Microsoft · AB-900
Validates knowledge of Microsoft 365 core services, data protection, governance, and Copilot and agent administration. Covers Microsoft Entra, Microsoft Purview, and the admin centers for Exchange Online, SharePoint, and Teams.
Questions
700
Duration
60 minutes
Passing Score
700/1000
Difficulty
FoundationalLast Updated
Mar 2026
Use this AB-900 practice exam to prepare for Microsoft 365 Certified: Copilot and Agent Administration Fundamentals (AB-900) with realistic questions, detailed explanations, and focused study modes. The practice bank includes 700 questions for Microsoft AB-900, so you can review the exam steadily instead of relying on one long cram session.
As you practice, pay extra attention to recurring topics such as Core Features and Objects of Microsoft 365 Services, Microsoft 365 Security Principles and Zero Trust, Microsoft Entra and Conditional Access, Microsoft Purview Data Protection and Governance, and Data Security Implications of Microsoft 365 Copilot. Start with short sessions to identify weak areas, then move into timed quizzes once your accuracy is consistent.
The explanations are especially useful when you want to connect exam wording to the responsibilities and scenarios described in the official certification guidance. Use the free preview first, then unlock the full question bank when you are ready to build a complete study routine.
The Microsoft 365 Certified: Copilot and Agent Administration Fundamentals (AB-900) is a beginner-level certification that validates foundational knowledge of Microsoft 365 core services, security, data protection, governance, and the administration of Microsoft 365 Copilot and AI agents. It demonstrates the ability to support, secure, and protect an AI-enabled Microsoft 365 environment. The exam covers the full breadth of the Microsoft 365 ecosystem, including Exchange Online, SharePoint, Microsoft Teams, Microsoft Entra for identity and access management, and Microsoft Purview for compliance and data protection.
First made available as a beta and reaching general availability on January 27, 2026, AB-900 reflects the growing organizational need to govern AI-powered productivity tools responsibly. It addresses how Microsoft Graph influences Copilot responses, how permissions and sensitivity labels protect data in Copilot interactions, and how administrators can monitor and manage both Copilot licenses and AI agents through the Microsoft 365 admin center, Microsoft Power Platform admin center, and related tooling. It is the entry-level counterpart to more advanced Copilot and Microsoft 365 administration role-based certifications.
This certification is designed for IT administrators, support engineers, and helpdesk professionals who work in or are entering Microsoft 365 environments where Copilot and AI agents are being deployed. It is appropriate for those in roles such as Microsoft 365 administrator, junior cloud administrator, IT generalist, or modern workplace engineer who need to demonstrate foundational competence in managing and securing AI-driven productivity tools.
The certification is also well-suited for business technology professionals, compliance officers, or governance specialists who interact with Microsoft Purview, Microsoft Entra, and Copilot administration. Candidates should have experience with AI-driven productivity tools and modern IT management practices, and a working familiarity with Microsoft 365 admin centers.
There are no formal prerequisites required to sit for the AB-900 exam. However, Microsoft recommends candidates have hands-on familiarity with Microsoft 365 core services and admin centers, including Exchange Online, SharePoint in Microsoft 365, Microsoft Teams, Microsoft Entra, and Microsoft Purview. Candidates should understand core security concepts such as authentication methods, conditional access policies, Zero Trust principles, and single sign-on (SSO).
Practical experience with AI-driven productivity tools and a basic understanding of how Microsoft 365 Copilot accesses organizational data via Microsoft Graph is strongly recommended. Familiarity with licensing models, user and group management, and compliance tooling in Microsoft Purview will also help candidates succeed on the exam.
The AB-900 exam is a proctored assessment with a 45-minute time limit. It may include interactive components in addition to traditional question formats. The exam is delivered in English through Pearson VUE, and students and educators may also schedule through Certiport. A score of 700 out of 1000 is required to pass.
Most questions cover features that are Generally Available (GA), though questions on Preview features may appear if those features are commonly used. Candidates who need the exam in a non-English language may request an additional 30 minutes. If a candidate fails, they may retake the exam after 24 hours; subsequent retake wait times vary per Microsoft's retake policy.
Earning the AB-900 certification positions professionals as credible administrators in organizations adopting Microsoft 365 Copilot and AI agents, a rapidly expanding segment of enterprise IT. It serves as a foundation for more advanced Microsoft 365 certifications, such as the Microsoft 365 Certified: Administrator Expert or role-based associate certifications covering security, compliance, and identity. As organizations accelerate AI tool deployment, the ability to govern, secure, and administer Copilot environments is increasingly listed as a required or preferred qualification in Microsoft 365 administrator job postings.
Because AB-900 is a foundational-level certification, it is particularly valuable for professionals transitioning into cloud administration or seeking to formalize existing knowledge. It complements other Microsoft fundamentals certifications and is recognized in procurement, compliance, and IT operations roles where demonstrable knowledge of AI governance in Microsoft 365 is required. Salary impact varies by region and role, but Microsoft 365 administrators with AI governance skills are increasingly in demand as enterprises scale Copilot deployments.
