How to Pass the AB-900 Exam First Time: 2026 Study Guide

Last Updated: February 2026

The Microsoft AB-900 (Copilot and Agent Administration Fundamentals) exam is widely considered one of Microsoft's most challenging fundamentals certifications. Despite its "fundamentals" designation, test-takers consistently report being surprised by its difficulty. One experienced Microsoft Certified Trainer noted that "it covers a ton of content" and that "the breadth is huge" compared to other fundamentals exams like MS-900 or AZ-900.

If you're preparing for the AB-900 exam, this comprehensive guide will help you understand what to expect, how to prepare effectively, and which study strategies will give you the best chance of passing on your first attempt.

AB-900 Quick Facts

Before diving into preparation strategies, here are the essential details every candidate needs to know:

Attribute	Details
Official Name	Microsoft 365 Certified: Copilot and Agent Administration Fundamentals
Exam Code	AB-900
Duration	45 minutes (official); some candidates report 60 minutes
Questions	40-60 (includes unscored pilot questions)
Passing Score	700/1000 (scaled scoring)
Exam Fee	Standard Microsoft fundamentals pricing (confirm on Pearson VUE)
Target Audience	IT Administrators
Prerequisites	None (Microsoft 365 admin experience recommended)
Delivery	Online proctored or testing centre (Pearson VUE)
Status	Generally Available (February 2026)

What Is the AB-900 Exam?

The AB-900 certification validates your foundational knowledge of Microsoft 365, Copilot, and AI-powered agents from an administrative perspective. This exam tests your understanding of core Microsoft 365 services, data protection and governance, and the basic administrative tasks required to manage Copilot and agents in an enterprise environment.

Who Should Take AB-900?

This certification is designed for:

IT administrators responsible for Microsoft 365 environments
Collaboration specialists managing Teams, SharePoint, and Exchange
Security professionals overseeing data protection and governance
Technical professionals supporting AI-enabled Microsoft 365 deployments
Those pursuing Microsoft AI certification paths (AB-730, AB-731)

AB-900 vs Other Microsoft Certifications

The AB-900 sits within Microsoft's AI certification series:

MS-900: Covers Microsoft 365 fundamentals broadly (product features and licensing)
SC-900: Focuses on security, compliance, and identity fundamentals
AB-900: Builds on Microsoft 365 knowledge with specific focus on Copilot administration, AI governance, and data protection
AZ-900: Covers Azure cloud fundamentals (different product ecosystem)

One test-taker described AB-900 as "a modernised MS-900, with far more Purview and M365 awareness than expected."

How Difficult Is the AB-900 Exam Compared to Other Fundamentals?

AB-900 has earned a reputation among early candidates as the most challenging fundamentals-level exam Microsoft currently offers. One Microsoft Certified Trainer described it bluntly as the hardest fundamentals exam they had ever taken. That perception is not because individual questions are unusually deep; it is because the breadth is unusually wide for a fundamentals exam and the practice materials underprepare candidates for actual exam difficulty.

The table below compares AB-900 to the four other Microsoft fundamentals exams candidates most commonly stack alongside it. The pattern is clear: AZ-900, MS-900, and AI-900 all sit at the accessible end of the spectrum, SC-900 raises the bar a notch, and AB-900 pulls ahead on both scope and study time required.

Exam	Typical Difficulty	Realistic Study Time	Scope
AZ-900 (Azure Fundamentals)	Most accessible	1-2 weeks	Cloud concepts, Azure services
MS-900 (Microsoft 365 Fundamentals)	Accessible	1-2 weeks	Microsoft 365 features, licensing
AI-900 (Azure AI Fundamentals)	Accessible	1-2 weeks	AI concepts, Azure AI services
SC-900 (Security, Compliance and Identity)	Moderate	2-3 weeks	Security, compliance, identity
AB-900 (Copilot and Agent Administration)	Most challenging	2-4 weeks	M365, security, compliance, AI, portal navigation

The difference is scope. AZ-900 covers cloud concepts at a high level in a single discipline. AB-900 layers Microsoft 365 service administration, Zero Trust security principles, Microsoft Defender XDR awareness, Microsoft Entra identity management, the full Microsoft Purview compliance suite, Copilot licensing and administration, agent lifecycle management, and practical navigation across seven admin centres into a single 45-minute exam. It is fundamentals in name; in scope it rivals an Associate-level exam.

