--Advertisement--

Microsoft Entra Agent ID: Governing AI Agents – A Complete AI Governance Guide

by
Entra Agent ID Governing AI Agents %E2%80%93 A Complete AI Governance Guide

For years, identity and access management (IAM) teams focused on three types of identities:

  • Human identities (employees, partners, customers)
  • Application identities (service principals and managed identities)
  • Device identities

Now, a fourth identity type is emerging — Agentic Identities.

The rapid adoption of Microsoft 365 Copilot, Microsoft Copilot Studio, and Azure AI Foundry has introduced a new identity paradigm inside the Entra ID ecosystem – Agent IDs.

This marks a fundamental shift:

AI Agents are no longer just workloads — they are becoming first-class identities.

1. What is Microsoft Entra Agent ID?

Microsoft Entra Agent ID is an identity and security framework that extends Microsoft Entra’s existing capabilities to AI agents. Think of it this way: just like human employees have an Entra ID account for authentication and access control, AI agents now get their own governed identity too.

Microsoft first introduced Entra Agent ID in May 2025 as a basic visibility feature. It expanded significantly at Microsoft Ignite 2025, and reached General Availability (GA) in April 2026.

How to access it:

Go to Entra ID Admin Center (https://entra.microsoft.com/) Entra ID → Agents

image 2

Simple Definition: Microsoft Entra Agent ID is the platform that gives AI agents a unique, verifiable identity inside your Microsoft Entra tenant — so you can control what they access, monitor what they do, and manage their entire lifecycle.

As organizations deploy different types of AI agents — assistive agents that help users, autonomous agents that act independently, and user-like agents that impersonate humans — they need more than just a list of apps. They need a proper identity and governance framework. That’s exactly what Entra Agent ID provides.

2. Why Does Agent Identity Matter?

Before Entra Agent ID, AI agents were typically represented by app registrations or service principals in Entra ID. These identities were designed for apps and services — not intelligent agents that act autonomously on behalf of users. The result? A growing shadow identity problem.

Here’s why agent identity matters in practice:

  • Accountability gap: When an agent accesses SharePoint, sends a Teams message, or calls an API, who is responsible? Without a proper agent identity, you cannot answer that.
  • Overprivileged agents: Agents often get more permissions than they need because there was no easy way to enforce least-privilege access for them.
  • No lifecycle management: Agents could persist in your tenant long after the project they were built for was cancelled, silently using resources or holding access.
  • No audit trail: If an agent caused a data issue or made an unauthorized action, there was no identity-based audit log to investigate.
  • Scale problem: Companies are deploying dozens or hundreds of agents. Without a central inventory, IT teams have no idea what exists in the tenant.

Microsoft Entra Agent ID directly solves all of these problems by treating agents as first-class identities within the Entra ecosystem.

3. Key Concepts: Blueprints, Agent Identities, and Agent Users

Microsoft Entra Agent ID introduces four new types of identity objects. Understanding these is essential before you can govern agents effectively.

Agent Identity Blueprint

An agent identity blueprint is a template. It defines the default properties, permissions, and security settings that will be applied to all agent identities created from it. Think of it like an employee profile template — one blueprint can create many individual agent identities that all share a common security baseline.

When you enable Entra Agent Identity for Copilot Studio, a blueprint named “Microsoft Copilot Studio agent identity blueprint” is automatically created in your tenant. Its Blueprint ID is 25664c89-cea5-4ab6-b924-a54fd8a19ae0.

Agent Identity Blueprint Principal

This is the service principal representation of the blueprint in your tenant. For multi-tenant agents, the blueprint principal can be brought into another organization’s tenant, similar to how a multi-tenant app creates a service principal in each tenant.

Agent Identity

An agent identity is the actual identity assigned to a specific AI agent. Each agent gets its own unique object ID (like aaaaaaaa-1111-2222-3333-bbbbbbbbbb). The agent identity is a special type of service principal. It does not have credentials of its own — instead, it operates through its parent blueprint, which can acquire tokens on the agent’s behalf once a user or admin has granted consent.

Agent User

An agent user is an optional identity that allows an agent to act more like a human user in Microsoft 365. This is useful when agents need to participate in collaboration scenarios — for example, having a presence in Teams or sending emails from a named identity. The agent user is linked to the agent identity and can have its own distinct access rights.

