Surfing the AI Wave: Manage, Govern, and Protect AI Agents with Microsoft Entra Agent ID

Last month, when I blogged about riding the AI wave, I reviewed the reality of AI Agent adoption, basic information about agents, and the challenge of managing them at scale. I could only hint about what we’d announce at Microsoft Ignite: a huge update for the Microsoft Entra Agent ID public preview.

I’d like to thank customers and partners who’ve been paddling out to the deep waters of agent visibility and security with us. Your feedback has been crucial in this journey, and it was super cool to feature a few of you in my Agent ID Ignite session. Thank you.

 🎥 Watch the replay of Alex’s session at Microsoft Ignite to see Agent ID in action.

 The challenge organizations are facing is crystal clear:

How do we harness the power of AI agents securely and at scale?

Every CISO I talk to shares similar concerns:

• How will I get observability to the growing sprawl of AI agents?
• How will I ensure agents only access what they need?
• How will I track all the things agents are doing?
• How can I protect my organization if an agent goes rogue or gets compromised?

These concerns must be addressed - not only so CISOs can sleep better at night, but also to help your organization create value with all the incredibly cool AI agents being built now and for the foreseeable future. And this is why we introduced Agent ID.

This blog kicks off a series that will dive deeper into the three solution areas that Agent ID unlocks: the ability to register and manage AI agents, govern agent identities and lifecycle, and protect agent access to resources.

Get to know Microsoft Entra Agent ID

Agent ID is the heartbeat of Microsoft Agent 365, the control plane for all your agents. No matter where they’re built—on Microsoft platforms, open-source frameworks, or third-party solutions—Agent 365 gives you a single, secure way to deploy, organize, and govern them. Think of it as the next evolution of the systems you already trust to run your enterprise, now extended to the agentic era.

Access controls for agents

As the number of AI agents in your environment skyrockets, access control isn’t just important—it’s mission-critical. By requiring every agent to have its own unique Agent ID, you can manage agents confidently and make sure they only touch the resources they truly need. And for IT, this means putting strong guardrails in place—clear policies for who can create, onboard, and manage agents—so you stay in control while enabling innovation.

We’ve designed Agent ID so you can manage AI agent identities using the same tools that you use to secure access for users. If you know how to use conditional access, identity protection, identity governance, and network controls in the Entra admin center, you have the skills to manage agents. Plus, you can use Entra agents to automate quite a few of these tasks now.

A comprehensive inventory of agents   

In addition to the identity and network access foundations, we think there's one key challenge that's harder with agents than the rest, which is discovery. So we've added a whole new layer to Entra that we call Agent Registry. This brand-new capability is an extensible metadata repository that delivers a unified view of agents deployed in your organization.    

Agent ID works with Microsoft agent-building platforms and a rapidly growing ecosystem of partners. And for folks building outside Microsoft platforms, we offer our agent identity platform for developers to make integration simple.

Exploring the benefits of Agent ID for your organization

IDC says there’ll be 1.3 billion AI agents in the next three years. All the CISOs I talk with say agents are already being deployed at some level in their organizations. To take on this wave and safeguard against risks, I hope you’ll join the Frontier program to pilot Agent ID and the rest of the Agent 365 early access capabilities.

Your Agent ID overview

The first step is getting visibility to how many agents are already deployed in your organization. In the Entra admin center, Agent ID is listed just below Users, Groups, and Devices in the left nav. Clicking it brings you to an overview of agents in your tenant, where you can monitor trends and drill down on the agent identities, blueprints, and collections that need your attention.

✅ Manage: Bring AI Agents Into Your Identity Framework

Managing AI agents starts with treating them like first-class citizens in your identity system. With Agent ID, you can:

• Get visibility to agents built on Microsoft platforms like Copilot Studio, Microsoft Foundry, and Security Copilot, and our ecosystem of partners and agent developers in Agent Registry, an extensible data repository for agent information.
• Assign a unique identity to an agent—just as you can for users, apps, and devices.
• Manage agents at scale with agent identity blueprints, the templates that define permissions, roles, and governance policies for classes of agents. Approve a blueprint once, and every agent created from it inherits those settings. If something goes wrong, disabling the blueprint instantly shuts down all associated agents.
• Manage agent identities across their lifecycle using tools you know in Entra Admin Center.

Agents created through Microsoft platforms can automatically get an Agent ID. It’s like stamping a VIN on each car that rolls off the factory floor. This means you’ll be able to apply many of the same controls you already trust for users and workloads, starting with identity governance.

> Learn how to view and manage agent identities in your Microsoft Entra tenant.

✅ Govern: Control Access and Automate Lifecycle Management

You can’t care for and feed AI agents with the individual attention you give a pet—they’re more like a school of fish. You’ll have thousands, maybe millions, operating in your environment, so manual oversight isn’t possible. Governance must be automated, scalable, and policy-driven.

Here are some of the features in Entra Agent ID Public Preview that can help:

• Lifecycle Workflows automate sponsor updates and deactivation. Every agent needs a human sponsor, and workflows ensure that when a sponsor leaves or changes roles, you’re notified and can reassign responsibility.
• Access Packages bundle permissions, roles, and resource access into a single approval process. This helps enforce least privilege at scale and ensures every assignment is deliberate, auditable, and time-bound.

> Learn more about governing agent identities.

✅ Protect: Apply Conditional Access and Risk-Based Policies

Identity security is where Microsoft Entra shines, and we’ve extended its capabilities to AI agents. With Agent ID, you can:

• Use Conditional Access for agents, whether they’re actors or resources.
• Leverage Identity Protection to flag high-risk agents based on behavior and risk signals. Combine this with Conditional Access to automatically block compromised agents.
• Apply custom security attributes to tag agents by type or sensitivity, then enforce policies based on those tags. For example: Only HR-approved agents can access HR resources.

With these protections, you can enable innovation while keeping your organization secure.

> Learn more about Conditional Access capabilities for agents and risky agent reports for agents.

🚀 Get Started Today

All the capabilities discussed above are available in public preview. Turn on early access for Microsoft Agent 365 and start experimenting with Agent ID in the Entra admin center.

And if you’re a developer, now’s the time to get engaged. Get started with the Microsoft Entra Agent Identity Platform for Developers.

How to get started with Microsoft Entra Agent ID: 

🎥 Watch the replay of the Agent ID session at Microsoft Ignite to see Agent ID in action.

📚 Learn more in our Agent ID documentation on Microsoft Learn.

🔍 See how many agents are in your tenant today: Agent ID in the Microsoft Entra admin center.

🚀 Try what’s next in AI—including Microsoft Agent 365—with the Frontier early access program.

🌊What’s Next?

Folks, this will be my final blog here.

After 34 years at Microsoft working on everything from Encarta to MSN to Dynamics CRM to Windows 7 to Entra I’ve made the decision to retire from Microsoft to start a 2^nd career as a college volleyball coach. The last 14 years leading the identity and access business have been an amazing ride and I want to thank all the customers, partners and my colleagues for making it a wonderful experience. It’s been a privilege to work with all of you!

This is just the beginning of shaping the future of secure AI adoption, and I’m grateful to have so many awesome teammates who’ll be continuing the journey with you. Upcoming blogs here will dive deeper into our Agent ID solutions themes—Manage, Govern, and Protect—with practical guidance, demos, and best practices.  

Farewell, and keep up the great work.

Alex