🔒 Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided AB-900 Domain 1
Domain 1 — Module 3 of 10 30%
3 of 28 overall

AB-900 Study Guide

Domain 1: M365 Core Features & Objects

  • Welcome to Microsoft 365
  • Exchange Online: Mailboxes & Distribution
  • SharePoint: Sites, Libraries & Permissions
  • Microsoft Teams: Teams, Channels & Policies
  • Users, Groups & Licensing
  • Zero Trust: Never Trust, Always Verify
  • Authentication: Passwords, MFA & Beyond
  • Microsoft Defender XDR
  • Microsoft Entra: Your Identity Hub
  • PIM, Audit Logs & Identity Governance

Domain 2: Data Protection & Governance

  • Microsoft Purview: The Big Picture
  • Sensitivity Labels & Data Classification
  • Data Loss Prevention (DLP)
  • Insider Risk & Communication Compliance
  • DSPM for AI & Data Lifecycle
  • How Copilot Accesses Your Data
  • Responsible AI Principles
  • Compliance Manager & eDiscovery
  • Activity Explorer & Data Monitoring
  • Oversharing in SharePoint

Domain 3: Copilot & Agent Admin

  • What is Microsoft 365 Copilot? Free
  • What Are Agents? Free
  • Copilot vs Agents: When to Use Which Free
  • Copilot Licensing: Monthly vs Pay-as-You-Go Free
  • Researcher, Analyst & Real-World Use Cases Free
  • Managing Copilot: Billing, Monitoring & Prompts Free
  • Building Agents: Create, Test & Publish Free
  • Agent Lifecycle: Access, Approval & Monitoring Free

AB-900 Study Guide

Domain 1: M365 Core Features & Objects

  • Welcome to Microsoft 365
  • Exchange Online: Mailboxes & Distribution
  • SharePoint: Sites, Libraries & Permissions
  • Microsoft Teams: Teams, Channels & Policies
  • Users, Groups & Licensing
  • Zero Trust: Never Trust, Always Verify
  • Authentication: Passwords, MFA & Beyond
  • Microsoft Defender XDR
  • Microsoft Entra: Your Identity Hub
  • PIM, Audit Logs & Identity Governance

Domain 2: Data Protection & Governance

  • Microsoft Purview: The Big Picture
  • Sensitivity Labels & Data Classification
  • Data Loss Prevention (DLP)
  • Insider Risk & Communication Compliance
  • DSPM for AI & Data Lifecycle
  • How Copilot Accesses Your Data
  • Responsible AI Principles
  • Compliance Manager & eDiscovery
  • Activity Explorer & Data Monitoring
  • Oversharing in SharePoint

Domain 3: Copilot & Agent Admin

  • What is Microsoft 365 Copilot? Free
  • What Are Agents? Free
  • Copilot vs Agents: When to Use Which Free
  • Copilot Licensing: Monthly vs Pay-as-You-Go Free
  • Researcher, Analyst & Real-World Use Cases Free
  • Managing Copilot: Billing, Monitoring & Prompts Free
  • Building Agents: Create, Test & Publish Free
  • Agent Lifecycle: Access, Approval & Monitoring Free
Domain 1: M365 Core Features & Objects Premium ⏱ ~13 min read

SharePoint: Sites, Libraries & Permissions

SharePoint is where your organisation's documents live. Sites, libraries, and permissions — the three things every admin must understand, especially now that Copilot reads SharePoint data.

What is SharePoint?

☕ Simple explanation

SharePoint is your organisation’s filing cabinet — except it’s in the cloud, searchable, and Copilot can read it.

In the old days, documents lived in shared folders on a server. SharePoint replaces that with sites (like departments), libraries (like drawers), and files (the actual documents). The big advantage: you control exactly who can see what.

This matters enormously for Copilot. Since Copilot reads your SharePoint data through Microsoft Graph, whatever users can access in SharePoint, Copilot can access too. If your permissions are messy, Copilot will surface sensitive documents to the wrong people.

SharePoint in Microsoft 365 is a cloud-based content management and collaboration platform. It provides document storage, version control, metadata management, workflows, and integration with Teams, OneDrive, and other M365 services.

Administration is performed through the SharePoint admin center (admin.sharepoint.com). For the AB-900 exam, focus on: sites (team sites, communication sites), document libraries (storage containers within sites), folders (organisation within libraries), and roles/permissions (who can read, edit, or manage content).