4. What Can Entra Agent ID Do?

Entra Agent ID brings a full set of identity management capabilities to AI agents. Here’s what you get:

Authentication and Authorization

Agents authenticate using standard protocols — OAuth 2.0MCP (Model Context Protocol), and A2A (Agent-to-Agent). This means agents can securely authenticate to Microsoft services and even to each other using industry-standard methods, without needing hardcoded credentials.

Conditional Access for Agents

You can apply Conditional Access policies to agents, just as you do for human users. For example, you can block an agent from accessing sensitive data unless it is running from a compliant environment, or require specific conditions before it can call certain APIs.

Identity Protection for Agents

Entra Identity Protection now extends to agent identities. The system monitors agent authentication activity in real-time and can flag or block risky agent sign-ins — for example, if an agent suddenly starts accessing data it has never touched before, or authenticates from an unusual location.

Identity Governance for Agents

This includes access packages, lifecycle workflows, and sponsorship. You can assign a human “sponsor” to every agent — a person accountable for the agent’s access and lifecycle decisions. When the sponsor leaves the organization, their sponsorship is automatically transferred to their manager, ensuring continuity.

Network Controls

Using Microsoft Entra Internet Access (part of the Entra Suite), you can apply network-level controls to agents — including AI gateway controls, MCP endpoint controls, and blocking prompt injection attempts at the network layer.

Audit and Sign-In Logs

All agent authentication and activity is logged. You can view agent sign-ins in the Entra admin center, and all governance actions are sent to Microsoft Purview for compliance tracking.

5. Licensing Requirements

Understanding the licensing model is important before you start deploying Agent ID features. Here is a clear breakdown:

  • Microsoft Entra Agent ID (basic) — Available to all Microsoft Entra ID customers. Provides agent identity visibility and management.
  • Microsoft Agent 365 — Required for agents to operate across Microsoft 365 services. Requires a Microsoft 365 Copilot license. Accessed through the Frontier program.
  • Conditional Access for agents — Requires Microsoft Entra ID P1 or Microsoft 365 E3.
  • Identity Protection for agents — Requires Microsoft Entra ID P2, Microsoft 365 E5, or Microsoft Entra Suite.
  • Identity Governance for agents — Requires Microsoft Entra ID P2, Microsoft 365 E5, or Microsoft Entra Suite.
  • Network controls for agents — Requires Microsoft Entra Internet Access (included in Entra Suite or licensed separately).

Important: Agents do not need their own license. All agents acting on behalf of a licensed user are covered under that user’s Microsoft Agent 365 or Microsoft 365 E license.

6. The Agent Registry in M365 Admin Center

The Agent Registry is the central inventory of all AI agents in your Microsoft 365 tenant. This is your starting point for governance.

How to access it:
Go to Microsoft 365 Admin Center (https://admin.cloud.microsoft/) Agents → All Agents

image

The Agent Registry shows you:

  • All agents across all platforms (Copilot Studio, AI Foundry, Agent Builder, pro-code agents, and even non-Microsoft agents)
  • Agent name, creator, creation date, host products, and availability status
  • Which agents have Entra Agent IDs and which ones don’t
  • Governance actions you can apply to each agent

From the Registry, administrators can block an agent organization-wide, preventing it from being used across the entire tenant. All governance actions applied through the registry are logged in Microsoft Purview.

Note: The Agent Registry in the Entra Admin Center (the “Agent registry” and “Agent collections” blades) was retired on May 1, 2026. The Agent 365 section in the M365 Admin Center is now the single source of truth for agent management across your tenant. No admin action was required — agent functionality was not affected.

7. Governing Agents from Copilot Studio

Microsoft Copilot Studio is the primary low-code platform for building AI agents in the Microsoft ecosystem. Here’s how agent identity works for Copilot Studio agents and how you govern them.

How Agent IDs are created in Copilot Studio

When you enable the Entra Agent Identity feature for a Power Platform environment, Copilot Studio automatically creates an Agent ID for each new agent you build — no manual app registration or SDK setup is required.

When the first agent identity is created in an enabled environment, Copilot Studio adds the “Microsoft Copilot Studio agent identity blueprint” to your tenant. All subsequent agent identities are created as children of this blueprint.

