Riding the AI Wave: How Microsoft Entra is Evolving for the Agentic Era

⏰Secure access for AI agents with Microsoft Entra is Tuesday, November 18, 2025 at 3:45PM Pacific Time.

 

This blog is based on my keynote at The Experts Conference in October 2025.

I’m in my 34th year at Microsoft—hard to believe, considering I was too young to drink and without gray hairs when I joined. I remember the day, about 15 years ago, when my phone rang. Back then, we had actual desk phones you had to pick up, with little LCD displays that showed who was calling. The display lit up: "Satya N." Whoa!

"Hey Alex," he said, "I have this new role as director of the team for identity. I think you'd be perfect."

First, I couldn't believe Satya Nadella was calling me directly. Second, I was thinking: "Really? You want me to work on identity?" But then I spent two hours with him as he explained how identity is the cornerstone of Microsoft's enterprise strategy and that he needed someone to help drive its transition to the cloud.

Three weeks later, I started what's become the best job I've ever had, helping take Active Directory from on-premises to the cloud as Azure Active Directory, then evolving it into Microsoft Entra as a full identity and access management solution. And while that voyage has been really cool, it hasn’t fundamentally changed how identity works.

A much bigger wave of innovation has started.

The AI Wave

A year ago, my boss, Joy Chik told me, "I want you to focus on AI and how we get ready for the future."

Since then, I've been trying out AI tools, building my own agents, putting our strategy together, and talking with customers, industry analysts, and AI experts around the world. That’s why I’m convinced this next wave will fundamentally change how humans work and how our economy functions, just as the Industrial, Electrical, Internet, and Mobile Revolutions did.

Around 12,000 years ago, humans began domesticating plants and animals, transitioning from hunting and gathering to agriculture. During the next big wave, we developed complex societies and created governments. With the Industrial Revolution and power from coal, steam, and eventually electricity, we could start building big factories and large cities. Before the Electrical Revolution, most humans went to sleep when it got dark. Now we all stay up watching late night TV while scrolling on our devices.

Today, we’re living through the Internet and Mobile Revolution. This has been a big, big shift, but AI represents a much bigger wave of innovation.

The Reality of AI Agent Adoption

It seems a lot of our customers feel the same way. A KPMG survey of large organizations revealed that 42% have active AI agents working for them today, up from 11% just six months ago.¹ And we're just getting started.

A lot of great agents that can help your business are already available in Microsoft 365 and the Security Copilot platform, as well as through our partners like Workday and ServiceNow

IDC projects that by 2028, there’ll be 1.3 billion AI agents in large companies in the developed world.² As just one real world example of this coming wave, at Microsoft, we’re already using agents in development, security, research, and analytics. From what I see, it won’t take long before we have more agents than human employees. My bet? Within two years, we'll have over a million active AI agents in the Microsoft tenant.

Not only are there lots of agents, but they’re also ephemeral. They get spun up, run for a couple of weeks, then get turned off. You need the ability to deal with agents coming and going at a massive scale.

What Exactly Is an Agent?

Let me step back for a moment and clarify how we think about agents at Microsoft.

An AI agent is an LLM with domain knowledge, an ability to act, and guardrails.

An agent is an LLM with a set of instructions telling it what its job is plus supporting code that provides plumbing and guardrails and verifies results. But what makes an agent special are two things:

1. Domain knowledge: It knows about your business, a specific process, or technology areas, ideally with memory so it can learn and improve.
2. Ability to act: It can make API calls to something like MS Graph, Azure resources, or other systems to take action, and then send input or data back to whoever called it.

And since they can act, agents need proper access controls. My assertion is that every single agent needs an identity.

Think of it this way. An auto manufacturer would never ship a car without a VIN number. For our part, all agents from Microsoft will come with a built-in agent identity, so you can track them, control their access, and manage their entire lifecycle.

An agent to optimize Conditional Access policies

One of the agents I'm most excited about is the Conditional Access Optimization Agent in Microsoft Entra. This agent inspects your Conditional Access policies, helps you understand what they do and where security gaps exist, then keeps them updated.

Using this agent, customers are already uncovering an average of 26 policy gaps per month that might otherwise be missed and/or maliciously exploited. 73% of customers who use it have made meaningful improvements in their security posture based on its recommendations.³

 

Microsoft Teams alerts for the Conditional Access Optimization Agent help your team act quickly on the agent’s suggestions.

This isn't just ChatGPT pointed at APIs. It's a purpose-built agent loaded with all the knowledge and expertise that my team and our customer-facing teams have learned about building effective Conditional Access policies. It continuously analyzes your tenant and all your Conditional Access policies, detects policy overlap, finds unprotected users and applications, and then helps remediate gaps with a single click. It can also identify risky configurations, like break-glass accounts that aren't excluded or policies with too many exclusions.

The agent even creates tickets in ServiceNow for proposed policy updates, ensuring compliance with your change management requirements. It can design phased rollout plans to gradually enable policies while minimizing user disruption. It can even deploy new policies for you in pilot mode. Then on an ongoing basis, it checks for new users and apps so you can make sure they're protected by policy correctly.

🎯 Read Alex’s Oct 14, 2025 post: The Conditional Access Optimization Agent keeps getting better—and making your life easier

Think of Conditional Access Optimization Agent as evolving into your Zero Trust consultant and advisor, saving you time and money while improving your security posture. You’ll see more agents, from us and across the industry, that bring deep expertise and analysis to you more quickly and conveniently.

Joy Chik will be announcing more capabilities of agents in Microsoft Entra in her Microsoft Ignite session on Tues, Nov 18: Microsoft Entra: What's New in Secure Access on the AI Frontier.

