Microsoft 365 Copilot and Agent Administration Fundamentals AB-900 Exam Questions

Answer : C

The correct answer is C. a custom Microsoft 365 Copilot agent. Microsoft Learn explains that Agent Builder in Microsoft 365 Copilot lets you create agents with specific instructions, dedicated knowledge sources, and starter prompts. Starter prompts are designed to help users understand the most common supported scenarios, which directly matches the requirement to provide users with a list of common queries. Microsoft also documents that an agent can be grounded in selected SharePoint sites, folders, or files, allowing the response scope to be targeted to the HR policy content in Site1 rather than broad enterprise or web data.

The other options do not fit the requirement. Copilot in Word is document-focused and is not intended to create a reusable, shared query experience grounded only in one SharePoint source. Copilot notebooks group materials and chats, but they are not the right tool for publishing a guided HR policy assistant with starter prompts. Researcher is designed for broader, multi-step research using work data and web content, so it does not satisfy the requirement to keep answers grounded only in Site1.

Answer : B

The correct answer is B. data loss prevention (DLP) policies. Microsoft Learn states that Microsoft Purview Data Loss Prevention helps organizations identify, monitor, and automatically protect sensitive information across Microsoft 365 locations such as Exchange, SharePoint, OneDrive, Teams, and devices. Microsoft specifically documents scenarios for preventing sensitive items from being shared with external users in SharePoint and OneDrive, and DLP policies can also block or restrict sharing based on sensitive information types, labels, or policy conditions. This is exactly the control used when the requirement is to stop users from sharing corporate financial data outside the organization.

Option A is incorrect because retention labels manage how long content is kept or deleted, not whether it can be shared externally. Option C is incorrect because role groups are used for permissions and administrative access delegation, not content-sharing prevention. Option D is incorrect because Insider Risk Management is designed to detect and investigate risky user behavior, not to directly block external sharing transactions in the way DLP policies do. For proactive enforcement of external-sharing restrictions on sensitive financial information, Microsoft's documented solution is DLP policies.

Answer : A

The correct answer is A. Microsoft Entra ID Protection. Microsoft Learn explains that Microsoft Entra ID Protection detects sign-in risk and user risk and can work with Conditional Access risk policies to automatically respond when suspicious authentication activity is identified. Microsoft documents specifically state that organizations can configure sign-in risk policies and user risk policies to automate responses such as blocking access, requiring multifactor authentication, or forcing password changes when risky activity is detected. Microsoft also notes that some very high-confidence risky sign-ins are automatically blocked by built-in protections.

The other options do not match this function. Microsoft Defender for Office 365 focuses on email, collaboration, and threat protection for tools like Exchange Online and Teams, not sign-in risk blocking. Microsoft Entra Privileged Identity Management (PIM) manages privileged role activation and governance, not risky sign-in detection. Microsoft Defender for Identity detects identity-related threats in hybrid identity environments, but the Microsoft feature used to automatically block risky sign-ins is Microsoft Entra ID Protection.

Answer : A

The correct answer is A. the SharePoint admin center. Microsoft documents that the SharePoint admin center includes Data access governance reports and site-level sharing reports that help administrators identify where content is shared externally. Microsoft also documents that every standard Microsoft Teams team is connected to a SharePoint site for file storage and collaboration. Because Teams files and many sharing scenarios for teams are backed by SharePoint sites, the SharePoint admin center is the correct place to investigate which sites are shared externally, including Teams-connected SharePoint sites.

Answer : A, D

The correct answers are A and D. Microsoft documents that with group-based licensing, licenses assigned to a group are automatically inherited by the group's members. Therefore, if User1 is added to Group1, User1 can receive the Microsoft 365 E3 license through group membership. Microsoft also documents that licenses can be assigned directly to individual users, so assigning a Microsoft 365 E3 license straight to User1 is also a complete solution.

Options B and C are incorrect because Conditional Access controls how users access cloud resources after sign-in; it does not grant product entitlements or service licenses. Microsoft licensing guidance separates access-policy controls from actual license assignment. In this scenario, the issue is lack of license entitlement, not access conditions. As a result, the valid solutions are either to make User1 a member of the licensed group or to assign the license directly to User1. Microsoft also notes that group-based licensing assignment can fail if required user properties such as usage location are missing, but among the available answer choices, the two complete license-granting actions are Add User1 to Group1 and Assign a license to User1.

Answer : B

The correct answer is B. the Microsoft 365 admin center. Microsoft documents that administrators assign product licenses to users from the Microsoft 365 admin center, including on the Active users page where you can open a user account and manage Licenses and apps. Microsoft also documents license assignment workflows there for both direct assignment and group-based licensing scenarios. That makes the Microsoft 365 admin center the standard administrative portal for giving a user access to Microsoft 365 services and features.

The other options are incorrect for this task. The Microsoft Purview portal is used for compliance, governance, data protection, eDiscovery, audit, and related Purview solutions, not for assigning Microsoft 365 product licenses. The Microsoft Teams admin center is used to manage Teams settings, policies, devices, voice, and collaboration features, but it is not the central portal for assigning tenant product licenses to users.

Answer : B

The correct answer is B. using a custom agent that is grounded in work data. Microsoft Learn states that agents that access shared tenant data, such as SharePoint or Graph Connector content, are billed based on metered consumption. Microsoft also describes pay-as-you-go for Microsoft 365 as applying to agents in Microsoft 365 Copilot Chat, where organizations pay only for the messages used instead of assigning a full Microsoft 365 Copilot license. That is exactly the scenario described in option B: a custom agent grounded in work data.

The other options are not the intended pay-as-you-go scenario. A Teams meeting recap and Copilot in Word are standard Microsoft 365 Copilot application experiences tied to licensed Copilot functionality, not metered agent consumption. Researcher is an advanced Microsoft 365 Copilot agent available as part of Microsoft 365 Copilot capabilities, not the documented example of pay-as-you-go replacing a Copilot license. Microsoft's pay-as-you-go guidance centers on agent-based usage, especially agents grounded in organizational work data.