Microsoft Graph and Permissions Model
Key Takeaways
- Microsoft Graph is the unified API for M365 data; Copilot queries it with delegated permissions as the signed-in user.
- Copilot cannot bypass SharePoint, OneDrive, or Exchange permissions — it only accesses content the user can already read.
- The semantic index pre-indexes tenant content respecting existing permissions; it does not fix oversharing.
- Permission inheritance flows from Entra groups through Teams/SharePoint site membership to files and sharing links.
- Custom agents and Graph connectors require admin consent and governance through M365 and Power Platform admin centers.
Quick Answer: Microsoft Graph is the unified API for Microsoft 365 data. Copilot retrieves organizational content through Graph using the signed-in user's permissions — it does not bypass SharePoint, OneDrive, or Exchange access controls. The semantic index pre-indexes tenant content respecting those same permissions.
Understanding Microsoft Graph and the permissions model is essential for AB-900 because every Copilot data exposure question ultimately asks: "What can this user already access?" Graph is the bridge between identity, workload permissions, and AI responses.
What Is Microsoft Graph?
Microsoft Graph is a REST API and data platform that exposes Microsoft 365 resources through a single endpoint (https://graph.microsoft.com). It aggregates data from:
| Workload | Graph Resources |
|---|---|
| Entra ID | Users, groups, directory roles |
| Exchange Online | Mail, calendar, contacts |
| SharePoint / OneDrive | Sites, drives, files, list items |
| Microsoft Teams | Teams, channels, messages, meetings |
| Planner, To Do | Tasks and plans |
| Security / Compliance | Alerts, incidents (with appropriate licenses) |
Applications — including Microsoft 365 Copilot, custom agents, and third-party integrations — call Graph to read and write M365 data on behalf of a user or as an application.
Delegated vs Application Permissions
Graph supports two permission models. AB-900 focuses on the concepts:
| Permission Type | How It Works | Copilot Context |
|---|---|---|
| Delegated permissions | App acts on behalf of a signed-in user; limited to what that user can access | Microsoft 365 Copilot uses delegated permissions — the user's identity and access rights apply |
| Application permissions | App acts as itself with tenant-wide access granted by admin consent | Custom agents or connectors may use application permissions; requires careful admin consent and governance |
On the Exam: Microsoft 365 Copilot uses delegated permissions through the signed-in user's identity. It cannot surface data the user lacks permission to read. Custom Copilot Studio agents may combine delegated and application permissions depending on configuration — a governance concern for Domain 3.
How Copilot Accesses Data
When a user interacts with Microsoft 365 Copilot:
- User authenticates through Entra ID (MFA, Conditional Access evaluated).
- Copilot queries the semantic index and Microsoft Graph for relevant organizational content.
- Graph returns only resources the user has permission to access in Exchange, SharePoint, OneDrive, and Teams.
- Copilot synthesizes a response grounded in that permitted content plus optional web grounding (if enabled).
- DLP and sensitivity labels may further restrict what Copilot can include in generated output.
Copilot does not:
- Grant users access to files they cannot already open.
- Use a hidden Global Admin service account to read all tenant data.
- Override sensitivity label restrictions on protected content.
- Index content from workloads the user has no license for.
The Semantic Index
The semantic index is Microsoft 365's pre-built index of organizational content that enables Copilot to find relevant information quickly:
| Property | Detail |
|---|---|
| Scope | Tenant content across SharePoint, OneDrive, Exchange, Teams, and more |
| Permissions | Indexing respects existing permissions — users see only what they can access |
| Admin control | Admins cannot use the index to expose data users were not already authorized to see |
| Relationship to Graph | Copilot queries the index and Graph together to ground responses |
Common Trap: The semantic index does not fix oversharing. If a file has an "Anyone" link or excessive site membership, the index correctly reflects that the user can access it — and Copilot will too.
Permission Inheritance Chain
AB-900 scenarios often require tracing the permission chain:
Entra ID User Identity
→ Group Memberships (security groups, M365 groups)
→ SharePoint Site Permissions (Owners, Members, Visitors)
→ Document Library / File ACLs
→ Sharing Links (Anyone, Org, Specific people)
→ Copilot / Graph Query Result
A user in a Team's Members group gets access to the team's SharePoint site. Copilot can then reference files in that site. Removing the user from the Team breaks the chain.
Microsoft Graph and Custom Agents
Microsoft Copilot Studio agents can connect to knowledge sources (SharePoint sites, files, websites, Dataverse) and actions (Power Automate flows). Each connection has permission implications:
| Knowledge Source | Permission Consideration |
|---|---|
| SharePoint site | Agent uses configured credentials or user context; verify site sensitivity |
| Uploaded files | Static knowledge; admin controls what is uploaded |
| Public website | No org authentication; may introduce ungoverned content |
| Dataverse table | Role-based access within the Power Platform environment |
Admins govern agent permissions through Power Platform admin center (environment DLP, connector policies) and M365 admin center (Integrated apps, agent approval workflows). AB-900 Domain 3 covers agent lifecycle; Domain 1 requires understanding that agents ultimately query data through Graph or configured connectors.
Integrated Apps and Graph Connectors
The Integrated apps section in the M365 admin center manages third-party and custom integrations:
- Copilot plugins extend Copilot with external data or actions.
- Graph connectors index third-party data (file shares, ServiceNow, etc.) into Microsoft Search/Copilot.
- Admins control which integrations are approved to prevent ungoverned data access.
Each integration requires admin consent for Graph permissions. AB-900 tests that you understand admin consent gates tenant-wide data access for applications.
Graph Permissions Quick Reference for AB-900
| Exam Topic | Key Fact |
|---|---|
| Copilot data access | Delegated — user's existing permissions via Graph |
| Semantic index | Pre-indexed tenant content respecting permissions |
| Oversharing risk | Copilot surfaces what users can already access |
| Custom agents | May use additional connectors; require governance and approval |
| Admin consent | Required for application permissions to tenant data |
| Audit trail | Purview Audit logs Copilot interactions |
Master this table and you can answer most Domain 1 and Domain 2 crossover questions about Copilot data exposure.
How does Microsoft 365 Copilot access organizational content?
What is the semantic index in Microsoft 365?
A user receives Copilot output from a confidential file they never opened. What is the most likely explanation?
Delegated permissions in Microsoft Graph mean the application: