🔒 Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided AB-900 Domain 3
Domain 3 — Module 3 of 8 38%
23 of 28 overall

AB-900 Study Guide

Domain 1: M365 Core Features & Objects

  • Welcome to Microsoft 365
  • Exchange Online: Mailboxes & Distribution
  • SharePoint: Sites, Libraries & Permissions
  • Microsoft Teams: Teams, Channels & Policies
  • Users, Groups & Licensing
  • Zero Trust: Never Trust, Always Verify
  • Authentication: Passwords, MFA & Beyond
  • Microsoft Defender XDR
  • Microsoft Entra: Your Identity Hub
  • PIM, Audit Logs & Identity Governance

Domain 2: Data Protection & Governance

  • Microsoft Purview: The Big Picture
  • Sensitivity Labels & Data Classification
  • Data Loss Prevention (DLP)
  • Insider Risk & Communication Compliance
  • DSPM for AI & Data Lifecycle
  • How Copilot Accesses Your Data
  • Responsible AI Principles
  • Compliance Manager & eDiscovery
  • Activity Explorer & Data Monitoring
  • Oversharing in SharePoint

Domain 3: Copilot & Agent Admin

  • What is Microsoft 365 Copilot? Free
  • What Are Agents? Free
  • Copilot vs Agents: When to Use Which Free
  • Copilot Licensing: Monthly vs Pay-as-You-Go Free
  • Researcher, Analyst & Real-World Use Cases Free
  • Managing Copilot: Billing, Monitoring & Prompts Free
  • Building Agents: Create, Test & Publish Free
  • Agent Lifecycle: Access, Approval & Monitoring Free

AB-900 Study Guide

Domain 1: M365 Core Features & Objects

  • Welcome to Microsoft 365
  • Exchange Online: Mailboxes & Distribution
  • SharePoint: Sites, Libraries & Permissions
  • Microsoft Teams: Teams, Channels & Policies
  • Users, Groups & Licensing
  • Zero Trust: Never Trust, Always Verify
  • Authentication: Passwords, MFA & Beyond
  • Microsoft Defender XDR
  • Microsoft Entra: Your Identity Hub
  • PIM, Audit Logs & Identity Governance

Domain 2: Data Protection & Governance

  • Microsoft Purview: The Big Picture
  • Sensitivity Labels & Data Classification
  • Data Loss Prevention (DLP)
  • Insider Risk & Communication Compliance
  • DSPM for AI & Data Lifecycle
  • How Copilot Accesses Your Data
  • Responsible AI Principles
  • Compliance Manager & eDiscovery
  • Activity Explorer & Data Monitoring
  • Oversharing in SharePoint

Domain 3: Copilot & Agent Admin

  • What is Microsoft 365 Copilot? Free
  • What Are Agents? Free
  • Copilot vs Agents: When to Use Which Free
  • Copilot Licensing: Monthly vs Pay-as-You-Go Free
  • Researcher, Analyst & Real-World Use Cases Free
  • Managing Copilot: Billing, Monitoring & Prompts Free
  • Building Agents: Create, Test & Publish Free
  • Agent Lifecycle: Access, Approval & Monitoring Free
Domain 3: Copilot & Agent Admin Free ⏱ ~12 min read

Copilot vs Agents: When to Use Which

Copilot assists you in real time. Agents automate tasks and work on your behalf. Knowing when to recommend each is a key exam skill.

The core distinction

☕ Simple explanation

Think of a restaurant.

Copilot is the waiter. It’s right there with you, takes your order, answers your questions (“What’s the soup today?”), and brings exactly what you asked for. It reacts to YOU.

An agent is the kitchen. Once you set the recipe and the process, it runs on its own. It doesn’t wait for you to ask — it fires up the grill when orders come in, preps ingredients on a schedule, and alerts the manager if something goes wrong.

You need both: the waiter to handle your immediate requests, and the kitchen to run the operation behind the scenes.

Microsoft 365 Copilot is a reactive, user-driven assistant embedded across M365 apps. It responds to natural language prompts in real time, operates within the user’s context and permissions, and is designed for short-cycle interactive tasks like drafting, summarising, and analysing.

Agents are proactive, task-specific automation tools that can run on schedules or triggers without constant user input. They can connect to multiple data sources (including external systems), perform multi-step workflows, and use service accounts with their own permission scopes. They’re designed for repeatable, structured processes.

Side-by-side comparison

This is the comparison the exam tests most heavily. Know each row.