Three things consistently catch candidates off guard. First, the exam name suggests a Copilot-focused test, but Microsoft Purview and data governance account for the heaviest weighted domain at 35 to 40 percent. Second, the Microsoft Learn module assessments are widely reported to under-represent the real exam difficulty, leaving candidates who relied on them feeling confident before the test and blindsided during it. Third, navigation questions require practical knowledge of which admin centre handles which task, and that depth cannot be acquired from reading documentation alone.

Understanding the AB-900 Exam Format

Exam Duration and Question Count

The official Microsoft documentation states you'll have 45 minutes to answer 40-60 questions, though some community test-takers have reported receiving 60 minutes. Either way, time management is critical—you'll have roughly 45-90 seconds per question depending on your sitting. If you're uncertain on a question, flag it and move on.

Important: Not all questions count towards your final score. Microsoft includes unscored pilot questions used to evaluate future exam content. You won't know which questions are pilot questions, so treat every question as if it counts.

Passing Score Requirements

The AB-900 requires a score of 700 out of 1000 to pass. Crucially, this does not mean you need to answer 70% of questions correctly. Microsoft uses psychometric scaled scoring, where questions carry different weights based on difficulty and domain. Focus your preparation on Domain 2 (Data Protection and Governance at 35-40%) as it carries the heaviest weighting.

Question Types to Expect

The exam includes several question formats:

Single-select multiple choice: Choose the one correct answer from four options
Multi-select multiple choice: Choose all correct answers (typically 2-3 from 4-6 options)
True/False statements: Evaluate whether a statement is correct
Scenario-based questions: Apply knowledge to real-world administrative situations
Image-based questions: Identify where to click in admin centre screenshots

Unlike associate-level exams, the AB-900 does not include:

Complicated labs or case studies
Architecture design questions
PowerShell scripting questions
Step-by-step technical configurations

The exam tests breadth over depth—you need fundamental understanding across a wide range of topics rather than deep technical expertise in any one area.

AB-900 Exam Objectives Breakdown

Understanding the exam domains and their weightings is critical for efficient study planning.

Domain 1: Core Features of Microsoft 365 Services (30-35%)

This domain covers the foundational elements of Microsoft 365 administration:

Microsoft 365 Core Objects

Licence types and their impact on feature access
Organisation configuration via Microsoft 365 admin centre
Domain names and organisation settings
User and group management

Exchange Online Administration

Mailbox types and configuration
Distribution lists
Mail flow settings
Email security features

SharePoint in Microsoft 365

Sites, libraries, and folders
Roles and permissions
Oversharing identification and monitoring
SharePoint Advanced Management features

Microsoft Teams Administration

Teams and channels configuration
Meeting policies and messaging policies
Collaboration settings and troubleshooting

Security Principles and Features

Zero Trust principles
Authentication methods (MFA, passwordless, conditional access)
Microsoft Defender XDR features
Microsoft Entra ID capabilities
Single Sign-On (SSO) configuration
Conditional access policies
Privileged Identity Management (PIM)
Identity Secure Score interpretation
Audit logs for user and admin activity

Key Focus Areas:

Know which admin centre handles which tasks
Understand the difference between security groups and Microsoft 365 groups
Be familiar with MFA and conditional access troubleshooting tools

Domain 2: Data Protection and Governance Tasks (35-40%)

This is the highest-weighted domain and the biggest surprise for most candidates. Despite the exam being named "Copilot and Agent Administration," test-takers report that it "leaned far more towards Purview than Copilot or Agent administration."

