How to Pass the AB-900 Exam: Complete Guide

Last Updated: February 2026

The Microsoft AB-900 (Copilot and Agent Administration Fundamentals) exam is widely considered one of Microsoft's most challenging fundamentals certifications. Despite its "fundamentals" designation, test-takers consistently report being surprised by its difficulty. One experienced Microsoft Certified Trainer noted that "it covers a ton of content" and that "the breadth is huge" compared to other fundamentals exams like MS-900 or AZ-900.

If you're preparing for the AB-900 exam, this comprehensive guide will help you understand what to expect, how to prepare effectively, and which study strategies will give you the best chance of passing on your first attempt.

AB-900 Quick Facts

Before diving into preparation strategies, here are the essential details every candidate needs to know:

Attribute	Details
Official Name	Microsoft 365 Certified: Copilot and Agent Administration Fundamentals
Exam Code	AB-900
Duration	45 minutes (official); some candidates report 60 minutes
Questions	40-60 (includes unscored pilot questions)
Passing Score	700/1000 (scaled scoring)
Exam Fee	Standard Microsoft fundamentals pricing (confirm on Pearson VUE)
Target Audience	IT Administrators
Prerequisites	None (Microsoft 365 admin experience recommended)
Delivery	Online proctored or testing centre (Pearson VUE)
Status	Generally Available (February 2026)

What Is the AB-900 Exam?

The AB-900 certification validates your foundational knowledge of Microsoft 365, Copilot, and AI-powered agents from an administrative perspective. This exam tests your understanding of core Microsoft 365 services, data protection and governance, and the basic administrative tasks required to manage Copilot and agents in an enterprise environment.

Who Should Take AB-900?

This certification is designed for:

IT administrators responsible for Microsoft 365 environments
Collaboration specialists managing Teams, SharePoint, and Exchange
Security professionals overseeing data protection and governance
Technical professionals supporting AI-enabled Microsoft 365 deployments
Those pursuing Microsoft AI certification paths (AB-730, AB-731)

AB-900 vs Other Microsoft Certifications

The AB-900 sits within Microsoft's AI certification series:

MS-900: Covers Microsoft 365 fundamentals broadly (product features and licensing)
SC-900: Focuses on security, compliance, and identity fundamentals
AB-900: Builds on Microsoft 365 knowledge with specific focus on Copilot administration, AI governance, and data protection
AZ-900: Covers Azure cloud fundamentals (different product ecosystem)

One test-taker described AB-900 as "a modernised MS-900, with far more Purview and M365 awareness than expected."

Understanding the AB-900 Exam Format

Exam Duration and Question Count

The official Microsoft documentation states you'll have 45 minutes to answer 40-60 questions, though some community test-takers have reported receiving 60 minutes. Either way, time management is critical—you'll have roughly 45-90 seconds per question depending on your sitting. If you're uncertain on a question, flag it and move on.

Important: Not all questions count towards your final score. Microsoft includes unscored pilot questions used to evaluate future exam content. You won't know which questions are pilot questions, so treat every question as if it counts.

Passing Score Requirements

The AB-900 requires a score of 700 out of 1000 to pass. Crucially, this does not mean you need to answer 70% of questions correctly. Microsoft uses psychometric scaled scoring, where questions carry different weights based on difficulty and domain. Focus your preparation on Domain 2 (Data Protection and Governance at 35-40%) as it carries the heaviest weighting.

Question Types to Expect

The exam includes several question formats:

Single-select multiple choice: Choose the one correct answer from four options
Multi-select multiple choice: Choose all correct answers (typically 2-3 from 4-6 options)
True/False statements: Evaluate whether a statement is correct
Scenario-based questions: Apply knowledge to real-world administrative situations
Image-based questions: Identify where to click in admin centre screenshots

Unlike associate-level exams, the AB-900 does not include:

Complicated labs or case studies
Architecture design questions
PowerShell scripting questions
Step-by-step technical configurations

The exam tests breadth over depth—you need fundamental understanding across a wide range of topics rather than deep technical expertise in any one area.

AB-900 Exam Objectives Breakdown

Understanding the exam domains and their weightings is critical for efficient study planning.

