Microsoft 365 Certified: Copilot and Agent Administration

Domain 1: Identify the Core Features and Objects of Microsoft 365 Services (30–35%)

This domain evaluates your foundational understanding of the Microsoft 365 ecosystem, its critical administrative hubs, and core identity/security controls that underpin AI tools.

1.1 Navigate Microsoft 365 Core Services & Admin Centers

Administrative Landscapes: Identify the core purposes and boundaries of the primary admin portals:

Microsoft 365 Admin Center (general setup, global configurations, user/licensing management)

Exchange admin center (EAC)

SharePoint admin center

Microsoft Teams admin center

Workload Configuration & Objects:

Identify appropriate objects within Exchange Online (user mailboxes, shared mailboxes, distribution lists).

Identify appropriate objects within SharePoint in Microsoft 365 (communication sites, team sites, document libraries, and folder structures).

Understand roles and permission models mapping specifically to SharePoint sites.

Identify appropriate objects within the Microsoft Teams admin center (teams, channels, and associated policies).

1.2 Understand Microsoft 365 Security Principles

Zero Trust Architecture: Core pillars and principles of the Zero Trust security framework (Verify Explicitly, Use Least Privileged Access, Assume Breach).

Authentication vs. Authorization: Clear delineation between verifying an identity (Authentication) and granting specific resource rights (Authorization).

Threat Protection: High-level identification of threat intelligence concepts and the core capabilities of Microsoft Defender XDR.

1.3 Identify Core Identity and Access Security Features

Microsoft Entra ID: General features, identity directory structures, and capabilities.

Access Controls: Understanding Conditional Access policies (signals, decisions, and enforcement mechanisms) and the benefits/purpose of Single Sign-On (SSO).

Identity Objects & Management: Choosing correct security objects (Users vs. Groups) to scale out administrative tasks safely.

Troubleshooting Sign-ins: Recognizing tools used to identify and fix common login issues (e.g., Multifactor Authentication [MFA] loops, conditional access blocks, risky sign-ins).

Advanced Identity Features: Interpreting the Identity Secure Score within Entra ID, auditing activities via user/admin logs, and understanding the role of Privileged Identity Management (PIM), App registrations, and Enterprise applications.

Domain 2: Understand Data Protection and Governance Tasks for Microsoft 365 and Copilot (35–40%)

Because generative AI depends entirely on the data it can access, data compliance, classification, and preventing "oversharing" are central pillars of this certification.

2.1 Navigate Microsoft Purview Compliance Features

Purview Core Stack: Deep fundamental understanding of the following capabilities:

Microsoft Purview Information Protection

Microsoft Purview Data Loss Prevention (DLP)

Microsoft Purview Insider Risk Management

Microsoft Purview Communication Compliance

Microsoft Purview Data Security Posture Management (DSPM) for AI

Microsoft Purview Data Lifecycle Management

Data Classification & Retention: Best use cases for Sensitivity Labels, understanding how data classification operates, and implementing basic retention rules.

2.2 Understand Data Security Implications of Copilot

Data Retrieval & Microsoft Graph: How Copilot accesses and interacts with corporate data, and the role Microsoft Graph plays in formatting and boundary-scoping Copilot’s responses.

Security Interoperability: How Copilot dynamically respects active permissions, Microsoft Purview settings, and Microsoft Defender controls to inherently mitigate security risks.

Responsible AI: Essential alignment with Microsoft's Responsible AI guiding principles (Fairness, Reliability & Safety, Privacy & Security, Inclusiveness, Transparency, Accountability).

2.3 Identify Data Protection & Governance Risks

Risk Discovery & Remediation:

Leveraging Microsoft Purview Compliance Manager to identify compliance postures.

Using Purview Data Explorer to hunt for sensitive information types.

Pinpointing internal threats via Insider Risk Management and reviewing policy violations inside Communication Compliance.

Responding to automated alerts triggered by Data Loss Prevention (DLP).

Monitoring live user activities via the Purview Activity Explorer and tracing file/email records with Content Search / eDiscovery.

Managing AI Footprints: Tracking and auditing organizational AI activities using DSPM for AI.

2.4 Identify and Monitor Oversharing in SharePoint Online

Oversharing Remediation: Tools to troubleshoot loose permissions and accidental wide-open data in the enterprise.

Data Access Governance (DAG): Building and running DAG reports to review wide-reaching links or overshared sites.

SharePoint Advanced Management (SAM): Utilizing SAM functionalities, specifically focusing on Restricted Site Access (RSA) policies to cap access boundaries.

Domain 3: Perform Basic Administrative Tasks for Copilot and Agents (25–30%)

This domain tests the day-to-day configuration, licensing, prompt governance, and lifecycle management of both built-in Copilot functions and extensible custom agents.

3.1 Understand Copilot and Agent Capabilities

Product Capabilities: Comparing built-in, out-of-the-box Microsoft 365 Copilot capabilities versus custom-built extensions or standalone AI agents.

Feature Toggles: Discovered through admin panels—knowing which global Copilot capabilities can be enabled or disabled tenant-wide.

Persona Use Cases: Determining the correct environments and targets for specialized tools such as Researcher, Analyst, and custom business agents.

3.2 Perform Basic Administrative Tasks for Copilot

Licensing & Monetization Models: Comparing a standard monthly flat subscription model to a Pay-As-You-Go model (including consumption models relating to SharePoint).

Day-to-Day Operations:

Assigning and revoking Copilot licenses in the Admin Center.

Monitoring and controlling pay-as-you-go billing limits and resource policies.

Reviewing utilization via Copilot Analytics dashboards to drive user adoption.

Prompt Governance: Administering corporate prompts, including configurations for saving, sharing, scheduling, and deleting prompt libraries.

3.3 Perform Basic Administrative Tasks for Agents

Access Control: Designing and configuring strict user permissions determining who can build, access, or trigger agents.

Agent Lifecycle Management:

The fundamental flow of creating, basic editing, and configuring a new agent.

The organization approval process required to deploy an agent safely.

Monitoring Insights: Navigating both the Microsoft 365 Admin Center and the Microsoft Power Platform Admin Center to extract usage metrics, assess operational insights, and govern the full lifecycle of custom AI agents.

Exam Summary & Strategy

Format: Roughly 40–50 Multiple-Choice, Scenario-based, and Drag-and-Drop questions.

Duration: 45 minutes.

Passing Score: 700 / 1000.

Key Study Focus: Do not split hairs over complex coding. Focus heavily on how Microsoft Purview and Microsoft Entra ID act as the guardrails for Copilot. If you understand how permissions cascade down from SharePoint/Graph into Copilot responses, you will effortlessly clear the heaviest portions of this exam.