Step-by-Step: Enable Entra Agent Identity for Copilot Studio

  1. Go to the Power Platform Admin Center (PPAC) at admin.powerplatform.microsoft.com
  2. Select Copilot in the left navigation, then select Settings
  3. Under the Copilot Studio section, select Entra Agent Identity for Copilot Studio
  4. Select the environment where you want to enable this feature
  5. Click Edit setting
  6. Turn the setting On and click Save

Once enabled, every new agent you create in that environment will automatically get an Entra Agent ID.

How to Verify an Agent’s Entra Agent ID

  1. In Copilot Studio, open your agent and go to Settings
  2. Select Advanced
  3. Expand the Metadata section
  4. Look for the Entra Agent ID field — this is the GUID assigned to your agent
  5. You can use this GUID in the Microsoft Entra Admin Center to find and manage the agent identity

What About Existing Agents?

Agents created in Copilot Studio before you enabled Entra Agent Identity continue to use their old app registrations. Microsoft has stated that these agents will be migrated to Agent IDs in the future. During the transition, governance capabilities work for both Agent IDs and App Registration IDs.

Deleting Agents

When you delete an agent in Copilot Studio, the associated Entra Agent Identity is also automatically deleted. This is important for lifecycle management — you don’t end up with orphaned identities in Entra.

Opting Out (Temporary)

Administrators can currently opt out of automatic Agent Identity creation at the environment level through the Power Apps admin portal (PPAC). However, Microsoft has made clear that this opt-out is temporary — Entra Agent Identities will be required for all new agents in the future.

8. Governing Agents from Azure AI Foundry

Azure AI Foundry (formerly Azure AI Studio) is Microsoft’s professional development platform for building sophisticated AI agents using Azure OpenAI and other models. Here’s how Agent ID works in Foundry.

Automatic Identity Provisioning in Foundry

Microsoft Foundry automatically provisions and manages agent identities throughout the agent lifecycle:

  • When the first agent in a Foundry project is created, Foundry automatically provisions a default agent identity blueprint and a default agent identity for the project. All agents in that project authenticate using the shared project agent identity.
  • When you publish an agent, Foundry automatically creates a dedicated agent identity blueprint and agent identity specifically for that published agent. The agent then authenticates using its own unique identity.
  • Foundry supports agent identity authentication for Model Context Protocol (MCP) and Agent-to-Agent (A2A) tools.

Managing Foundry Agent Identities

Once created, Foundry agents are listed under Agent Registry in the M365 admin Canter and corresponding agent identities appear in the Microsoft Entra Admin Center under agent identities. You can then apply the full set of governance controls from Entra — assign sponsors, set up access packages, apply Conditional Access, and monitor sign-in activity.

image 6
image 7
image 8

9. The Copilot Agent Builder Gap: Agents Without an Agent ID

This is one of the most important practical realities for IT admins in June 2026. You may have noticed that agents created through Copilot Agent Builder (the simplified agent creation tool built into Microsoft 365 Copilot) appear in the Agent Registry in the M365 Admin Center — but they do not show an Entra Agent ID.

Why does this happen?

Copilot Agent Builder is a lightweight, end-user-facing tool. Agents built there are declarative agents — they do not have the full identity infrastructure of agents built in Copilot Studio or AI Foundry. They appear in the Agent Registry for governance and visibility purposes, but the Entra Agent Identity feature has not yet been extended to cover Agent Builder-created agents in the same automatic way.

What does this mean for governance?

Agents without an Agent ID cannot take full advantage of Entra’s identity-based governance features. However, you still have several administrative controls available:

  • Visibility: All Agent Builder agents appear in the Agent Registry in the M365 Admin Center.
  • Blocking: Administrators can block any Agent Builder agent from being used across the organization directly from the Agent Registry — even without an Agent ID.
  • User access control: From M365 Admin Center → Agents → Settings → User access, you can restrict who can create and install agents built with Agent Builder.
image 3
  • Sharing control: Only agents built with Microsoft 365 Copilot Agent Builder are governed by the sharing control settings in the M365 Admin Center.
image 4
  • Purview compliance: Governance actions (like blocking) applied from the Agent Registry are still logged in Microsoft Purview.
image 5

What Is Microsoft’s Roadmap?