Domain 1: Core Features of Microsoft 365 Services (30-35%)

This domain covers the foundational elements of Microsoft 365 administration:

Microsoft 365 Core Objects

Licence types and their impact on feature access
Organisation configuration via Microsoft 365 admin centre
Domain names and organisation settings
User and group management

Exchange Online Administration

Mailbox types and configuration
Distribution lists
Mail flow settings
Email security features

SharePoint in Microsoft 365

Sites, libraries, and folders
Roles and permissions
Oversharing identification and monitoring
SharePoint Advanced Management features

Microsoft Teams Administration

Teams and channels configuration
Meeting policies and messaging policies
Collaboration settings and troubleshooting

Security Principles and Features

Zero Trust principles
Authentication methods (MFA, passwordless, conditional access)
Microsoft Defender XDR features
Microsoft Entra ID capabilities
Single Sign-On (SSO) configuration
Conditional access policies
Privileged Identity Management (PIM)
Identity Secure Score interpretation
Audit logs for user and admin activity

Key Focus Areas:

Know which admin centre handles which tasks
Understand the difference between security groups and Microsoft 365 groups
Be familiar with MFA and conditional access troubleshooting tools

Domain 2: Data Protection and Governance Tasks (35-40%)

This is the highest-weighted domain and the biggest surprise for most candidates. Despite the exam being named "Copilot and Agent Administration," test-takers report that it "leaned far more towards Purview than Copilot or Agent administration."

Microsoft Purview Components

Information Protection:

Sensitivity labels and their use cases
Label policies and application
Data classification methods
When to use sensitivity labels vs other tools

Data Loss Prevention (DLP):

DLP policy creation and management
Alert identification and response
DLP vs sensitivity labels (critical distinction)
Monitoring data in motion

Insider Risk Management:

Risk indicators and policy templates
User activity monitoring
Investigation workflows

Communication Compliance:

Policy violations detection
Regulatory compliance monitoring
Inappropriate content identification

Data Security Posture Management (DSPM) for AI:

Discover and manage AI activity
Copilot data security considerations
AI-specific security controls

Data Lifecycle Management:

Retention policies and labels
Records management
Compliance with regulatory requirements

Data Security Implications of Copilot

How Copilot accesses data within Microsoft 365
Microsoft Graph influence on Copilot responses
How Copilot uses permissions and controls
Responsible AI principles

Identifying and Responding to Risks

Compliance Manager for risk identification
Data Explorer for sensitive information discovery
Activity Explorer for user activity monitoring
Content search and eDiscovery
SharePoint oversharing troubleshooting tools
Data access governance reports

Critical Knowledge Areas:

Understand when to use sensitivity labels vs DLP vs lifecycle management
Know the components of Microsoft Purview (there are many)
Understand how Copilot interacts with data protection controls

Domain 3: Basic Administrative Tasks for Copilot and Agents (25-30%)

Copilot and Agent Features

Differences between Copilot and agents
Licensing models (monthly subscription vs pay-as-you-go)
SharePoint-specific licensing considerations
Use cases for Researcher, Analyst, and custom agents

Copilot Administration Tasks

Assign Copilot licences to users
Monitor and manage pay-as-you-go billing policies
Track usage and adoption via Copilot Analytics
Monitor usage in Microsoft 365 admin centre
Manage prompts (saving, sharing, scheduling, deleting)

Agent Administration Tasks

Configure user access to agents
Create an agent using the creation wizard
Understand agent approval processes
Monitor agents using:
- Microsoft 365 admin centre
- Microsoft Power Platform admin centre
Track usage and operational insights
Manage agent lifecycle (creation, deployment, retirement)

Practical Preparation:

If possible, experiment with Copilot researcher and analyst agents
Understand the agent approval workflow
Know which admin centre is used for which monitoring task

Why AB-900 Is Harder Than You Expect

The Purview Surprise

The single biggest challenge for AB-900 candidates is the heavy emphasis on Microsoft Purview. One test-taker reported: "The exam leaned far more towards Purview than Copilot or Agent administration."

With Purview carrying 35-40% of the exam weight, you can't pass this exam without solid understanding of:

When to use sensitivity labels vs DLP vs lifecycle management
How insider risk management works
Communication compliance policy violations
DSPM for AI capabilities

Why This Catches People Off Guard: Most collaboration specialists focus on Teams, SharePoint, and Exchange. Purview components like Insider Risk Management and Communication Compliance are typically handled by security and compliance teams. The AB-900 requires cross-discipline knowledge that may be outside your typical job responsibilities.

Another test-taker highlighted: "A lot of the challenges for me came from knowing where certain things live across the various portals."

