Microsoft Entra Agent ID Reaches GA: What IT and Security Teams Need to Know

AI agents aren’t coming — they’re already here. And the security industry has been playing catch-up.

Microsoft’s answer arrived in earnest last month: Microsoft Entra Agent ID reached General Availability in April 2026, giving enterprise identity and security teams a purpose-built platform for managing AI agents as first-class identities. After spending time with the documentation, architectural patterns, and early deployment guidance, I can say this is one of the most consequential identity releases of the year.

Here’s what you need to know.

What Is Entra Agent ID, Exactly?

Entra Agent ID is an identity and authorization framework designed specifically for AI agents operating in enterprise environments. It extends Zero Trust principles — authentication, authorization, governance, lifecycle management, and security controls — to non-human identities using standard protocols (OAuth 2.0, MCP, A2A).

Think of it this way: your human users have Entra ID. Now your agents do too.

The GA release builds on a preview that began at Microsoft Build 2025 and has gone through significant expansion over the past year — starting with basic identity provisioning, then adding Conditional Access, lifecycle workflows, shadow AI detection, and third-party platform support.

Core Capabilities at GA

Agent Identity Constructs

Agent ID introduces three new identity concepts in Entra:

• Agent Identity Blueprint — a reusable identity template that standardizes how an agent identity should look and operate (owners, sponsors, access envelopes, audit, lifecycle controls)
• Agent Identity — the actual identity assigned to an agent instance
• Agent User Account — the backing user identity for on-behalf-of (OBO) scenarios where agents act for a specific user

Blueprints are the key differentiator here. Instead of every team spinning up ad-hoc service principals with inconsistent governance, blueprints let you enforce standardized patterns at scale.

Authentication Protocols

Agent ID supports two authentication patterns:

1. On-behalf-of (OBO) — the agent authenticates on behalf of a user, inheriting their context and permissions
2. Autonomous (non-OBO) — the agent acts independently with its own identity and permissions

Both patterns use standard OAuth 2.0 flows, extended with agent-specific logic. For non-Microsoft platforms, Microsoft provides:

• Auth SDK (sidecar pattern) — a sidecar container that handles token acquisition and refresh
• Federation pattern — for platforms like AWS Bedrock and GCP that support federated identity

Governance and Lifecycle Management

This is where Agent ID really shines compared to the “create a service principal and forget it” approach:

• Lifecycle Workflows for agent sponsors — automated notifications and reassignment when a sponsor changes roles or leaves the organization, preventing orphaned agents
• Access packages for agent identities — policy-based access via Entitlement Management for both OBO and autonomous scenarios
• Soft-delete with cascade cleanup — deleting an agent identity triggers cleanup of associated resources
• Sponsor templates — two new lifecycle workflow templates specifically for agent identity governance

Security and Protection

Agent ID brings the full weight of Entra’s security stack to agent identities:

Conditional Access for Agents — four new policy templates:

• Block access for high-risk agent identities
• Block access for high-risk agent’s user account
• Autonomous agent access policy
• On-behalf-of agent access policy

Entra ID Protection extends risk detection to agent identities. If an agent behaves anomalously (unusual access patterns, compromised credentials), it gets flagged the same way a compromised user would.

Shadow AI Detection — discover unsanctioned AI agents operating in your tenant. This is huge for security teams who know agents are running but don’t have a full inventory.

Agent Registry — a unified metadata repository in the Entra admin center where all agents are cataloged with their capabilities, endpoints, and authentication requirements, surfaced through Agent Card Manifests.

Supported Platforms

One of the smartest decisions Microsoft made was making Agent ID platform-agnostic:

The Graph API self-registration path is worth noting — any agent can get an Agent ID by creating an Agent Instance resource and an Agent Card. Cards can be shared across instances (1:N), so you can standardize identity metadata across a fleet of agents.

Microsoft Agent 365 Convergence

In a move that should simplify the admin experience, Microsoft is converging agent registry experiences under Microsoft Agent 365. This gives organizations a single pane for discovering and managing all agents, with Entra continuing to provide the identity foundation.

The Agent Manifest acts like a business card — identity, capabilities, endpoint, and authentication requirements — that allows agents to discover each other through the Agent Registry. Agent Collections let you create discovery boundaries (Global for org-wide discoverability, Custom for department or sensitivity boundaries).

Architectural Patterns

Microsoft published four architecture patterns at GA that are worth studying:

1. Sidecar pattern — for integrating non-Microsoft agents that can run a sidecar container for authentication
2. Federation pattern — for cloud platforms that support federated identity (AWS Bedrock, GCP)
3. Direct integration — for agents built on Microsoft’s AI platform
4. On-behalf-of delegation — for scenarios where agents act for specific users

The documentation at GA includes detailed guidance on designing for scale, including blueprint distribution strategies, credential rotation, and monitoring.

What This Means for Enterprise Teams

For Identity Teams: You now have a production-ready framework for agent identity management. Blueprints and lifecycles reduce the operational burden of managing hundreds or thousands of agent identities. Start by inventorying your existing agents (even the shadow ones), then standardize on blueprints for new deployments.

For Security Teams: Shadow AI is now visible. Conditional Access policies extend to agents. If you’ve been worried about agents with excessive permissions or no oversight, Agent ID gives you the tooling to fix that. The four CA templates are a good starting point — deploy the “block high-risk agent” policy first, then layer on specific controls.

For AI/Platform Teams: Agent ID doesn’t just support Microsoft agents — the sidecar and federation patterns mean you can integrate agents running on AWS, GCP, or custom infrastructure. If you’re building internal agent platforms, the Graph API registration path gives you a programmatic way to onboard new agents.

For Budget/Compliance Teams: Governance billing meters are now active for Entra ID Governance features (enforced since Q1 2026). Agent ID features that require P2 licensing or Governance add-ons will have cost implications. Plan accordingly.

Getting Started

1. Read the docs — Microsoft Entra Agent ID documentation
2. ENABLE the preview — If you haven’t already, enable Agent ID in your Entra admin center to start exploring
3. Inventory existing agents — Use the Agent Registry to discover what’s already running
4. Design your blueprint strategy — Start with one or two blueprints for common agent types
5. Deploy Conditional Access baselines — Start with the “block high-risk agent identities” template
6. Plan for governance costs — Review P2 licensing and Governance add-on requirements

The Bottom Line

Entra Agent ID GA is a milestone. Microsoft has taken the same Zero Trust discipline that protects human identities and applied it — thoughtfully, with new constructs and patterns — to AI agents. The shadow AI era is over for organizations that adopt this. Your agents will have identities, your security team will have visibility, and your governance policies will apply consistently to every identity in your tenant — human or otherwise.

— Kevin Kaminski

Follow me on X @kkaminsk for more Microsoft identity, security, and AI coverage.