Microsoft AB-900: Copilot and Agent Administration Fundamentals Study Guide [80 Minute Read]

A First-Principles Approach to Microsoft 365 Administration and AI Governance

This guide builds your mental model of how Microsoft 365 works — not just what its features are called. Every section answers three questions: why this matters in practice, how to think about it conceptually, and where the exam likes to trip you up. By the end, you won't just recognize the right answer — you'll be able to reason your way to it.

Official Exam Objectives: AB-900 Study Guide — Microsoft Learn

AB-900 is a Fundamentals-level exam with broad coverage and minimal depth per topic. Questions lean toward understanding and application — expect scenarios like "a company wants to do X, which tool should they use?" rather than pure recall. The exam includes approximately 40–60 questions, and you have 45 minutes. Passing score is 700/1000. No prerequisites are required.

Exam Domain Weights

Data Protection and Governance is the heaviest domain — nearly 40% of the exam. Spend the most study time on Microsoft Purview and Copilot data security. The Copilot and Agent Administration domain is new territory for most candidates, so don't underestimate it.

(Table of Contents - For Reference)

  • Phase 1: First Principles of Microsoft 365 Administration
    • 1.1. What Microsoft 365 Actually Is (and Why It's More Than Office)
      • 1.1.1. The Cloud Services Model Behind M365
      • 1.1.2. Identity as the New Security Perimeter
    • 1.2. How Microsoft 365 Is Governed
      • 1.2.1. The Admin Center Ecosystem
      • 1.2.2. Roles, Licenses, and Access Control
    • 1.3. Reflection Checkpoint
  • Phase 2: Microsoft 365 Core Services and Security (30–35%)
    • 2.1. Core Objects and Admin Centers
      • 2.1.1. Microsoft 365 Admin Center: Org-Wide Configuration
      • 2.1.2. Exchange Online Admin Center: Mailboxes and Mail Flow
      • 2.1.3. SharePoint Admin Center: Sites, Libraries, and Permissions
      • 2.1.4. Teams Admin Center: Teams, Channels, and Policies
    • 2.2. Microsoft 365 Security Principles
      • 2.2.1. Zero Trust Architecture
      • 2.2.2. Authentication Methods
      • 2.2.3. Microsoft Defender XDR
    • 2.3. Core Security Features and Identity
      • 2.3.1. Microsoft Entra ID
      • 2.3.2. Conditional Access Policies
      • 2.3.3. Single Sign-On (SSO)
      • 2.3.4. Identity Governance: PIM and Audit Logs
      • 2.3.5. App Registrations and Enterprise Apps
    • 2.4. Reflection Checkpoint
  • Phase 3: Data Protection and Governance for M365 and Copilot (35–40%)
    • 3.1. Microsoft Purview: The Governance Platform
      • 3.1.1. Information Protection and Sensitivity Labels
      • 3.1.2. Data Loss Prevention (DLP)
      • 3.1.3. Insider Risk Management and Communication Compliance
      • 3.1.4. Data Lifecycle Management and Retention
    • 3.2. Copilot Data Security
      • 3.2.1. How Copilot Accesses Data via Microsoft Graph
      • 3.2.2. Permissions, Controls, and Risk Mitigation
      • 3.2.3. Responsible AI Principles
    • 3.3. Identifying and Responding to Governance Risks
      • 3.3.1. Compliance Manager and Data Explorer
      • 3.3.2. DLP Alerts, Activity Explorer, and DSPM for AI
      • 3.3.3. eDiscovery and Content Search
    • 3.4. Oversharing in SharePoint
      • 3.4.1. Identifying Oversharing Risks
      • 3.4.2. SharePoint Advanced Management
    • 3.5. Reflection Checkpoint
  • Phase 4: Copilot and Agent Administration (25–30%)
    • 4.1. Understanding Copilot and Agents
      • 4.1.1. Built-in Copilot Capabilities vs. Agents
      • 4.1.2. Copilot Licensing Models
      • 4.1.3. Researcher, Analyst, and Custom Agents
    • 4.2. Administering Microsoft 365 Copilot
      • 4.2.1. License Assignment and Access Control
      • 4.2.2. Usage Monitoring and Adoption
      • 4.2.3. Prompt Governance
    • 4.3. Administering Agents
      • 4.3.1. Configuring User Access to Agents
      • 4.3.2. Creating, Testing, and Publishing Agents
      • 4.3.3. Agent Approval and Lifecycle Management
    • 4.4. Reflection Checkpoint
  • Phase 5: Exam Readiness
    • 5.1. Exam Strategy and Time Management
    • 5.2. Quick Reference: Key Comparisons and Decision Rules
    • 5.3. Mixed Practice Questions
  • Phase 6: Glossary
  • Phase 7: Conclusion and Next Steps
🚀

Start Free. Upgrade When You're Ready.

Stay on your structured path while adding targeted practice with the full set of exam-like questions, expanded flashcards to reinforce concepts, and readiness tracking to identify and address weaknesses when needed.

Alvin Varughese
Written byAlvin Varughese
Founder15 professional certifications

Content last updated