Microsoft Purview Components

Information Protection:

Sensitivity labels and their use cases
Label policies and application
Data classification methods
When to use sensitivity labels vs other tools

Data Loss Prevention (DLP):

DLP policy creation and management
Alert identification and response
DLP vs sensitivity labels (critical distinction)
Monitoring data in motion

Insider Risk Management:

Risk indicators and policy templates
User activity monitoring
Investigation workflows

Communication Compliance:

Policy violations detection
Regulatory compliance monitoring
Inappropriate content identification

Data Security Posture Management (DSPM) for AI:

Discover and manage AI activity
Copilot data security considerations
AI-specific security controls

Data Lifecycle Management:

Retention policies and labels
Records management
Compliance with regulatory requirements

Data Security Implications of Copilot

How Copilot accesses data within Microsoft 365
Microsoft Graph influence on Copilot responses
How Copilot uses permissions and controls
Responsible AI principles

Identifying and Responding to Risks

Compliance Manager for risk identification
Data Explorer for sensitive information discovery
Activity Explorer for user activity monitoring
Content search and eDiscovery
SharePoint oversharing troubleshooting tools
Data access governance reports

Critical Knowledge Areas:

Understand when to use sensitivity labels vs DLP vs lifecycle management
Know the components of Microsoft Purview (there are many)
Understand how Copilot interacts with data protection controls

Domain 3: Basic Administrative Tasks for Copilot and Agents (25-30%)

Copilot and Agent Features

Differences between Copilot and agents
Licensing models (monthly subscription vs pay-as-you-go)
SharePoint-specific licensing considerations
Use cases for Researcher, Analyst, and custom agents

Copilot Administration Tasks

Assign Copilot licences to users
Monitor and manage pay-as-you-go billing policies
Track usage and adoption via Copilot Analytics
Monitor usage in Microsoft 365 admin centre
Manage prompts (saving, sharing, scheduling, deleting)

Agent Administration Tasks

Configure user access to agents
Create an agent using the creation wizard
Understand agent approval processes
Monitor agents using:
- Microsoft 365 admin centre
- Microsoft Power Platform admin centre
Track usage and operational insights
Manage agent lifecycle (creation, deployment, retirement)

Practical Preparation:

If possible, experiment with Copilot researcher and analyst agents
Understand the agent approval workflow
Know which admin centre is used for which monitoring task

The Seven Admin Centres You Must Know for AB-900

A unique challenge of the AB-900 exam is that questions test your practical knowledge of where specific tasks are performed, not just what those tasks are. Microsoft 365 administrators routinely move across multiple admin portals, and AB-900 expects you to know which centre handles which function without prompting. Candidates who have only read documentation, rather than clicked through the portals themselves, consistently report that portal-navigation questions cost them the most marks.

The table below maps the seven admin centres the exam draws from to the key functions you are expected to know in each one. Treat this as a checklist rather than a reference: aim to complete at least one realistic task in each portal before you sit the exam.

Admin Centre	Key Functions Tested
Microsoft 365 Admin Centre	User and group management, licence assignment, organisation settings, Copilot usage monitoring
Exchange Online Admin Centre	Mailbox configuration, distribution lists, email flow policies
SharePoint Admin Centre	Sites, libraries, permissions, oversharing monitoring, SharePoint Advanced Management
Teams Admin Centre	Teams, channels, meeting and messaging policies, collaboration settings
Microsoft Entra Admin Centre	Identity, conditional access, single sign-on, MFA, Privileged Identity Management, app registrations
Microsoft Purview Portal	Information protection, DLP, insider risk, communication compliance, eDiscovery, DSPM for AI
Power Platform Admin Centre	Agent monitoring, agent lifecycle management, environment configuration

A practical preparation tactic is to write each centre's URL into your browser bar from memory, then complete one small task: in the Microsoft 365 Admin Centre, assign a Copilot licence to a test user; in the Purview portal, create a single sensitivity label and apply it to a SharePoint site; in the Power Platform Admin Centre, view the agent inventory and inspect a recent agent's usage data. Twenty minutes inside each portal will out-perform two hours of reading about them.

Pay particular attention to crossover boundaries. SharePoint oversharing is monitored in both the SharePoint Admin Centre (via data access governance reports) and the Purview portal (via DSPM for AI activity discovery), and the exam will test which centre is the correct starting point for a given scenario. Similarly, agent monitoring spans both the Microsoft 365 Admin Centre and the Power Platform Admin Centre, with different telemetry visible in each.

Essential AB-900 Study Resources

Official Microsoft Resources

Microsoft Learn Study Guide

The official AB-900 Study Guide provides the complete exam objectives. One test-taker advised: "The study guide covers everything you'll be tested on. I don't think there's anything you can skip."

