CISO
Enterprise Architect
Compliance Officer
Industry relevance
Financial Services
Healthcare
Government
MARCH 25, 2026
Entra Agent ID is now in public preview — without it, every agent action in your M365 environment is attributed to a human identity, not the agent that took it.
Microsoft Entra Agent ID extends Entra security capabilities to AI agents for build, discover, govern, and protect workflows. It applies conditional access policies, identity governance, identity protection risk signals, and network controls to agents. It is part of Agent 365 and currently requires a Microsoft 365 Copilot license with Frontier enabled.
GOVERNANCE IMPLICATION
The public preview of Microsoft Entra Agent ID establishes the technical baseline for agent identity governance in the Microsoft ecosystem. Before Entra Agent ID, agent actions in M365 environments were attributed to the licensed human user who invoked the agent — not to the agent itself. For regulated organizations, this creates an audit trail problem: the access log shows human identity, not agent identity, making it impossible to distinguish a human's data access from an agent's data access in post-incident review. Entra Agent ID closes that gap by providing cryptographic identity, conditional access enforcement, and lifecycle governance per agent.
SCENARIO
A broker-dealer's compliance team is reviewing access logs following an unauthorized data access incident. The logs show a series of SharePoint accesses attributed to a senior analyst's account. The analyst was in meetings during the access window. The compliance team eventually determines that a Copilot Studio agent authorized to act on the analyst's behalf made the accesses. Because the accesses are attributed to the human identity, the distinction is not visible in the log without a manual investigation. Had Entra Agent ID been deployed, the agent's identity would appear in the access record alongside the human sponsor.
THE GOVERNANCE QUESTION
Entra Agent ID is the mechanism for assigning verifiable, auditable identity to every AI agent in your enterprise. It is currently in public preview and requires Frontier access. If your agents are operating without it today, what is the current basis for claiming that any agent action in your environment is traceable to an authorized identity, auditable by compliance, and defensible to a regulator?
CONTROL GAP
Without Entra Agent ID, all agent-initiated access in M365 environments is attributed to the licensed human user account. Regulated organizations cannot distinguish human access from agent access in audit logs without implementing Entra Agent ID or maintaining separate agent activity tracking outside the native logging infrastructure.
REGULATORY RELEVANCE
OCC
FINRA
FFIEC
SEC Cyber
NIST Ai RMF
CONTINUE READING
MAY 1, 2026
Identity DataMicrosoft confirmed on May 1, 2026 that Conditional Access for agents is generally available for delegated access agents, those that act on behalf of a licensed human user. Conditional Access for own-access agents, those that operate with an independent identity not tied to a user session, remains in public preview. Microsoft Entra ID Protection applies dynamic risk evaluation to both agent and user identity signals and feeds those signals into Conditional Access policies. The GA and preview split means the two agent classes operate under materially different access control regimes at Agent 365 launch.
MARCH 29, 2026
Identity DataMicrosoft’s current guidance on extending Microsoft 365 Copilot with agents explicitly warns that tools and knowledge can pull from untrusted sources and influence behavior. The implication is clear: every custom agent added to Copilot is also a new prompt-injection and tool-governance surface.
MARCH 27, 2026
Identity DataMicrosoft Purview continues to be presented as a portfolio spanning data governance, security, and compliance, including controls such as information protection, DLP, investigations, and compliance tooling. In practice, that means Copilot readiness is inseparable from whether Purview-classification and policy work has actually been done.