Managing at Scale: Cattle, Not Pets

In addition to the permissions model, the other big challenge is managing agents at scale. I’m breaking my boats and waves analogy with a better, land-based metaphor. AI agents are cattle, not pets. To care for and feed a pet, you need time that you just won’t have in the agent space. With so many agents coming and going, you’ll need to govern a sprawling, diverse herd across all your ranches—with lifecycle automation at scale.

Automated identity lifecycle management will be necessary to handle the scale of agents being deployed, updated, and deprovisioned to reduce risk.

You'll need strategies for:

• How agents get deployed and tracked
• Knowing who's responsible for them
• How to provision and approve access for agents
• Running ongoing access campaigns
• Automatically revoking permissions
• Proving which version of an agent is running
• Deprovisioning agents you no longer need

Any holes in your governance or lifecycle management will overwhelm everyone, especially with access reviews. So we’re working hard on this challenge, creating a framework for your agent identity governance strategies.

Secure Access for agents: Microsoft Entra Agent ID

Soon, you’ll be able to manage, protect, and govern agents as first-class enterprise identities.

At Microsoft BUILD, we announced support for AI agents into Microsoft Entra. Our goal is simple: bring the same protections and controls you rely on for workforce identities to AI agents. We've added agents as an identity type in Microsoft Entra, and are developing capabilities for access management, security, and identity governance capabilities.  These agent identities will be pre-configured in the tools that you use to create agents, including Foundry, Copilot Studio, Security Copilot, at third-party platforms. 

I’ll be revealing many more details during my Ignite session “Secure access for AI agents with Microsoft Entra” so you can get started.

Evolving Standards for the Agent Era

Microsoft Entra enables a huge ecosystem of partners and applications, and we collaborate across the industry to ensure all agentic identity systems can adopt common standards that enable integration, reduce security risks, and follow best practices agreed upon by expert practitioners, academia, and standards bodies.

To enable this, we're working in the OAuth 2.0 standards groups on critical changes to:

• Represent agents as first-class actors (not clients, not users, but something new)
• Make sure agents can have independent permissions
• Make agent actions traceable (so logs show "agent acting on behalf of Alex," not just "Alex")
• Enable fine-grained permissions, discovery, and delegation for agents. 

The changes we’re proposing to OAuth will make it possible to see that an agent is acting on its own behalf, on behalf of a user, or on behalf of another agent. 

We're also thinking about the full chain of responsibility. How does an agent down the chain discover what permissions it needs and then come back and ask you for them? These capabilities will be incorporated into MCP to enable agent-to-agent protocols.

We're also working on how to give agents fine-grained access to specific resources, like a folder, rather than broad access, like to an entire cloud. Adhering to this Zero Trust principle of agents only having the access they need is a great way to reduce your risk surface.

Extending SCIM Standards for Agent Lifecycle Management

Along with the OAuth work, we're suggesting a set of changes to the open SCIM standard to enable support for agents.

Think about how SCIM works today: We use it to put a user from your HR system into Entra, which creates a user record in Entra, then we send it out to other apps through your governance system.

We need the same thing for agents. Any kind of agent builder (something that creates agents) needs the ability to use SCIM to put agent records into Entra. Then Entra can retrieve those agent records and configure them correctly into all of your SaaS apps.

Standardized schema extensions to open standards make it possible to provision agents with the rich context that applications need.

We think this is the right way to ensure you have great governance and automation around agents. It's easy for an agent to show up and get registered, but much harder to manage it on an ongoing basis. That's why we need these updates to SCIM.

What You Should Do Now

First, get started experimenting with AI agents. See what works for you. Try our agents in Microsoft Entra, or build your own with Copilot Studio—you can do amazing things. I’ve noticed that what used to take my product management team three to four weeks to get done now takes two or three days with agents. Make sure your company has a plan to start piloting a few.

Second, think about your agent taxonomy, starting with the three kinds of agents I discussed above. What kinds of agents will you build? What data will they need? How will you govern access and ensure high-privilege data only gets accessed by proven, trusted agents versus ones somebody spins up on their desktop? The Copilot Studio team offers some good resources as you consider building, administering, and governing agents.

Finally, tune into our live-streamed session “Secure Access for AI Agents with Microsoft Entra” on November 18 at Microsoft Ignite 2025. We’ll explain in detail how all of this works.

We're committed to doing the hard work for you and with you. Microsoft Entra support for AI agents will give you great tools for harnessing AI agents safely in your corporation. As Satya said at BUILD: "Our goal is simple—bring the same protections and controls you rely on for employee identities to AI agents."

The agentic wave is coming. We can all ride the top of the wave, or we can drift below and get splashed—it’s our choice.

 

Surf's up!

Alex

 

¹ KPMG AI Quarterly Pulse Survey | Q3 2025. September 2025. n= 130 U.S.-based C-suite and business leaders representing organizations with annual revenue of $1 billion or more.

 ²  IDC Info Snapshot, 1.3 Billion AI Agents by 2028, May 2025

³ James Bono, Beibe Cheng, and Joaquin Lozano, Randomized Controlled Trials for Conditional Access Optimization Agent, October 2025, Microsoft Corporation.

 

⏰Tune in for Secure access for AI agents with Microsoft Entra on Tuesday, Nov. 18, 2025 at 3:45PM Pacific Time.

 

 

Learn more about Microsoft Entra 

Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.

• ⁠Microsoft Entra News and Insights | Microsoft Security Blog
• ⁠⁠Microsoft Entra blog | Tech Community
• ⁠Microsoft Entra documentation | Microsoft Learn
• Microsoft Entra discussions | Microsoft Community