Official Training Course

Course AB-900T00-A: Introduction to Microsoft 365 and AI Administration

Duration: 1 day
Level: Beginner
Format: Instructor-led or self-paced via Microsoft Learn

Important note: An experienced Microsoft Certified Trainer revealed that "the official course is based on Microsoft Learn, and you'll actually find more content on Learn than in the paid material."

This means you can access comprehensive preparation materials for free through Microsoft Learn.

Exam Sandbox

Before exam day, familiarise yourself with the exam interface using Microsoft's free exam sandbox. This lets you experience the question types and navigation without the pressure of a real exam.

Non-native English speakers: If the exam is not available in your preferred language, you can request an additional 30 minutes of exam time through the accommodation process.

Microsoft 365 Documentation

Practice Exams and Question Banks

Official Microsoft Practice Assessment: Microsoft's free practice assessments are typically released within 8 weeks of an exam reaching General Availability. Check the AB-900 certification page for the latest availability.

Examinotion AB-900 Practice Exam: Take the AB-900 practice exam featuring 40 questions across all three domains, designed to reflect actual exam difficulty and question formats.

Hands-On Lab Practice

Theoretical knowledge alone won't prepare you for the AB-900. You need hands-on experience navigating admin centres and understanding how features work in practice.

Recommended Activities:

Navigate between the key admin centres listed above
Practice accessing Microsoft Purview from the Microsoft 365 admin centre
Create and apply sensitivity labels
Configure DLP policies
Explore Compliance Manager
Review the Identity Secure Score
Experiment with conditional access policies (in a test environment)
If you have access, try Copilot researcher and analyst agents

Creating Your AB-900 Study Plan

Recommended Study Timeline

Study time depends heavily on your existing Microsoft 365 experience:

Experienced Microsoft 365 Administrators (1-2 weeks): If you work daily with Microsoft 365 admin centres, Entra ID, and have some Purview exposure, you can prepare in 1-2 weeks with focused study.

IT Professionals with Some M365 Exposure (2-3 weeks): If you have general Microsoft 365 knowledge but limited admin centre experience, plan for 2-3 weeks of structured study.

New to Microsoft 365 Ecosystem (3-4 weeks): If you're new to Microsoft 365 administration, consider studying MS-900 and SC-900 first to build a solid foundation, then tackle AB-900. Total timeline: 3-4 weeks for AB-900 after foundation building.

Important: Microsoft's official estimate of "1 day of training is enough" is unrealistic for most candidates. One test-taker bluntly stated: "Microsoft says one day of training is enough—I don't think so."

Daily and Weekly Study Goals

Week 1: Foundation Building

Days 1-2: Study Domain 1 (Microsoft 365 Core Services)
Days 3-5: Deep dive into Microsoft Purview components
Days 6-7: Hands-on practice with admin centres

Week 2: Domain Mastery

Days 1-3: Study Domain 3 (Copilot and Agent Administration)
Days 4-5: Review security features (Defender XDR, Entra, PIM)
Days 6-7: Practice exam (identify weak areas)

Week 3: Intensive Practice (if needed)

Days 1-3: Focus on weak areas identified in practice exam
Days 4-5: Second practice exam
Days 6-7: Final review and exam day preparation

Tracking Your Progress

After each study session, test yourself on these key questions:

Can I explain when to use sensitivity labels vs DLP?
Do I know which admin centre handles each task?
Can I identify the components of Microsoft Purview?
Do I understand how Copilot accesses data?
Can I explain the agent approval process?

If you answer "no" to any of these, return to that topic before moving forward.

What to Memorise Before Exam Day

AB-900 is not a technical exam and does not require PowerShell or scripting knowledge, but it does reward candidates who have committed a short list of distinctions to memory. The list below captures the recurring decision points that scenario questions almost always hinge on.

