Microsoft Entra Agent ID
Type: app · Vendor: Microsoft · Language: N/A · License: proprietary · Status: active · Status in practice: emerging · First released: 2025-05-19
Microsoft Entra Agent ID gives each AI agent its own governed directory identity so that an organisation can authenticate, scope, and audit what agents do rather than letting them act under shared or human credentials.
Description. Microsoft Entra Agent ID is an identity and security framework that extends Microsoft Entra to AI agents. It provides purpose-built identity constructs for nonhuman agents, created from agent identity blueprints that act as templates with preconfigured permissions and policies. Agents authenticate and obtain tokens through OAuth 2.0 flows, including on-behalf-of delegation and autonomous app-only operation, and receive the same identity-driven protections as users such as Conditional Access, risk detection, and lifecycle governance. It works with agents built on Microsoft and non-Microsoft platforms.
Agent loop shape. Rather than running an agent loop itself, Entra Agent ID is the identity plane an agent calls at action time. An agent identity is provisioned from a blueprint and obtains scoped access tokens through OAuth 2.0 flows: on-behalf-of when acting for a user, client-credentials when acting autonomously. Each token-protected resource access is governed by adaptive access policies and logged, so the agent only reaches what its identity is permitted to and every action is attributable.
Primary use cases
- issuing governed identities to AI agents
- delegated and autonomous agent authentication via OAuth 2.0
- applying Conditional Access and Zero Trust controls to agents
- lifecycle governance and audit of agent identities
Key concepts
- Agent identity blueprint → ephemeral-agent-identity (docs) — A template defining an agent's configuration and governance model, with parent-child relationships, from which individual agent identities are derived so consistent policy applies across large fleets.
- Agent OAuth flows → delegated-agent-authorization (docs) — The on-behalf-of (delegated), client-credentials (autonomous app-only), and agent-user-account patterns by which an agent obtains an access token scoped to a single target resource.
- Conditional Access for agents → policy-as-code-gate (docs) — The if-then policy engine evaluated at token issuance that allows, blocks, or limits an agent's access to a resource based on subject, audience, device, location, and risk signals.
- Agent's user account (docs) — A directory user account linked to an agent identity so a digital worker can hold a mailbox, join groups, and participate in collaborative workflows as a team member.
Patterns this app implements —
- ★Delegated Agent Authorization
Agents acquire scoped access tokens through OAuth 2.0 on-behalf-of and client-credentials flows rather than using a principal's static secrets, with credential rotation via managed identities, so eac…
- ★Policy-as-Code Gate
Conditional Access is an externally-managed policy engine evaluated before a token is issued: every agent access request is checked against if-then policy requirements that allow, block, or limit acc…
- ★Ephemeral Agent Identity
Each agent is provisioned its own purpose-built directory identity from an agent identity blueprint, with lifecycle governance and credential rotation, rather than sharing a human's identity, so agen…
- ★★Provenance Ledger
All agent authentication and activity is logged for compliance and audit through Entra's sign-in and audit logs, so each agent action carries enough recorded metadata to explain or attribute it after…
Neighbourhood
Click any neighbour to follow the lineage. Scroll to zoom, drag to pan.
Alternatives & relatives
- full-code · framework
Open Policy Agent (OPA)
Open Policy Agent is the externalized authorization engine that complements Entra's identity plane: Entra establishes who an agent is, OPA evaluates whether a given action is allowed.
- full-code · framework
Cerbos
Cerbos provides fine-grained, externalized authorization decisions over what an authenticated agent identity may do, complementing Entra's identity issuance and Conditional Access.
- full-code · framework
Arcade
Arcade also brokers scoped, delegated authorization for agents to access third-party tools and APIs, overlapping with Entra's delegated-access role.
References
Provenance
- Last analyzed:
- Last updated:
- Verification status: partial