5 sample questions with answers and explanations. Start a practice session to test yourself across all 700 questions.
Preview — answers shown1. Adatum Corporation is preparing for Microsoft 365 Copilot deployment and wants to use a phased approach. During the initial phase, the organization wants to limit which SharePoint sites Copilot and organization-wide search can reference while they audit permissions across all sites. They need a temporary measure that can restrict Copilot to a curated list of verified sites. Which feature should the administrator enable? (Select one!)
Explanation
Restricted SharePoint Search is a temporary measure that limits organization-wide search and Copilot to a curated allowed list of up to 100 SharePoint sites while administrators audit permissions. Users can still access content they own, recently visited, or was directly shared with them, but Copilot and org-wide search only reference allowed-list sites. DLP policies protect sensitive content from leaking but do not control which sites Copilot can reference for search. Conditional Access policies control user authentication and device access, not search scope. Sensitivity label container policies control privacy and sharing settings on Teams and sites but do not restrict Copilot search scope.
2. Tailspin Toys wants to build an AI agent that handles complex customer support workflows with ticket creation, escalation to human agents, and integration with their CRM system. The agent needs to be published to both Microsoft Teams and their customer-facing website. Which tool should they use to build this agent? (Select one!)
Explanation
Microsoft Copilot Studio is the correct choice for building complex agents that require multi-step workflows, custom integrations with business systems like CRM, escalation to human agents, and multi-channel publishing across Teams and external websites. Copilot Studio provides a low-code graphical platform with visual canvas, AI-powered topic creation, connectors for external data sources, and lifecycle management tools. Agent Builder in Microsoft 365 Copilot is designed for lightweight Q&A agents for individuals or small teams, not complex workflow scenarios. Power Automate handles workflow automation but is not designed for conversational AI agent development. SharePoint agents help users find information on specific SharePoint sites but cannot handle complex customer support workflows or publish to external websites.
3. Adatum Corporation uses Microsoft 365 E5 and has deployed Microsoft 365 Copilot. The security team wants to prevent Copilot from summarizing files that have a specific sensitivity label applied, regardless of whether those files are encrypted. Which Microsoft Purview capability should the security team configure? (Select one!)
Explanation
Data Loss Prevention policies using the Microsoft 365 Copilot and Copilot Chat policy location can prevent Copilot and agents from summarizing files and emails that have specific sensitivity labels applied. When DLP detects a labeled item, Copilot will not summarize the content but can still reference it with a link so the user can open and view it outside Copilot. Insider Risk Management detects risky AI usage patterns but does not block Copilot from processing specific labeled content. Communication Compliance monitors for policy violations in communications but does not restrict content processing. Retention policies manage data lifecycle by retaining or deleting content, not by restricting Copilot access to labeled files.
4. Adatum Corporation uses Privileged Identity Management (PIM) in Microsoft Entra ID. The security team wants to configure just-in-time access for the Exchange Administrator role. When a user activates this eligible role assignment, which requirements can be enforced during activation? (Select two!)
Multiple correct answersExplanation
Privileged Identity Management allows administrators to configure activation requirements for eligible role assignments. These requirements can include multi-factor authentication, approval from designated approvers, justification text explaining why the role is needed, and ticket information. MFA verification and business justification are standard enforcement options during PIM role activation. Automatic password rotation is not a PIM activation requirement. While PIM supports an approval workflow, it uses designated approvers configured by the administrator, not specifically the user's direct manager. Device restart is not a PIM activation requirement.
5. Contoso has deployed Microsoft 365 Copilot and wants to ensure that SharePoint sites without proper governance are identified and managed. The SharePoint administrator needs to find sites that do not have at least two owners assigned. Which SharePoint Advanced Management feature should the administrator use? (Select one!)
Explanation
The Site Ownership policy in SharePoint Advanced Management identifies sites that do not have a minimum number of owners (typically two) and helps find appropriate owner candidates. Administrators can run the policy in Simulation mode first to identify ownerless sites, then activate it to notify potential site owner candidates. Data Access Governance reports identify sites with oversharing risks such as broad sharing links or guest access but do not specifically track site ownership. Restricted Content Discovery prevents content from appearing in Copilot and search but is unrelated to site ownership. Inactive Site policy identifies sites that have not been accessed for a specified period, focusing on site usage rather than ownership.
Microsoft Dynamics 365 Supply Chain Management Functional Consultant Expert (MB-335)
MB-335 · 2039 questions
Microsoft Dynamics 365 Business Central Functional Consultant (MB-800)
MB-800 · 1899 questions
Microsoft Certified: Azure AI Engineer Associate (AI-102)
AI-102 · 1392 questions
Microsoft Certified: Windows Server Hybrid Administrator Associate (AZ-801)
AZ-801 · 1376 questions
Microsoft Dynamics 365 Finance Functional Consultant (MB-310)
MB-310 · 1299 questions
Microsoft 365 Certified: Fundamentals (MS-900)
MS-900 · 1201 questions
$17.99
One-time access to this exam