Which admin centre handles which task across the seven Microsoft 365 portals
When to apply a sensitivity label versus a DLP policy versus a data lifecycle management retention rule
What each Microsoft Defender XDR product does and which workload it protects
The difference between the monthly Microsoft 365 Copilot licence and the pay-as-you-go model, including SharePoint pay-as-you-go specifics
The agent approval workflow steps and where they happen in the Microsoft 365 Admin Centre
The five core Zero Trust principles and how each one applies to Copilot data access
The use cases that differentiate the Researcher agent, the Analyst agent, and a custom agent built in Copilot Studio

Key Topics to Master for AB-900

Microsoft Purview Deep Dive

Given the 35-40% weighting, Purview mastery is non-negotiable. Focus on understanding:

Critical Distinctions:

Sensitivity Labels vs DLP:

Sensitivity Labels: Classify and protect data at rest; apply encryption and visual markings
DLP: Monitor and prevent data in motion; detect unauthorised sharing and take real-time protective actions
They complement each other but serve different purposes

When to Use Each Purview Tool:

Sensitivity labels: When you need to classify and encrypt documents
DLP: When you need to prevent unauthorised data sharing
Data Lifecycle Management: When you need retention or deletion policies
Communication Compliance: When you need to monitor for regulatory violations
Insider Risk Management: When you need to detect potential security threats from users

Microsoft Entra and Security

Entra ID (formerly Azure AD) questions appear throughout the exam:

Understand conditional access policy components
Know how MFA troubleshooting works
Understand risky sign-ins and how to investigate them
Know what Identity Secure Score measures
Understand Privileged Identity Management (PIM) role assignment
Know the difference between app registrations and enterprise apps

Copilot Licensing and Administration

While Copilot carries less weight than Purview, you still need solid understanding:

Licensing Models:

Monthly per-user subscription model
Pay-as-you-go billing (understand cost tracking)
SharePoint-specific licensing considerations

Administration Tasks:

How to assign Copilot licences via Microsoft 365 admin centre
Where to monitor usage and adoption (Copilot Analytics)
How to manage prompts (save, share, schedule, delete)

Agent Management:

Difference between Copilot and agents
Agent creation workflow
Agent approval process
Where to monitor agents (Power Platform admin centre)

Practice Exam Strategy

Practice exams are your most valuable preparation tool—but only if you use them correctly.

How Many Practice Tests to Take

Minimum Recommendation: 3 full practice exams

First exam: Diagnostic (identifies weak areas)
Second exam: After addressing weak areas
Third exam: Final readiness check

Analysing Your Practice Results

Don't just look at your overall score. Analyse performance by domain:

Domain	Your Score	Target
Domain 1: Core Features (30-35%)	___%	75%+
Domain 2: Data Protection (35-40%)	___%	75%+
Domain 3: Copilot Admin (25-30%)	___%	75%+

If you're scoring below 75% in any domain, that's your priority study area.

Improving Weak Areas

For each incorrect answer:

Read the explanation carefully
Find the relevant section in Microsoft Learn documentation
Research the topic beyond just that question
Test yourself again on that topic the next day

Don't just memorise practice exam answers—understand the underlying concepts so you can apply knowledge to different question formats.

AB-900 Exam Day Tips

Before the Exam

The Night Before:

Review key distinctions (sensitivity labels vs DLP, security groups vs M365 groups)
Review which admin centre handles which tasks
Get a full night's sleep (8 hours recommended)

The Morning Of:

Eat a proper meal 2-3 hours before the exam
Arrive 30 minutes early for in-person exams
For online proctored exams, log in 15 minutes early to complete system checks

Do NOT:

Cram new material the morning of the exam
Attempt practice exams on exam day (can undermine confidence)

During the Exam

Time Management Strategies:

Spend no more than 60 seconds on any single question initially
Flag difficult questions and return to them if time permits
Don't change answers unless you're certain—your first instinct is often correct

Approach by Question Type:

For Scenario Questions:

Read the scenario carefully
Identify what the question is actually asking
Eliminate obviously incorrect answers
Choose the best answer from remaining options

For Image-Based Questions:

Identify which admin centre is shown
Recall which menu section handles that task
Eliminate options not visible in the screenshot

For Multiple-Select Questions:

Note how many answers are required (if specified)
Evaluate each option independently
Don't assume there must be exactly two correct answers—there could be three or more

Managing Exam Anxiety

If you feel anxious during the exam:

Take three deep breaths
Remember that 700/1000 is passing—you don't need perfection
Focus on one question at a time, not the entire exam
If you're stuck, flag the question and move on

Frequently Asked Questions About AB-900

What is the passing score for the AB-900 exam?