Copilot vs Agents — key differences
FeatureCopilotAgents
How users interactDirect, conversational — you type a prompt and get a responseAutomated — triggered by events, schedules, or workflows
Where it livesInside M365 apps (Word, Excel, Outlook, Teams, Chat)Copilot Chat, SharePoint sites, or background processes
Data accessUses YOUR permissions via Microsoft GraphUses service accounts or managed identities — can access broader data
CustomisationOrg-level configuration (admin settings, tuning)Fully customisable — knowledge sources, connectors, workflows, logic
Best forDrafting, summarising, analysing, brainstorming — interactive workAutomating processes, monitoring, reporting — repeatable tasks
Who creates itMicrosoft (built-in)Microsoft (prebuilt), business users, or developers
Security modelUser's own permissions (safe by default)Needs careful permission scoping (least privilege is critical)

When to use Copilot

Copilot shines when you need real-time, interactive help within the apps you’re already using:

  • ✍️ Draft a document — “Turn these bullet points into a professional report” (Word)
  • 📊 Analyse data — “What’s the trend in Q3 sales?” (Excel)
  • 📧 Summarise emails — “Summarise this 47-message thread in 3 bullets” (Outlook)
  • 🎤 Catch up on meetings — “What did I miss in the last hour?” (Teams)
  • 🔍 Cross-app search — “What’s the latest on Project Phoenix?” (Business Chat)

Pattern: The user is present, driving the conversation, and making the final decision.

When to use an agent

Agents shine when you need automated, repeatable workflows that run without constant human input:

  • 📋 Process invoices — parse, validate, and route for approval automatically
  • 📢 Answer common questions — “What’s our return policy?” from a SharePoint knowledge base
  • 🔔 Monitor and alert — watch for security incidents and create tickets
  • 📊 Generate reports — aggregate data nightly and post summaries to Teams
  • 👋 Onboard new employees — assign tasks, send welcome emails, provision accounts

Pattern: The process is repeatable, the rules are clear, and humans review exceptions.

💡 Real-world scenario: Northwave picks the right tool

Northwave’s departments each have a different need. Here’s what Maya recommends:

DepartmentNeedRight ToolWhy
Marketing”Help me draft social media posts”Copilot (Word/Chat)Interactive, creative, user-driven
Finance”Auto-process 200 expense reports monthly”AgentRepeatable, rule-based, multi-step
HR”New hires need to find company policies”Agent (SharePoint)Always available, no human needed
CEO”Summarise this board pack for me”Copilot (Word)One-off, interactive, judgment needed
IT”Alert me if a backup fails and run diagnostics”AgentEvent-triggered, automated response

Exam tip: If the scenario involves a person sitting at their desk needing help RIGHT NOW → Copilot. If it involves a process that should run automatically → Agent.

Security: the critical difference

This is where the exam gets tricky. The security models are fundamentally different:

Copilot uses your permissions. It can only see what you can see. If Maya can’t access the Finance SharePoint site, Copilot can’t access it when Maya is using it. This is safe by default.

Agents use service accounts or managed identities. They can access data across teams or departments. This is powerful but risky — if you give an agent too many permissions, it could expose sensitive data.

⚠️ Best practices for agent security

The exam tests these governance principles:

  1. Least privilege — only give agents the minimum permissions they need
  2. Managed identities over shared passwords — more secure, auto-rotated
  3. Approval steps for sensitive actions — don’t let agents make irreversible changes alone
  4. Monitor activity — send agent logs to Azure Monitor or your SIEM
  5. Test in sandbox first — never deploy an untested agent to production
  6. Rotate credentials — set expiration dates on service account access

Exam tip: Questions about agent security almost always test whether you know to apply least privilege and require human approval for sensitive actions.

Common failure modes (exam loves these)

FailureWhat HappensMitigation
HallucinationsCopilot or agent generates inaccurate infoInclude verification steps; human review for high-stakes outputs
Over-permissioned agentsAgent accesses data it shouldn’tScope permissions narrowly; use managed identities
Fragile UI automationAgent breaks when app interface changesUse API connections instead of UI automation
Credential sprawlToo many service accounts, hard to trackCentralise in Azure Key Vault; set expiration dates

🎬 Video walkthrough

🎬 Video coming soon

Copilot vs Agents — AB-900 Module 23

Copilot vs Agents — AB-900 Module 23

~10 min

Flashcards

Question

What data does Copilot use, and whose permissions does it respect?

Click or press Enter to reveal answer

Answer

Copilot uses data from Microsoft 365 via Microsoft Graph, and it respects the signed-in user's own permissions. It can only see what you can see.

Click to flip back
Question

How is an agent's data access different from Copilot's?

Click or press Enter to reveal answer

Answer

Agents use service accounts or managed identities that can access broader data across teams or systems. They don't rely on an individual user's permissions — which is why least-privilege scoping is critical.

Click to flip back
Question

When should you recommend Copilot vs an agent?

Click or press Enter to reveal answer

Answer

Copilot: interactive, user-driven tasks (drafting, summarising, brainstorming — person is present). Agent: repeatable, automated workflows (processing, monitoring, reporting — runs on schedule/trigger).

Click to flip back

Knowledge Check

Knowledge Check

Clearfield Council needs to onboard 50 new hires each quarter. The process involves assigning tasks, sending welcome emails, provisioning accounts, and sharing orientation materials — all following the same repeatable steps. What should Director Chen recommend?
Knowledge CheckSelect all that apply

Which TWO statements correctly describe the security differences between Copilot and agents? (Select 2)

Next up: Copilot Licensing — the difference between monthly licenses, pay-as-you-go, and what’s free, and why admins need to understand the cost model.

← Previous

What Are Agents?

Next →

Copilot Licensing: Monthly vs Pay-as-You-Go

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.