Microsoft has indicated that Entra Agent Identities will eventually be required for all agents across all creation surfaces. The current situation, where Agent Builder agents lack Agent IDs, is a transitional state as the platform matures. Watch for updates in the Microsoft 365 Message Center and the Entra release notes.

Practical Recommendation

Until Agent Builder agents gain Entra Agent IDs natively, implement a compensating governance strategy:

  1. Regularly review the Agent Registry in the M365 Admin Center
  2. Apply user access restrictions so only approved users can create agents via Agent Builder
  3. Use Microsoft Purview to audit agent governance actions
  4. For agents that need strong identity governance, direct your teams to use Copilot Studio (with Entra Agent Identity enabled) rather than Agent Builder

10. Step-by-Step: How to Govern Agent Identities in Entra ID

Here is a comprehensive walkthrough of the governance process for agent identities once they exist in your Entra tenant.

Step 1: Enable Frontier and Agent 365

  1. Sign in to the Microsoft 365 Admin Center as a Billing Administrator
  2. Ensure Frontier is enabled for your users (requires a Microsoft 365 Copilot license)

Step 2: Discover Your Agents

  1. In the M365 Admin Center, go to Agents → All Agents
  2. Review all agents — look at their platform (Copilot Studio, Foundry, Agent Builder, pro-code), their creator, and whether they have Entra Agent IDs
  3. In the Entra Admin Center (entra.microsoft.com), go to Agents Agent Identities and filter for Users agent identity (Yes/No) to see all agent identities with Entra Agent IDs (Yes) or Service Principals (No).
image 9

Step 3: Assign Sponsors to Agent Identities

Every agent identity should have a human sponsor — a person who is accountable for the agent’s access decisions and lifecycle.

  1. In the Entra Admin Center, find the agent identity
  2. Open its properties and assign a sponsor from your organization
  3. The sponsor will receive notifications about access expiry and lifecycle events
  4. If the sponsor leaves the organization, Microsoft Entra automatically transfers sponsorship to their manager
image 10

Step 4: Configure Access Packages for Agents

Access packages let you bundle permissions and assign them to agents in a governed, time-limited way.

  1. In the Entra Admin Center, go to Identity Governance → Entitlement Management → Access packages
  2. Create a new access package with the resources the agent needs (security group memberships, Microsoft Graph permissions, Entra roles)
  3. In the assignment policy, under “Who can get access,” select “For users, service principals, and agent identities in your directory” and choose “All agents”
  4. Set an expiry period — agent access should not last forever
  5. Assign the access package to the agent identity, or allow the agent or its sponsor to request it

Step 5: Apply Least-Privilege Permissions

  • Agent identities inherit permissions from their parent blueprint. Review the blueprint’s inheritable permissions and minimize them to what agents actually need.
  • Use access packages to grant additional permissions only when required, and remove them when the need expires.

Step 6: Set Up Lifecycle Workflows

  1. In Entra Admin Center → Identity Governance → Lifecycle Workflows, create workflows for agent identity events
  2. Configure workflows to notify co-sponsors or managers when sponsorship is about to change
  3. Set up automated tasks that trigger when an agent’s sponsor leaves the organization

Step 7: Block or Disable Rogue Agents

  • From the Agent Registry in the M365 Admin Center: select an agent and choose Block to prevent organization-wide usage immediately
  • From the My Account portal (myaccount.microsoft.com): sponsors can disable an agent identity to temporarily stop its activity
  • From the Entra Admin Center: administrators can disable the agent identity’s service principal directly

Step 8: Manage Agent Identity via My Account and My Access Portals

  • My Account portal (myaccount.microsoft.com): Sponsors and owners manage the agent lifecycle — enabling/disabling the agent, viewing its access and activity.
  • My Access portal (myaccess.microsoft.com): Sponsors can request access packages on behalf of their agent identities, providing human oversight in the access request process.

11. Conditional Access and Identity Protection for Agents

Conditional Access for Agents

With Microsoft Entra ID P1 (or M365 E3), you can create Conditional Access policies that apply specifically to agent identities. This allows you to:

  • Restrict which resources an agent can access based on conditions
  • Block agent access outside of defined compliance conditions
  • Require that agents only operate from trusted networks or compliant environments

Conditional Access policies for agents are configured the same way as for users — in Entra Admin Center → Protection → Conditional Access. When creating a policy, you can target agent identities specifically.