The AB-900 exam requires a scaled score of 700 out of 1000 to pass. This does not equate to answering 70% of questions correctly, as Microsoft uses psychometric scaling where questions carry different weights. Focus your preparation on Domain 2 (Data Protection and Governance) as it carries the highest weighting at 35-40%.

How many questions are on the AB-900 exam?

The AB-900 exam contains between 40 and 60 questions, drawn from a larger question pool. The exact number varies per sitting. Some of these are unscored pilot questions used by Microsoft to evaluate future content. Official documentation states 45 minutes for the exam, though some candidates have reported 60 minutes.

How long should I study for AB-900?

Study time depends on your experience level. Experienced Microsoft 365 administrators typically need 1-2 weeks. IT professionals with some M365 exposure should plan 2-3 weeks. Those new to the Microsoft 365 ecosystem should allow 3-4 weeks or consider studying MS-900 and SC-900 first.

Is the AB-900 exam difficult?

Despite being classified as a fundamentals exam, AB-900 is widely considered the hardest Microsoft fundamentals certification. It covers an exceptionally broad range of topics across M365, Purview, Defender, Entra, and Copilot. Beta exam takers consistently report being surprised by the difficulty.

What is the difference between AB-900 and AZ-900?

AB-900 focuses on Microsoft 365 Copilot administration, security, and governance. AZ-900 covers Azure cloud computing fundamentals. They target different products, different audiences, and different career paths. AB-900 is for M365 administrators; AZ-900 is for cloud professionals.

How much does the AB-900 exam cost?

The AB-900 exam follows standard Microsoft fundamentals exam pricing. Pricing varies by region and is confirmed at booking through Pearson VUE. You can register for either an online proctored exam or an in-person testing centre appointment.

What topics does AB-900 cover?

AB-900 covers three domains: Core Features of Microsoft 365 Services (30-35%), Data Protection and Governance with Microsoft Purview (35-40%), and Basic Administrative Tasks for Copilot and Agents (25-30%). The data protection domain carries the highest weighting.

Is AB-900 the same as MS-900?

No, but they are related. MS-900 covers Microsoft 365 fundamentals broadly. AB-900 builds on M365 knowledge with a specific focus on Copilot administration, AI governance, and data protection. Beta exam takers describe AB-900 as "a modernised MS-900 with far more Purview and Copilot content."

Does AB-900 require coding knowledge?

No. AB-900 does not test PowerShell scripts, coding, or step-by-step technical configurations. The exam focuses on conceptual understanding—knowing what each product does, where to manage it in the admin centres, and when to use specific features like sensitivity labels versus DLP.

Where can I take the AB-900 exam?

You can take the AB-900 exam online via Pearson VUE proctored testing or at a physical testing centre. Both options are available in most countries. Online proctoring requires a webcam, microphone, and a quiet, private room.

Can I retake the AB-900 exam if I fail?

Yes. If you do not pass on your first attempt, you must wait 24 hours before retaking the exam. For subsequent retakes, you must wait at least 14 days, as outlined in Microsoft's retake policy.

Should I take MS-900 or SC-900 before AB-900?

It is not required but highly recommended. Beta exam takers advise studying MS-900 content for M365 fundamentals and SC-900 content for security and compliance. SC-900 is especially valuable because AB-900 heavily tests Purview and Defender topics.

Start Your AB-900 Preparation Today

The AB-900 exam is challenging, but with the right preparation strategy, it's absolutely achievable. Focus your study time on the highest-weighted domain (Microsoft Purview), gain hands-on experience with admin centres, and use practice exams to identify and address weak areas.

Ready to test your knowledge? Start practising with Examinotion's AB-900 practice exam featuring 40 questions across all three domains.

For a structured 30-day study plan with daily objectives and progress tracking, see our comprehensive AB-900 study guide.

Related Resources:

Microsoft AI Certification Roadmap - See how AB-900 fits into the broader certification pathway
AB-730 Study Guide - For business professionals focusing on Copilot usage
AB-731 Study Guide - For AI leadership certification

Article researched and verified with official Microsoft Learn documentation and first-hand test-taker experiences. All exam information current as of February 2026.