Microsoft - AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals
Sample Questions
Question: 53
Measured Skill: Understand data protection and governance tasks for Microsoft 365 and Copilot (35–40%)
Your organization has a Microsoft 365 subscription.
All users have Microsoft 365 Copilot licenses.
You need to identify where sensitive content is being used during Copilot interactions, analyze the content usage patterns, and provide recommendations on applying the appropriate protections.
What should you use?| A | Microsoft Viva Insights |
| B | The Microsoft Purview DSPM for AI solution |
| C | Microsoft Security Copilot |
| D | The Microsoft Purview Insider Risk Management solution |
Correct answer: BExplanation:
Microsoft Purview Data Security Posture Management (DSPM) helps organizations discover, protect, and investigate sensitive data risks across their digital estate. This solution provides unified visibility and control for both traditional applications and AI apps and agents, supporting data governance across Microsoft 365, Azure, Fabric, and integrated third-party SaaS platforms. Monitor, assess, and remediate data risks, regardless of where sensitive data resides.
Instead of focusing on infrastructure or endpoints, Data Security Posture Management centers on the data itself—identifying where it resides, who can access it, how it's used, and whether it’s adequately protected. This is especially important as data becomes more distributed and exposed in today's AI-driven workplaces where data is constantly moving and changing, making it harder to keep track of and control.
Data Security Posture Management continuously scans your environment to identify sensitive data, assess risk, and recommend actions to reduce exposure. It consolidates insights from the Microsoft Purview solutions data loss prevention (DLP), Insider Risk Management, information protection with sensitivity labels, and Data Security Investigations. These insights provide a single view for monitoring data risks, policy coverage, and posture trends. This version of Data Security Posture Management extends coverage to third-party SaaS and IaaS platforms, such as Google Cloud Platform, Snowflake, and Databricks, and integrates with partner solutions such as Cyera, BigID, and OneTrust for comprehensive risk insights.
Reference: Learn about Data Security Posture Management
Question: 54
Measured Skill: Understand data protection and governance tasks for Microsoft 365 and Copilot (35–40%)
Your organization has a Microsoft 365 subscription.
All users are assigned Microsoft 365 Copilot licenses.
Some users report receiving Copilot responses that contain information from a Microsoft SharePoint site named Finance. The users report that the information is commercially sensitive.
You need to prevent Copilot from providing responses that contain information from the Finance site.
What should you do?| A | From Microsoft Purview, create an Information Barrier (IB) policy. |
| B | From Microsoft Defender, create a data connector. |
| C | From Microsoft Entra, create a Conditional Access policy. |
| D | From the Finance site, configure permissions. |
Correct answer: DExplanation:
Microsoft 365 Copilot operates within the Microsoft 365 service boundary and honors the same data protection, access control, and compliance capabilities that apply across Microsoft 365.
If users are seeing commercially sensitive information from the Finance SharePoint site, it means those users currently have access to that site or its content. To solve the issue, we need to prevent the users from accessing the Finance SharePoint site.
Reference: How data is protected and audited in Microsoft 365 and Microsoft 365 Copilot
Question: 55
Measured Skill: Perform basic administrative tasks for Copilot and agents (25–30%)
A manager asks: "What is the main capability difference between Microsoft 365 Copilot built into Word/Excel and a custom AI Agent built in Copilot Studio?"
What is the correct answer?| A | Only built-in Copilot can access and summarize Microsoft Graph data. |
| B | Built-in Copilot is a broad productivity assistant. Custom AI Agents are designed for specific multi- step tasks and integrations with external systems. |
| C | Only custom AI Agents can ground responses in organizational data. |
| D | Custom Agents are only accessible via the Copilot Studio portal, while Copilot is embedded in apps. |
Correct answer: BExplanation:
Microsoft 365 Copilot is an AI-powered productivity tool that enhances workflows across Microsoft 365 applications like Copilot Chat, Outlook, Teams, and Word, using enterprise data from Microsoft Graph. Although Copilot provides powerful built-in capabilities, organizations often need to integrate additional knowledge, data sources, or applications to address specific use cases.