You need practical knowledge of multiple admin centres, including:

Microsoft 365 Admin Centre
Exchange Online Admin Centre
SharePoint Admin Centre
Microsoft Teams Admin Centre
Microsoft Entra Admin Centre
Microsoft Purview Portal
Microsoft Power Platform Admin Centre

It's not enough to know that a feature exists—you must know where to find it and manage it. Questions may present screenshots asking you to identify which menu option to select or which admin centre to use for a specific task.

Breadth Over Depth

Despite being a fundamentals exam, the AB-900 covers an exceptionally wide range of topics. As one Microsoft Certified Trainer noted: "It covers a ton of content. It's a fundamentals exam, so it doesn't go deep, but the breadth is huge."

This breadth makes it difficult to predict which specific topics will appear on your exam. You can't afford to skip sections of the study guide—everything is fair game.

Unexpected Security Topics

Collaboration experts report being surprised by questions on Microsoft Defender XDR. One test-taker explained: "Most collaboration experts don't touch Defender XDR much because it's usually handled by security teams, but you need to know what each Defender product does."

Practice Materials Gap

The most concerning feedback from test-takers: "The assessments at the end of Microsoft Learn modules are way too easy and don't reflect the difficulty of the actual exam—the real exam is harder."

This means you cannot rely solely on Microsoft Learn practice questions to gauge your readiness. You need structured practice exams that reflect actual exam difficulty.

Essential AB-900 Study Resources

Official Microsoft Resources

Microsoft Learn Study Guide

The official AB-900 Study Guide provides the complete exam objectives. One test-taker advised: "The study guide covers everything you'll be tested on. I don't think there's anything you can skip."

Official Training Course

Course AB-900T00-A: Introduction to Microsoft 365 and AI Administration

Duration: 1 day
Level: Beginner
Format: Instructor-led or self-paced via Microsoft Learn

Important note: An experienced Microsoft Certified Trainer revealed that "the official course is based on Microsoft Learn, and you'll actually find more content on Learn than in the paid material."

This means you can access comprehensive preparation materials for free through Microsoft Learn.

Exam Sandbox

Before exam day, familiarise yourself with the exam interface using Microsoft's free exam sandbox. This lets you experience the question types and navigation without the pressure of a real exam.

Non-native English speakers: If the exam is not available in your preferred language, you can request an additional 30 minutes of exam time through the accommodation process.

Microsoft 365 Documentation

Practice Exams and Question Banks

Official Microsoft Practice Assessment: Microsoft's free practice assessments are typically released within 8 weeks of an exam reaching General Availability. Check the AB-900 certification page for the latest availability.

Examinotion AB-900 Practice Exam: Take the AB-900 practice exam featuring 40 questions across all three domains, designed to reflect actual exam difficulty and question formats.

Hands-On Lab Practice

Theoretical knowledge alone won't prepare you for the AB-900. You need hands-on experience navigating admin centres and understanding how features work in practice.

Recommended Activities:

Navigate between the key admin centres listed above
Practice accessing Microsoft Purview from the Microsoft 365 admin centre
Create and apply sensitivity labels
Configure DLP policies
Explore Compliance Manager
Review the Identity Secure Score
Experiment with conditional access policies (in a test environment)
If you have access, try Copilot researcher and analyst agents

Creating Your AB-900 Study Plan

Recommended Study Timeline

Study time depends heavily on your existing Microsoft 365 experience:

Experienced Microsoft 365 Administrators (1-2 weeks): If you work daily with Microsoft 365 admin centres, Entra ID, and have some Purview exposure, you can prepare in 1-2 weeks with focused study.

IT Professionals with Some M365 Exposure (2-3 weeks): If you have general Microsoft 365 knowledge but limited admin centre experience, plan for 2-3 weeks of structured study.

New to Microsoft 365 Ecosystem (3-4 weeks): If you're new to Microsoft 365 administration, consider studying MS-900 and SC-900 first to build a solid foundation, then tackle AB-900. Total timeline: 3-4 weeks for AB-900 after foundation building.

Important: Microsoft's official estimate of "1 day of training is enough" is unrealistic for most candidates. One test-taker bluntly stated: "Microsoft says one day of training is enough—I don't think so."

