CISO
Enterprise Architect
Compliance Officer
Industry relevance
Financial Services
Healthcare
Government
MARCH 25, 2026
Entra Agent ID is now in public preview — without it, every agent action in your M365 environment is attributed to a human identity, not the agent that took it.
Microsoft Entra Agent ID extends Entra security capabilities to AI agents for build, discover, govern, and protect workflows. It applies conditional access policies, identity governance, identity protection risk signals, and network controls to agents. It is part of Agent 365 and currently requires a Microsoft 365 Copilot license with Frontier enabled.
GOVERNANCE IMPLICATION
The public preview of Microsoft Entra Agent ID establishes the technical baseline for agent identity governance in the Microsoft ecosystem. Before Entra Agent ID, agent actions in M365 environments were attributed to the licensed human user who invoked the agent — not to the agent itself. For regulated organizations, this creates an audit trail problem: the access log shows human identity, not agent identity, making it impossible to distinguish a human's data access from an agent's data access in post-incident review. Entra Agent ID closes that gap by providing cryptographic identity, conditional access enforcement, and lifecycle governance per agent.
SCENARIO
A broker-dealer's compliance team is reviewing access logs following an unauthorized data access incident. The logs show a series of SharePoint accesses attributed to a senior analyst's account. The analyst was in meetings during the access window. The compliance team eventually determines that a Copilot Studio agent authorized to act on the analyst's behalf made the accesses. Because the accesses are attributed to the human identity, the distinction is not visible in the log without a manual investigation. Had Entra Agent ID been deployed, the agent's identity would appear in the access record alongside the human sponsor.
THE GOVERNANCE QUESTION
Entra Agent ID is the mechanism for assigning verifiable, auditable identity to every AI agent in your enterprise. It is currently in public preview and requires Frontier access. If your agents are operating without it today, what is the current basis for claiming that any agent action in your environment is traceable to an authorized identity, auditable by compliance, and defensible to a regulator?
CONTROL GAP
Without Entra Agent ID, all agent-initiated access in M365 environments is attributed to the licensed human user account. Regulated organizations cannot distinguish human access from agent access in audit logs without implementing Entra Agent ID or maintaining separate agent activity tracking outside the native logging infrastructure.
REGULATORY RELEVANCE
OCC
FINRA
FFIEC
SEC Cyber
NIST Ai RMF
CONTINUE READING
MAY 21, 2026
Identity DataMicrosoft's May 2026 security roundup (Microsoft Security Blog, May 21, 2026) introduced an Anthropic Claude connector for Microsoft Purview, extending centralized visibility and audit signals across Claude Enterprise, Claude Console, and the Claude API. The same update reported Agent 365 reaching general availability and Windows 365 for Agents expanding in public preview. The connector gives Purview insight into Claude interaction and audit log activity alongside an organization's existing Microsoft AI estate.
MAY 7, 2026
Identity DataMicrosoft Digital published an internal governance guide for Microsoft 365 Copilot on May 7, 2026, updated June 8, 2026, authored by Alex Fleck on the Inside Track Blog. The guide states that by trusting employees to apply sensitivity labels and defaulting new content to inherit labels from parent containers, Microsoft accounts for 99 percent of its governance needs. The guide covers eight chapters: self-service container creation, label taxonomy, file-label inheritance, employee training, DLP-based verification, lifecycle attestation, company-shareable links, and oversharing detection through Microsoft Graph Data Connect.
MAY 1, 2026
Identity DataMicrosoft confirmed on May 1, 2026 that Conditional Access for agents is generally available for delegated access agents, those that act on behalf of a licensed human user. Conditional Access for own-access agents, those that operate with an independent identity not tied to a user session, remains in public preview. Microsoft Entra ID Protection applies dynamic risk evaluation to both agent and user identity signals and feeds those signals into Conditional Access policies. The GA and preview split means the two agent classes operate under materially different access control regimes at Agent 365 launch.