Entra Agent ID

One of the challenges I faced developing an agent for my side project (Biotrackr) was how do I manage identity. Some AI Agents share the same service principals or managed identity with the application, which is used to authenticate API calls, access databases etc. This is an issue, because if the application has contributor access to a database, so does the agent. If the agent gets compromised, then the blast radius extends to the entire application’s permission scope. ...

Can your AI Agent run code? If not, you probably don’t think that unexpected code execution applies to you. However, this goes a lot deeper than eval(). Input validation, container security, static analysis, and runtime monitoring all play a part here. Even an Agent with read-only capabilities and no code interpreter has an execution environment, tool parameters that flow from LLM output, and a CI/CD pipeline that needs to be secure. ...

Introduction: The Identity Problem with AI Agents AI agents are moving beyond simple prompt-and-response. They’re calling APIs, reading databases, writing to storage etc. Doing actions on real resources with real consequences. This raises a question every platform team eventually asks: whose identity should the agent use? Today, most agents authenticate to Azure services one of two ways: Delegated (on-behalf-of-user): The agent acts as the signed-in user. This can work for interactive scenarios, but it means the agent inherits all of the user’s permissions. Which far more than a narrowly-scoped tool call should need. It also falls apart for background or autonomous agents that run without a user session. App-only (managed identity or client credentials): The agent authenticates as the hosting application. This solves the “no user present” problem, but now every agent running on the same compute shares a single identity. You can’t distinguish which agent accessed which resource in your logs. You can’t give one agent read-only access to Cosmos DB while another gets read-write. The agent is the app, as far as Azure is concerned. Neither option gives you what you actually want: a discrete, auditable identity for the agent itself. One that’s separate from the user, separate from the hosting infrastructure, and scoped to exactly the permissions the agent needs. ...

In Microsoft Entra Agent ID, we use agent identity blueprints to create agent identities and request tokens using those agent identities. These agent identities represent AI Agents within your tenant, and is usually provisioned when we create a new AI Agent. In this post, we’ll go through an end-to-end example of creating an agent blueprint using Microsoft Graph PowerShell, then we’ll create an Agent Identity using a ASP.NET Web API that we’ll deploy to Azure Container Apps. ...

As agents become more capable of making decisions, they require own identities to ensure proper governance, security, and accountability. AI Agents are already being used in a variety of different workflows (perhaps you’ve deployed some yourself!). But as they become more capable and make autonomous decisions, there are several concerns and challenges that must be addressed: How do we authenticate and authorize agents? How do we govern them? Probably most important of all, how do we distinguish them from humans?! Microsoft Entra Agent ID extends identity capabilities to agents, which help developers to build, govern, and protect agent identities. In this article, we’re going to explore how Entra Agent ID gives agents security capabilities, such as control access policies, identity protection, and more. ...