Microsoft AB-900 Exam Dumps

The correct answer is A. Data access governance in the SharePoint admin center. Microsoft Learn documents Data access governance reports in the SharePoint admin center as the reporting solution used to understand data exposure, including permission structure and sharing link activity. Microsoft specifically states that the site permissions snapshot report provides visibility across SharePoint and OneDrive sites, helping administrators understand current permissions exposure, and that separate reports are created for SharePoint and OneDrive. Microsoft also documents sharing links activity reports as part of Data access governance for monitoring link-sharing activity, and notes that OneDrive support is available through PowerShell for those reports. Together, this is the Microsoft reporting capability aligned with permissions and active sharing links for OneDrive content.

The other options do not fit this requirement. Microsoft 365 admin center reports focus mainly on usage and activity reporting, not detailed permissions and sharing-link governance. Defender Audit is for security investigation activity, and Purview eDiscovery is for legal and investigative content search, not for generating OneDrive permissions and sharing-link governance reports. Therefore, the best Microsoft-documented answer is Data access governance in the SharePoint admin center.

The correct answer is D. From the Finance site, configure permissions. Microsoft states that Microsoft 365 Copilot honors existing Microsoft 365 permissions and only grounds responses in content that the signed-in user is already allowed to access. That means if users are getting Finance-site content in Copilot responses, those users likely still have permission to that SharePoint content. The direct fix is to review and correct the site, library, folder, or file permissions on the Finance site so only the intended users retain access.

The other options do not directly solve this requirement. Information Barriers are designed for communication and collaboration segmentation scenarios, not for ordinary site-level oversharing remediation. A Defender data connector is unrelated to SharePoint permission enforcement. Conditional Access controls sign-in and session access conditions, but it does not selectively remove Copilot grounding from one SharePoint site for users who still have site permissions. Because Copilot uses SharePoint and Microsoft Graph permissions as its boundary, the Microsoft-documented corrective action is to fix the Finance site permissions.

The correct answer is D. the Microsoft 365 admin center. Microsoft Learn states that users with a Microsoft 365 Copilot license can use Copilot capabilities, and Microsoft specifically points administrators to the Microsoft 365 admin center and its setup guidance to assign the required licenses to users. Microsoft also documents that the Researcher and Analyst agents were deployed to existing users with Microsoft 365 Copilot licenses and that administrators govern these agents through the Microsoft 365 admin center.

The other portals are not the primary place for this task. Microsoft Entra admin center focuses on identity and access, Microsoft Purview focuses on compliance and governance, and Microsoft Defender focuses on security operations and threat protection. None of those is the main admin experience Microsoft documents for assigning Microsoft 365 Copilot access and managing the availability of Researcher and Analyst. Because the goal is to enable a user to use Microsoft 365 Copilot and its Microsoft-provided agents, the correct administrative tool is the Microsoft 365 admin center.

The correct answer is C. Microsoft Graph. Microsoft documents that Microsoft 365 Copilot combines large language models with content and context from the Microsoft Graph to generate grounded responses. Microsoft Graph provides access to organizational data and signals across Microsoft 365 services, including SharePoint, OneDrive, Exchange, Teams, calendars, chats, files, and other work content. When SharePoint data is relevant to the prompt and the user already has permission to access it, Copilot uses Microsoft Graph as the layer that retrieves and grounds that corporate data for the response.

The correct answer is A. Microsoft Entra ID Protection. Microsoft Learn explains that Microsoft Entra ID Protection detects sign-in risk and user risk and can work with Conditional Access risk policies to automatically respond when suspicious authentication activity is identified. Microsoft documents specifically state that organizations can configure sign-in risk policies and user risk policies to automate responses such as blocking access, requiring multifactor authentication, or forcing password changes when risky activity is detected. Microsoft also notes that some very high-confidence risky sign-ins are automatically blocked by built-in protections.

The other options do not match this function. Microsoft Defender for Office 365 focuses on email, collaboration, and threat protection for tools like Exchange Online and Teams, not sign-in risk blocking. Microsoft Entra Privileged Identity Management (PIM) manages privileged role activation and governance, not risky sign-in detection. Microsoft Defender for Identity detects identity-related threats in hybrid identity environments, but the Microsoft feature used to automatically block risky sign-ins is Microsoft Entra ID Protection.