Daily and Weekly Study Goals

Week 1: Foundation Building

Days 1-2: Study Domain 1 (Microsoft 365 Core Services)
Days 3-5: Deep dive into Microsoft Purview components
Days 6-7: Hands-on practice with admin centres

Week 2: Domain Mastery

Days 1-3: Study Domain 3 (Copilot and Agent Administration)
Days 4-5: Review security features (Defender XDR, Entra, PIM)
Days 6-7: Practice exam (identify weak areas)

Week 3: Intensive Practice (if needed)

Days 1-3: Focus on weak areas identified in practice exam
Days 4-5: Second practice exam
Days 6-7: Final review and exam day preparation

Tracking Your Progress

After each study session, test yourself on these key questions:

Can I explain when to use sensitivity labels vs DLP?
Do I know which admin centre handles each task?
Can I identify the components of Microsoft Purview?
Do I understand how Copilot accesses data?
Can I explain the agent approval process?

If you answer "no" to any of these, return to that topic before moving forward.

Key Topics to Master for AB-900

Microsoft Purview Deep Dive

Given the 35-40% weighting, Purview mastery is non-negotiable. Focus on understanding:

Critical Distinctions:

Sensitivity Labels vs DLP:

Sensitivity Labels: Classify and protect data at rest; apply encryption and visual markings
DLP: Monitor and prevent data in motion; detect unauthorised sharing and take real-time protective actions
They complement each other but serve different purposes

When to Use Each Purview Tool:

Sensitivity labels: When you need to classify and encrypt documents
DLP: When you need to prevent unauthorised data sharing
Data Lifecycle Management: When you need retention or deletion policies
Communication Compliance: When you need to monitor for regulatory violations
Insider Risk Management: When you need to detect potential security threats from users

Microsoft Entra and Security

Entra ID (formerly Azure AD) questions appear throughout the exam:

Understand conditional access policy components
Know how MFA troubleshooting works
Understand risky sign-ins and how to investigate them
Know what Identity Secure Score measures
Understand Privileged Identity Management (PIM) role assignment
Know the difference between app registrations and enterprise apps

Copilot Licensing and Administration

While Copilot carries less weight than Purview, you still need solid understanding:

Licensing Models:

Monthly per-user subscription model
Pay-as-you-go billing (understand cost tracking)
SharePoint-specific licensing considerations

Administration Tasks:

How to assign Copilot licences via Microsoft 365 admin centre
Where to monitor usage and adoption (Copilot Analytics)
How to manage prompts (save, share, schedule, delete)

Agent Management:

Difference between Copilot and agents
Agent creation workflow
Agent approval process
Where to monitor agents (Power Platform admin centre)

Practice Exam Strategy

Practice exams are your most valuable preparation tool—but only if you use them correctly.

How Many Practice Tests to Take

Minimum Recommendation: 3 full practice exams

First exam: Diagnostic (identifies weak areas)
Second exam: After addressing weak areas
Third exam: Final readiness check

Analysing Your Practice Results

Don't just look at your overall score. Analyse performance by domain:

Domain	Your Score	Target
Domain 1: Core Features (30-35%)	___%	75%+
Domain 2: Data Protection (35-40%)	___%	75%+
Domain 3: Copilot Admin (25-30%)	___%	75%+

If you're scoring below 75% in any domain, that's your priority study area.

Improving Weak Areas

For each incorrect answer:

Read the explanation carefully
Find the relevant section in Microsoft Learn documentation
Research the topic beyond just that question
Test yourself again on that topic the next day

Don't just memorise practice exam answers—understand the underlying concepts so you can apply knowledge to different question formats.

AB-900 Exam Day Tips

Before the Exam

The Night Before:

Review key distinctions (sensitivity labels vs DLP, security groups vs M365 groups)
Review which admin centre handles which tasks
Get a full night's sleep (8 hours recommended)

The Morning Of:

Eat a proper meal 2-3 hours before the exam
Arrive 30 minutes early for in-person exams
For online proctored exams, log in 15 minutes early to complete system checks

Do NOT:

Cram new material the morning of the exam
Attempt practice exams on exam day (can undermine confidence)

During the Exam

Time Management Strategies:

Spend no more than 60 seconds on any single question initially
Flag difficult questions and return to them if time permits
Don't change answers unless you're certain—your first instinct is often correct

Approach by Question Type:

For Scenario Questions:

Read the scenario carefully
Identify what the question is actually asking
Eliminate obviously incorrect answers
Choose the best answer from remaining options

For Image-Based Questions:

Identify which admin centre is shown
Recall which menu section handles that task
Eliminate options not visible in the screenshot

For Multiple-Select Questions:

Note how many answers are required (if specified)
Evaluate each option independently
Don't assume there must be exactly two correct answers—there could be three or more

Managing Exam Anxiety

If you feel anxious during the exam:

Take three deep breaths
Remember that 700/1000 is passing—you don't need perfection
Focus on one question at a time, not the entire exam
If you're stuck, flag the question and move on

Frequently Asked Questions About AB-900

What is the passing score for the AB-900 exam?