Identity Protection for Agents

With Microsoft Entra ID P2 (or M365 E5 / Entra Suite), Identity Protection extends its real-time risk detection to agents. The system can detect:

  • Unusual authentication patterns for an agent
  • Access to resources outside an agent’s normal behavior
  • Signs of potential compromise or misuse

Risky agents appear in the Entra Admin Center → Protection → Identity Protection → Risky agents view, where administrators can investigate and remediate.

12. Agent Lifecycle Management

One of the most powerful aspects of Entra Agent ID is the ability to manage the full lifecycle of an agent identity — from creation to retirement.

  • Creation: Agent identities are created automatically when an agent is built in Copilot Studio or Foundry (when Agent ID is enabled), or manually by developers using the Microsoft Entra Agent ID platform.
  • Access management: Permissions are assigned through blueprints and access packages, with time limits and approval workflows.
  • Monitoring: All agent activity is logged in Entra sign-in and audit logs.
  • Sponsorship transfer: When a sponsor leaves, their agent sponsorships automatically transfer to their manager — no orphaned agents.
  • Suspension: Sponsors and admins can disable an agent identity to immediately suspend its ability to authenticate.
  • Retirement: When an agent is deleted in Copilot Studio or Foundry, the associated agent identity is also deleted. For manually managed agents, administrators delete the agent identity through the Entra Admin Center.

13. Audit Logs and Sign-In Activity for Agents

Complete visibility requires complete logging. Entra Agent ID logs all agent authentication activity in the same sign-in and audit logs used for human users.

Viewing Agent Sign-In Logs

  1. In the Entra Admin Center, go to Monitoring & health → Sign-in logs
  2. Filter by Agent type to show agent identities
  3. Review authentication events, resource access, and any risk signals

Governance Action Logs in Purview

Every governance action — blocking an agent, changing access, modifying sponsorship — is logged in Microsoft Purview. This creates a complete compliance trail for auditors and regulators.

Agent Activity in Teams and M365 Copilot

Administrators can also observe agent activity specifically within Microsoft Teams and Microsoft 365 Copilot through dashboards in the M365 Admin Center. This includes usage metrics and behavioral telemetry.

14. Security Considerations: The Agent ID Administrator Role Flaw (April 2026)

This is an important security context item if you are managing Entra Agent ID in your organization.

In early 2026, a security researcher discovered that the Agent ID Administrator role in Entra ID had a significant overpermission flaw. Users assigned to this role were able to take over arbitrary service principals — including those beyond agent-related identities — by becoming an owner and adding their own credentials. This effectively created a privilege escalation path in tenants where highly privileged service principals exist.

Microsoft was notified of this issue on March 1, 2026, and released a patch across all cloud environments on April 9, 2026. The scope of the Agent ID Administrator role was corrected to limit it to agent-related identities only.

What you should do:

  • Ensure your tenant has applied the April 2026 patch (this was automatic — no admin action required)
  • Review who has been assigned the Agent ID Administrator role in your tenant
  • Follow the principle of least privilege when assigning Entra admin roles
  • Monitor for any suspicious activity in the period before April 9, 2026, if you had users with this role

15. Summary and Next Steps

Microsoft Entra Agent ID is one of the most significant identity management developments of 2025–2026. It brings the same Zero Trust, governance, and access control principles that organizations apply to human users and traditional workloads — and extends them to AI agents.

Here is a quick recap:

  • Entra Agent ID reached General Availability in April 2026 and is now the standard for AI agent identity in Microsoft environments
  • Four new identity objects — agent identity blueprint, blueprint principal, agent identity, and agent user — form the foundation of the framework
  • Copilot Studio and Azure AI Foundry automatically provision Agent IDs for agents when the feature is enabled
  • Agents created through Copilot Agent Builder currently appear in the Agent Registry without Entra Agent IDs — this is a known transitional gap
  • The Agent Registry in the M365 Admin Center is your central governance console
  • Full governance capabilities — Conditional Access, Identity Protection, Governance, lifecycle management, and audit logs — are available for agents with Entra Agent IDs
  • Every agent identity should have a human sponsor for accountability
  • The Agent ID Administrator role had a security flaw patched in April 2026 — review your role assignments

References and Further Reading:

Leave a Comment