CISO
Enterprise Architect
Compliance Officer
Industry relevance
Financial Services
Healthcare
Government
MAY 1, 2026
Conditional Access for delegated AI agents is now GA. Agents with independent identities, the highest-risk class, remain in preview without equivalent access controls.
Microsoft confirmed on May 1, 2026 that Conditional Access for agents is generally available for delegated access agents, those that act on behalf of a licensed human user. Conditional Access for own-access agents, those that operate with an independent identity not tied to a user session, remains in public preview. Microsoft Entra ID Protection applies dynamic risk evaluation to both agent and user identity signals and feeds those signals into Conditional Access policies. The GA and preview split means the two agent classes operate under materially different access control regimes at Agent 365 launch.
GOVERNANCE IMPLICATION
The GA of Conditional Access for delegated agents closes a specific access control gap that has existed since Copilot Studio agents entered production. Previously, agent-initiated access was governed only by the permissions of the human user account the agent acted under, with no dynamic risk evaluation applied to the agent session. Conditional Access now means elevated risk signals can block or constrain agent access in real time. For regulated organizations, this shifts agent access governance from a static permission model to a dynamic, risk-evaluated one. The GA and preview split is the critical detail: own-access agents with independent identities, the most autonomous and highest-risk class, still lack GA-grade access controls at Agent 365 launch.
SCENARIO
A broker-dealer deploys 20 Copilot Studio agents after Agent 365 GA. The CISO confirms Conditional Access is available and assumes all agents are covered. An internal audit three months later finds eight agents are configured as own-access agents with independent identities. Those eight are not covered by the GA Conditional Access model: they fall under the preview capability the firm never enrolled in. The agents with the broadest data access are the ones outside the GA governance boundary.
THE GOVERNANCE QUESTION
Your Agent 365 deployment includes both delegated agents covered by GA Conditional Access and own-access agents covered only by preview capabilities. Which agents in your registry fall into each class, have you configured Conditional Access policies for each class separately, and who is accountable for the access risk on own-access agents until they reach GA?
CONTROL GAP
Conditional Access policies for agents are not automatically configured at Agent 365 deployment. Each organization must define and test agent-specific policies before agents go live, a governance step that most deployment processes do not include as a required gate.
REGULATORY RELEVANCE
OCC
FINRA
FFIEC
SEC Cyber
NIST Ai RMF
PRIMARY SOURCE
What's New in Agent 365: May 2026
Microsoft Agent 365 Blog
May 1, 2026
Read the primary source →(opens in new tab)CONTINUE READING
MARCH 29, 2026
Identity DataMicrosoft’s current guidance on extending Microsoft 365 Copilot with agents explicitly warns that tools and knowledge can pull from untrusted sources and influence behavior. The implication is clear: every custom agent added to Copilot is also a new prompt-injection and tool-governance surface.
MARCH 27, 2026
Identity DataMicrosoft Purview continues to be presented as a portfolio spanning data governance, security, and compliance, including controls such as information protection, DLP, investigations, and compliance tooling. In practice, that means Copilot readiness is inseparable from whether Purview-classification and policy work has actually been done.
MARCH 25, 2026
Identity DataMicrosoft Entra Agent ID extends Entra security capabilities to AI agents for build, discover, govern, and protect workflows. It applies conditional access policies, identity governance, identity protection risk signals, and network controls to agents. It is part of Agent 365 and currently requires a Microsoft 365 Copilot license with Frontier enabled.