Build. Secure. Launch Your Private MCP Registry with Azure API Center.
July 31, 2025[Launched] Generally Available: Azure Database for PostgreSQL Entra authentication for Power BI Desktop
July 31, 2025
At Identiverse 2025, identity professionals from around the world gathered for a roundtable session hosted by Microsoft Security to explore a pressing question: What does comprehensive identity and access management (IAM) look like in a world of AI agents?
The roundtable discussions brought together 149 attendees—thought leaders, software companies, security leaders and practitioners spanning industries such as finance, healthcare, government, and tech. The goal was not to pitch solutions, but to surface the challenges, share perspectives, and begin shaping a shared understanding of what’s needed to secure and govern AI agents.
Why this conversation matters
AI agents are already embedded in workflows—summarizing meetings, automating helpdesk tasks, and even coordinating with other agents. But as they become more autonomous and capable, they raise urgent questions for identity practitioners:
- How do we authenticate and authorize agents?
- How do we govern their lifecycle?
- How do we distinguish them from humans?
- How do we prevent them from becoming shadow identities?
We’re working on these questions at Microsoft, and collaborating with customers, the industry, and our partners to architect new solutions for securing and managing AI agents. This roundtable was a first-of-its-kind forum to tackle these questions head-on.
Interested in learning sessions, focus group discussions, & giving feedback on Agents + Identity? Sign-up for Microsoft Entra Agents cohorts.
What the community said
Each table focused on a different dimension of agent IAM. Here’s what emerged.
1. Identity of AI agents
Participants debated what it means for an agent to “have an identity.” Certainly it’s in the category of non-human identity (NHI). But is it a service principal? A workload identity? Something new?
There was consensus that agents need persistent, first-class identities—but no agreement yet on the best model. Some organizations are experimenting with treating agents like users, complete with licenses and delegated permissions. Others are exploring hybrid models that combine user context with agent-specific attributes. Adding to the complexity of this new landscape, an agent could operate as a user or as an application. A robust identity platform is needed to support both modalities.
“We’re seeing agents expose the lack of control that already exists. They’re not creating new problems—they’re surfacing old ones.” –Roundtable Participant
2. Authentication and authorization
This was one of the most technically complex areas. Participants asked:
- How do we securely authenticate agents?
- How do we assign roles and permissions?
- How do we log and audit agent behavior?
There was strong interest in agent-specific access controls, including scoped permissions, delegated authority, and behavioral monitoring. However many noted that existing IAM systems aren’t yet equipped to handle these needs. In the future, multi-modal agents will discover each other and operate autonomously using the existing identity standards must evolve to meet the requirements for an agentic workforce.
“We need to rethink how MFA works when an agent acts on behalf of a user.” –Roundtable Participant
3. Security implications and controls
Participants expressed concern about agents amplifying existing vulnerabilities—especially over-permissioned data and weak access controls.
Some noted that agents are making it easier to find sensitive information that was already exposed. Others emphasized the need for containment strategies, such as dynamic permissioning, secure defaults, and anomaly detection. More importantly, organizations will want full visibility into actions performed by agents, including communications between agents, for fine-tuning access controls as well as detection of abnormal or risky activities.
“Agents are showing us where our access controls were already broken.” –Roundtable Participant
4. Governance and guardrails
Governance emerged as both a top priority and a major gap. Participants discussed:
- Who owns an agent?
- How is its lifecycle managed?
- What happens when it’s no longer needed?
Some organizations are building internal policies for agent registration, review, and decommissioning. Others are waiting for clearer industry standards. But the desired outcome was clear; identity professionals want to ensure they can manage the full lifecycle of agents, including discovery, granting and revoking permissions, and decommissioning.
“We need to manage agents like we manage humans—onboarding, offboarding, and everything in between.” –Roundtable Participant
5. Agent experiences
This topic surfaced some of the most novel questions:
- How do admins discover agents?
- How do agents discover each other?
- How do users know they’re interacting with an agent?
Participants called for transparency mechanisms, such as agent directories, visual indicators, and audit and interaction logs. There was also discussion about agent-to-agent (A2A) delegation and how to prevent impersonation.
“We don’t just need to govern agents—we need to design for how they’re experienced.” –Roundtable Participant
Open questions
The roundtable didn’t aim to solve everything—but it did surface the right questions. Among them:
- What’s the right identity model for agents?
- How do we distinguish between user-driven and autonomous agent actions?
- How do we build trust frameworks for agent-to-agent interaction?
- What standards are needed for agent discovery, registration, and auditing?
We’re continuing to strategize on these questions with our AI and identity engineers, customers, partners, and industry-wide collaboration groups.
What’s next
Today, Microsoft Entra provides you with a unified directory of all agent identities created in Microsoft Copilot Studio and Azure AI Foundry. Over the next six months, we’ll release more access management, security, and identity governance capabilities via Microsoft Entra Agent ID, plus support for agents from Microsoft Teams, Azure AI Foundry and, Microsoft 365 Copilot.
The identity community is still in the early stages of defining what IAM for agents should look like. But one thing is clear: we need shared language, shared frameworks, and shared responsibility.
If you’re working on these challenges—or want to be—join the conversation. We now offer Microsoft Entra Agents cohorts for customers to learn and discuss Security for Agents, as well as Agents for Microsoft Entra. And we’ll keep you informed here in the Microsoft Entra blog on Tech Community.
Shobhit Sahay
Want to dive deeper?
- Sign up for Microsoft Entra Agents cohorts.
- Explore the Microsoft Entra Agent ID announcement.
- Read Alex Simons’ blog on why OAuth must evolve.
- Join the conversation in the Microsoft Entra Discussion Space.
Learn more about Microsoft Entra
Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.