SharePoint is particularly important for Copilot deployments because Copilot accesses SharePoint content via Microsoft Graph, respecting the user’s existing permissions. Poor permission hygiene in SharePoint is the #1 cause of Copilot surfacing sensitive data to unauthorised users.

SharePoint objects: sites, libraries, folders

Sites — the top-level containers

Site TypePurposeCreated ByExample
Team siteCollaboration for a group/departmentM365 Group or Teams teamMarketing team site
Communication siteBroadcast information to a wide audienceSite creator (no group)Company intranet, announcements

Every Teams team automatically gets a SharePoint team site — the “Files” tab in Teams IS a SharePoint document library.

Document libraries — where files live

  • A library is a collection of files within a site
  • Each site can have multiple libraries (e.g., “Project Plans”, “Contracts”, “Templates”)
  • Libraries support versioning (track changes), metadata (tags), and check-in/check-out

Folders — organise within libraries

  • Folders are optional — some organisations use metadata instead
  • Folders inherit the library’s permissions by default, but can have custom permissions

SharePoint roles and permissions

This is critical for the exam — and for Copilot security:

SharePoint site permission roles
FeatureWhat They Can DoTypical User
Site OwnerFull control — manage permissions, settings, and structureDepartment manager, IT admin
Site MemberAdd, edit, and delete contentTeam members, contributors
Site VisitorRead only — view content but can't change itBroader org, external stakeholders (with guest access)
ℹ️ Permission inheritance — how it flows

Permissions flow downward in SharePoint:

Site → Library → Folder → File

By default, a library inherits the site’s permissions. A folder inherits the library’s permissions. A file inherits the folder’s permissions.

But at ANY level, you can break inheritance and set custom permissions. For example:

  • HR site → everyone is a Member
  • HR site → “Salary Reviews” library → only HR managers have access (inheritance broken)

⚠️ Copilot implication: If a file’s permissions allow User A to see it, Copilot will surface it when User A asks a question. Broken inheritance is how you protect sensitive files from being found by Copilot.

The SharePoint admin center

Key areas in admin.sharepoint.com:

SectionWhat You Manage
Active sitesAll sites in the tenant — create, delete, manage settings
SharingExternal sharing policies — who can share with people outside the org
StorageStorage quotas per site and tenant-wide limits
Access controlDevice-based access, network location restrictions
SettingsDefault sharing link type, site creation permissions
💡 Scenario: Clearfield Council's SharePoint governance

Clearfield Council has strict data governance requirements. Director Chen configures:

  1. External sharing = disabled — no document sharing with people outside the council
  2. Storage quotas — 25 GB per department site, 100 GB for the legal archive
  3. Access control — only managed devices can access SharePoint (unmanaged personal devices blocked)
  4. Default sharing — set to “People in your organisation” (not “Anyone with the link”)

These settings prevent the most common data leakage scenarios — especially important when Copilot is deployed, since it inherits the same access controls.

🎬 Video walkthrough

🎬 Video coming soon

SharePoint Essentials — AB-900 Module 3

SharePoint Essentials — AB-900 Module 3

~10 min

Flashcards

Question

What's the difference between a SharePoint team site and a communication site?

Click or press Enter to reveal answer

Answer

Team site = collaboration for a group (connected to an M365 Group or Teams team). Communication site = broadcast information to a wide audience (like an intranet). Team sites focus on teamwork; communication sites focus on publishing.

Click to flip back
Question

What are the three default permission roles in SharePoint?

Click or press Enter to reveal answer

Answer

Site Owner (full control — manage settings, permissions, structure), Site Member (add, edit, delete content), Site Visitor (read-only access).

Click to flip back
Question

Why is SharePoint permission hygiene critical for Copilot?

Click or press Enter to reveal answer

Answer

Copilot accesses SharePoint content via Microsoft Graph using the user's own permissions. If permissions are too broad (everyone can see everything), Copilot will surface sensitive documents to anyone who asks. Tight permissions = safe Copilot.

Click to flip back

Knowledge Check

Knowledge Check

Northwave's HR department stores salary review documents in a SharePoint library. They want only HR managers to access these files, but the rest of the HR site should be accessible to all HR staff. How should Maya configure this?
Knowledge Check

After deploying Copilot, Northwave discovers that interns can ask Copilot about board meeting notes stored in SharePoint. What is the ROOT cause?

Next up: Microsoft Teams — teams, channels, and policies in the Teams admin center.

← Previous

Exchange Online: Mailboxes & Distribution

Next →

Microsoft Teams: Teams, Channels & Policies

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.