The AB-900 exam requires a scaled score of 700 out of 1000 to pass. This does not equate to answering 70% of questions correctly, as Microsoft uses psychometric scaling where questions carry different weights. Focus your preparation on Domain 2 (Data Protection and Governance) as it carries the highest weighting at 35-40%.

How many questions are on the AB-900 exam?

The AB-900 exam contains between 40 and 60 questions, drawn from a larger question pool. The exact number varies per sitting. Some of these are unscored pilot questions used by Microsoft to evaluate future content. Official documentation states 45 minutes for the exam, though some candidates have reported 60 minutes.

How long should I study for AB-900?

Study time depends on your experience level. Experienced Microsoft 365 administrators typically need 1-2 weeks. IT professionals with some M365 exposure should plan 2-3 weeks. Those new to the Microsoft 365 ecosystem should allow 3-4 weeks or consider studying MS-900 and SC-900 first.

Is the AB-900 exam difficult?

Despite being classified as a fundamentals exam, AB-900 is widely considered the hardest Microsoft fundamentals certification. It covers an exceptionally broad range of topics across M365, Purview, Defender, Entra, and Copilot. Beta exam takers consistently report being surprised by the difficulty.

What is the difference between AB-900 and AZ-900?

AB-900 focuses on Microsoft 365 Copilot administration, security, and governance. AZ-900 covers Azure cloud computing fundamentals. They target different products, different audiences, and different career paths. AB-900 is for M365 administrators; AZ-900 is for cloud professionals.

How much does the AB-900 exam cost?

The AB-900 exam follows standard Microsoft fundamentals exam pricing. Pricing varies by region and is confirmed at booking through Pearson VUE. You can register for either an online proctored exam or an in-person testing centre appointment.

What topics does AB-900 cover?

AB-900 covers three domains: Core Features of Microsoft 365 Services (30-35%), Data Protection and Governance with Microsoft Purview (35-40%), and Basic Administrative Tasks for Copilot and Agents (25-30%). The data protection domain carries the highest weighting.

Is AB-900 the same as MS-900?

No, but they are related. MS-900 covers Microsoft 365 fundamentals broadly. AB-900 builds on M365 knowledge with a specific focus on Copilot administration, AI governance, and data protection. Beta exam takers describe AB-900 as "a modernised MS-900 with far more Purview and Copilot content."

Does AB-900 require coding knowledge?

No. AB-900 does not test PowerShell scripts, coding, or step-by-step technical configurations. The exam focuses on conceptual understanding—knowing what each product does, where to manage it in the admin centres, and when to use specific features like sensitivity labels versus DLP.

Where can I take the AB-900 exam?

You can take the AB-900 exam online via Pearson VUE proctored testing or at a physical testing centre. Both options are available in most countries. Online proctoring requires a webcam, microphone, and a quiet, private room.

Can I retake the AB-900 exam if I fail?

Yes. If you do not pass on your first attempt, you must wait 24 hours before retaking the exam. For subsequent retakes, you must wait at least 14 days, as outlined in Microsoft's retake policy.

Should I take MS-900 or SC-900 before AB-900?

It is not required but highly recommended. Beta exam takers advise studying MS-900 content for M365 fundamentals and SC-900 content for security and compliance. SC-900 is especially valuable because AB-900 heavily tests Purview and Defender topics.

Start Your AB-900 Preparation Today

The AB-900 exam is challenging, but with the right preparation strategy, it's absolutely achievable. Focus your study time on the highest-weighted domain (Microsoft Purview), gain hands-on experience with admin centres, and use practice exams to identify and address weak areas.

Ready to test your knowledge? Start practising with Examinotion's AB-900 practice exam featuring 40 questions across all three domains.

For a structured 30-day study plan with daily objectives and progress tracking, see our comprehensive AB-900 study guide.

Related Resources:

Microsoft AI Certification Roadmap - See how AB-900 fits into the broader certification pathway
AB-730 Study Guide - For business professionals focusing on Copilot usage
AB-731 Study Guide - For AI leadership certification

Article researched and verified with official Microsoft Learn documentation and first-hand test-taker experiences. All exam information current as of February 2026.