Microsoft Entra Agent ID Public Preview for AI Agents

Introduction: Why this matters

AI agents are rapidly moving from isolated pilots to widespread deployment across enterprises. That growth creates a new identity and security problem: organizations need consistent visibility into agent sprawl, strong least-privilege access controls, and automated governance to reduce the blast radius if an agent is misconfigured or compromised. Microsoft Entra Agent ID aims to make agents “first-class identities” so IT and security teams can manage them with the same operational muscle they already use for users, apps, and devices.

What’s new in Entra Agent ID (Public Preview)

1) A dedicated identity for every agent

Entra Agent ID requires each agent to have a unique identity, enabling standardized authentication, authorization, and auditing. Agents built on Microsoft platforms (e.g., Copilot Studio, Microsoft Foundry, Security Copilot) can automatically receive an Agent ID.

2) Agent Registry: unified discovery and inventory

A key addition is Agent Registry, an extensible metadata repository providing a consolidated view of agents deployed in the tenant—across Microsoft platforms, open-source frameworks, and third-party solutions (via an agent identity platform for developers). This directly targets the hardest operational challenge: discovering what exists and where it’s operating.

3) Agent identity blueprints for scalable management

Agent identity blueprints act as templates for permissions, roles, and governance policies for classes of agents. Approve once, inherit everywhere. Critically, disabling a blueprint can immediately shut down all agents created from it—useful for rapid containment during incidents.

4) Built-in governance automation

Entra governance capabilities are extended to agents, including:

• Lifecycle Workflows to automate sponsor updates and deactivation (every agent requires a human sponsor).
• Access Packages to bundle roles and resource access into an approval-driven, auditable, time-bound process.

5) Security controls: Conditional Access and risk-based protection

Agent ID integrates with core Entra security features:

• Conditional Access for agents (as actors or protected resources)
• Identity Protection signals to flag risky agents and automatically block or restrict them
• Custom security attributes to tag agents (e.g., “HR-approved”) and enforce attribute-based access policies

Impact for IT admins and security teams

• Improved observability: a clearer inventory and trends view in the Entra admin center.
• Consistent guardrails: apply established Entra patterns (least privilege, approvals, lifecycle governance) to agents.
• Faster response: blueprint-level controls can reduce time-to-containment for problematic agent classes.

Recommended next steps

• Enable early access for Microsoft Agent 365 and explore Agent ID in the Entra admin center.
• Start with discovery: review how many agents exist today and who sponsors them.
• Define blueprints for common agent types (HR, finance, IT helpdesk) and apply least-privilege Access Packages.
• Pilot Conditional Access + Identity Protection policies specifically for agent identities.
• If you build custom agents, evaluate the Entra Agent Identity Platform for Developers and consider joining the Frontier early access program.