reporting tasks
C. It disables Microsoft 365 apps
D. It increases manual effort

Answer: B
Explanation: Scheduled prompts automate recurring tasks like reports and summaries.

10.

Which action supports prompt lifecycle management in an enterprise environment?

A. Random prompt duplication
B. Unrestricted external sharing
C. Deleting outdated prompts based on policy
D. Disabling all Copilot features

Answer: C
Explanation: Removing outdated prompts helps maintain compliance and ensures only relevant prompts are retained.

Go to the AB-900 Exam Prep Hub main page