Microsoft Entra Agent ID
Microsoft Entra Agent ID gives each AI agent its own governed directory identity so that an organisation can authenticate, scope, and audit what agents do rather than letting them act under shared or human credentials.
Description
Microsoft Entra Agent ID is an identity and security framework that extends Microsoft Entra to AI agents. It provides purpose-built identity constructs for nonhuman agents, created from agent identity blueprints that act as templates with preconfigured permissions and policies. Agents authenticate and obtain tokens through OAuth 2.0 flows, including on-behalf-of delegation and autonomous app-only operation, and receive the same identity-driven protections as users such as Conditional Access, risk detection, and lifecycle governance. It works with agents built on Microsoft and non-Microsoft platforms.
Solution
Rather than running an agent loop itself, Entra Agent ID is the identity plane an agent calls at action time. An agent identity is provisioned from a blueprint and obtains scoped access tokens through OAuth 2.0 flows: on-behalf-of when acting for a user, client-credentials when acting autonomously. Each token-protected resource access is governed by adaptive access policies and logged, so the agent only reaches what its identity is permitted to and every action is attributable.
Primary use cases
- issuing governed identities to AI agents
- delegated and autonomous agent authentication via OAuth 2.0
- applying Conditional Access and Zero Trust controls to agents
- lifecycle governance and audit of agent identities
Open the full interactive page →
Diagram, neighbourhood map, code examples, related patterns and full provenance.