Agents extend the functionality of Copilot by acting as specialized AI assistants tailored to specific domains. These agents apply organizational knowledge and automation to streamline business processes, enhance decision making, and improve efficiency. Agents can retrieve information, summarize data, or even take actions like sending emails or updating records.
Reference: Agents for Microsoft 365 Copilot
Question: 56
Measured Skill: Perform basic administrative tasks for Copilot and agents (25–30%)
A departmental manager has developed a highly effective, complex Microsoft 365 Copilot prompt for analyzing weekly sales data.
The manager wants all 30 members of their sales team to have easy, consistent access to this specific prompt template.
What is the recommended method for the manager to ensure consistent usage of this high-value prompt across the entire team?| A | Use the Copilot Studio interface to publish the prompt as a new Agent. |
| B | Send the text of the prompt to the team via email and instruct them to save it in their personal OneDrive. |
| C | Share the prompt template directly from the Microsoft 365 Copilot Prompt Library. |
| D | Create a Power Automate flow that executes the prompt on a weekly schedule. |
Correct answer: CExplanation:
Copilot prompts are instructions or questions you use to tell Copilot what you want. Prompts can include four parts: the goal, context, expectations, and source.
Microsoft 365 Copilot includes a built-in Prompt Gallery that is specifically designed to save, reuse, and share high-value prompts across teams.
As you get better at using Microsoft 365 Copilot and creating helpful prompts, don't keep them to yourself. Copilot Prompt Gallery makes it easy to find, save, and share prompts that can help you and your organization be more effective.
References:
Learn about Copilot prompts
Sharing prompts with a Team
Question: 57
Measured Skill: Understand data protection and governance tasks for Microsoft 365 and Copilot (35–40%)
You are evaluating Microsoft Purview solutions.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)
| A | A Communication Compliance policy can detect inappropriate text in Microsoft Teams messages: Yes
A Communication Compliance policy can detect offensive language in Microsoft 365 Copilot prompts: Yes
A Communication Compliance policy can be used to retain email messages for 10 years: Yes |
| B | A Communication Compliance policy can detect inappropriate text in Microsoft Teams messages: Yes
A Communication Compliance policy can detect offensive language in Microsoft 365 Copilot prompts: Yes
A Communication Compliance policy can be used to retain email messages for 10 years: No |
| C | A Communication Compliance policy can detect inappropriate text in Microsoft Teams messages: Yes
A Communication Compliance policy can detect offensive language in Microsoft 365 Copilot prompts: No
A Communication Compliance policy can be used to retain email messages for 10 years: Yes |
| D | A Communication Compliance policy can detect inappropriate text in Microsoft Teams messages: No
A Communication Compliance policy can detect offensive language in Microsoft 365 Copilot prompts: Yes
A Communication Compliance policy can be used to retain email messages for 10 years: No |
| E | A Communication Compliance policy can detect inappropriate text in Microsoft Teams messages: No
A Communication Compliance policy can detect offensive language in Microsoft 365 Copilot prompts: No
A Communication Compliance policy can be used to retain email messages for 10 years: Yes |
| F | A Communication Compliance policy can detect inappropriate text in Microsoft Teams messages: No
A Communication Compliance policy can detect offensive language in Microsoft 365 Copilot prompts: No
A Communication Compliance policy can be used to retain email messages for 10 years: No |
Correct answer: BExplanation:
Microsoft Purview Communication Compliance is an insider risk solution that helps you minimize communication risks by helping you detect, capture, and act on potentially inappropriate messages in your organization. Predefined and custom policies allow you to check internal and external communications for policy matches so designated reviewers can examine them. Reviewers can investigate email, Microsoft Teams, Microsoft 365 Copilot and Microsoft 365 Copilot Chat, Viva Engage, or third-party communications in your organization and take appropriate actions to make sure they're compliant with your organization's message standards.
References:
Learn about Communication Compliance
Create and manage Communication Compliance policies
Configure a Communication Compliance policy to detect generative AI interactions