
AI agents run in Copilot Studio, Azure AI Foundry and dozens of other environments — but who manages their identity? Entra Agent ID is now generally available and brings Conditional Access, Identity Protection and lifecycle management to non-human identities. What does this mean for IT teams looking to deploy AI safely?
Every user in your Microsoft 365 environment has an identity in Entra ID. That identity determines what they can access, from which devices they may sign in, and whether risks are detected. AI agents, the automated software processes that execute tasks, retrieve data, and act on behalf of users, have long lacked this. They often ran under a generic service account, a shared credential, or entirely without a formal identity policy.
That is changing. Microsoft brought Entra Agent ID to general availability in April 2026. In July 2026, two new service plans are rolling out that make Conditional Access and Identity Protection available for agent identities as well. For IT teams looking to deploy AI agents responsibly, this is the infrastructure they have been waiting for.
Entra Agent ID is a product within Microsoft Entra that provides an identity platform for AI agents. Organisations that build agents in Copilot Studio or Azure AI Foundry, or deploy them via Microsoft 365 Agent licences, now get the same identity constructs as for human users and workloads, tailored specifically for automated processes.
The core problem Entra Agent ID solves is visibility and control. How many AI agents are currently running in your tenant? Which data do they have access to? Who is the owner? If you cannot answer those questions, you have a governance gap. Entra Agent ID makes it possible to view a consolidated directory of all agents in the tenant via the Entra admin centre, including agents from Copilot Studio, Azure AI Foundry, and other supported environments.
An agent identity is a specific identity type in Entra ID designed for AI agents. Each agent receives a unique object ID and an app ID. For agents created via Copilot Studio, Entra Agent ID handles automatic provisioning as soon as the feature is enabled at environment level. For Azure AI Foundry, this also happens automatically through integration with the agent lifecycle.
One of the key technical advantages is that agents do not need to contain secrets or passwords to access downstream systems. When an agent invokes a tool, an automatic OAuth 2.0 token exchange takes place between the agent service, Entra ID, and the target resource. Developers do not need to manage tokens manually. This eliminates one of the most common security problems in automated processes: embedded credentials in code or configuration.
Conditional Access in Microsoft Entra is where access decisions are made. Is someone signing in from an unknown location? Require MFA or block access. Does an account have a high risk level? Require additional verification. This logic can now be applied to agent identities as well.
What is distinctive about Conditional Access for agents is the blueprint concept. An IT administrator sets policy at the level of an agent blueprint, a template from which all instances of a particular agent originate. All future instances automatically inherit the policy, without each agent needing to be individually configured. Want to disable an entire class of agents? That can be done with a single operation at blueprint level.
The new service plans 'Entra Conditional Access for Agents' and 'Entra ID Protection for Agents' roll out in July 2026 under Microsoft 365 E7 and Microsoft Agent 365 licences. For organisations with Microsoft 365 E5, a separate Agent 365 licence is required to activate this functionality.
Entra ID Protection by default monitors user identities for risky patterns, such as sign-ins from unusual locations, token manipulation, or behavioural anomalies. Those same detection mechanisms are now being extended to agent identities.
This matters because agents can become attack vectors. A compromised agent acting on behalf of a user can exfiltrate data, perform unauthorised actions, or serve as a stepping stone for lateral movement in the environment. Identity Protection for agents detects abnormal behaviour in real time and can automatically trigger remediation actions, such as blocking the agent or requiring review by an administrator.
In the Entra admin centre, under Agent ID, a central directory of all agent identities in the tenant is available. IT teams can see which agents are active, when they were last deployed, which resources they have accessed, and who the owner or sponsor is.
Lifecycle management includes setting an expiration date for an agent identity, assigning a responsible owner, and defining a business sponsor. An agent that is no longer in use automatically loses access on the configured end date. This connects to the Entra ID Governance features for access reviews and authorisation cycles that IT teams already know from user management.
Four concrete actions for organisations that deploy AI agents or plan to do so. First: inventory which agents are already running in your tenant. Open the Entra admin centre and navigate to Agent ID for an initial overview. You may be surprised at how many agents are already active, especially if Copilot Studio or Azure AI Foundry is already in use.
Second: enable automatic agent identity provisioning for the Copilot Studio environments you manage. This ensures that new agents immediately receive a formal identity in Entra rather than running anonymously.
Third: set up baseline Conditional Access policies for agent identities. Similar to how you establish baseline protection for users, define for agents from which networks they may operate, which resources they may access, and under what circumstances their access is blocked.
Fourth: review your licensing situation. The new Conditional Access and Identity Protection service plans for agents fall under M365 E7 or M365 E5 combined with an Agent 365 licence. If you have an E3 environment, this is the moment to evaluate the licence roadmap in the context of your AI strategy.
The introduction of Entra Agent ID fits into a broader shift in how the security model around AI is structured. Where the initial focus was on securing the data that agents process, via Purview and DLP policy, attention is now also shifting to the identity of the agent itself. Who or what is this agent? Is it allowed to do this? Is its behaviour normal?
As agents become more autonomous and perform increasingly independent tasks within Microsoft 365 environments, the importance of identity controls at agent level grows. Zero Trust principles, verify always, grant minimum permissions, assume compromise, now apply to the non-human participants in your environment as well.
Want an overview of which AI agents are currently active in your Microsoft 365 environment, or help setting up Conditional Access and governance for agent identities? Contact Zarioh for a practical conversation about your AI security strategy.
Zarioh Digital Solutions
IT specialists from Utrecht, the Netherlands. We help businesses with Microsoft 365, AI agents, hosting and telephony — and share what we learn in practice. Follow us on LinkedIn