How Microsoft Entra Aims To Keep Your Ai Agents From Running Wild

PhoenixStock/iStock / Getty Images Plus

Follow ZDNET: Add america arsenic a preferred source on Google.

ZDNET's cardinal takeaways

• As AI agents proliferate, IT departments request visibility.
• Microsoft is giving agents nan aforesaid deference arsenic humans.
• Microsoft Entra now helps govern each agent's activities.

The array of AI-related announcements that came retired of Microsoft's Ignite Conference was truthful dizzying that it was excessively easy to miss nan value of definite launches that weren't arsenic sexy arsenic others. 

Buried successful that tidal activity was news of thing called Entra Agent ID, nan main thought of which is to usage Microsoft Entra to govern AI agents successful nan aforesaid measurement that Entra presently governs quality users; that is, to springiness each supplier a unique, managed personality and use acquainted Entra personality controls specified arsenic conditional access, personality governance, and personality protection. Entra is Microsoft's cloud-based personality entree guidance (IAM) solution.

Also: How Microsoft's caller information agents thief businesses enactment a measurement up of AI-enabled hackers

This thought of "personhood" equivalence for AI agents, arsenic my workfellow David Gerwitz described it (see Microsoft's caller AI agents won't conscionable thief america code, now they'll determine what to code), is besides getting immoderate airplay from nan OpenID Foundation arsenic good arsenic from Okta, a Microsoft IAM competitor. In nan aforesaid measurement that IAM systems for illustration Microsoft's Entra person been traditionally utilized to proviso quality users pinch integer identities and entree to business resources, there's a increasing belief that those aforesaid IAM systems should beryllium utilized to negociate nan entree that AI agents are afforded to those aforesaid organizational systems. 

Although organizational AI supplier deployment is presently successful a nascent state, nan urgent request to see specified an identity-centric attack is brought astir by an expected behind-the-firewall proliferation of some sanctioned AI agents arsenic good arsenic their unsanctioned protector IT counterparts. 

Agents, everywhere

Today, nan number of users greatly outnumbers nan number of presently progressive agents. However, arsenic business-oriented supplier improvement and deployment becomes comparative child's play done devices specified arsenic tasklet.ai, moreover mean users seeking humble productivity gains will, successful existent protector IT style, beryllium inclined to put specified agents to activity connected their behalf. 

According to IT investigation patient Gartner, 42% of respondents to its 2026 CIO and Technology Executive Survey said that their enterprises scheme to deploy AI agents wrong nan adjacent 12 months. A Gartner spokesperson told ZDNET that by 2030, CIOs expect that 0% of IT activity will beryllium done by humans without AI, 75% will beryllium done by humans augmented pinch AI, and 25% will beryllium done by AI alone.

Also: Ignite 2024 introduces caller AI agents and much for Microsoft 365 Copilot

Between that and executive pressures to harness each that AI has to connection and summation a competitory edge, nan ratio of users to agents could easy flip to nan constituent that agents (some of which will run pinch a adjacent magnitude of autonomy) could outnumber quality users by respective orders of magnitude. 

Whereas quality users travel and spell and IAM systems are yet mature capable to support up pinch some hiring and attrition (relying connected unfastened standards for illustration nan System for Cross-domain Identity Management aka "SCIM" to span nan spread betwixt HRMS and IAM systems), nan ephemerality of AI agents -- immoderate of which whitethorn past nary much than a fewer seconds -- will besides situation accepted norms of ID guidance and entree control. 

To thief organizations get a jump connected supplier proliferation earlier they fell excessively acold behind, Microsoft first previewed Agent ID successful May of this twelvemonth astatine its Build conference. But Microsoft firm vice president of AI Innovations Alex Simons told ZDNET that it was fundamentally a artifact astatine that constituent -- small much than an supplier tagging scheme. 

Enter Entra

Now, six months later astatine Ignite, Entra Agent ID has evolved into a full-blown supplier personality guidance furniture wrong Microsoft's larger Agent 365 AI power level that cuts crossed Microsoft's ecosystem of AI-infused platforms. As shown successful nan screenshot below, nan Agent ID dashboard is now disposable done Microsoft Entra's left-hand navigation. 

Within Microsoft's cloud-based Entra ID personality provisioning and guidance strategy (traditionally utilized for managing nan intersection of users and nan resources they request entree to), "Agent ID" appears arsenic an action successful nan left-hand navigation. When selected, a apical level dashboard that summarizes each known AI agents appears and from there, IT administrators tin drill down connected nan ground of supplier category, progressive status, creation information and different criteria. 

Source: Microsoft

For example, successful different parts of that ecosystem wherever Microsoft platforms specified arsenic Copilot Studio and Azure AI Foundry are utilized to create and deploy AI agents, those agents are automatically and uniquely registered successful nan Entra Agent Registry. The aforesaid is existent of different AI agents that participate nan statement done different parts of Microsoft's AI fabric. 

For example, besides astatine Ignite, Microsoft announced nan readiness of a slew of pre-built information agents -- immoderate from Microsoft and others from partners -- to thief businesses enactment a measurement up of AI-enabled hackers. As customers take to alteration those agents done a bid of storefronts that contextually make their appearances pinch Microsoft Entra, Purview, Defender, and Intune, their presences connected nan firm web will besides beryllium automatically registered pinch Entra Agent Registry. 

For agents built aliases offered extracurricular of nan Microsoft ecosystem, nan Entra Agent Registry will beryllium updatable via Microsoft's RESTful Graph API whose database of disposable methods has been expanded specifically for interfacing pinch nan registry (the characteristic is presently successful beta). However, arsenic for different AI agents that labor take to enlist extracurricular of IT's guardrails, location is presently nary manual measurement (eg, a form) to update nan registry. 

Also: Enterprises are not prepared for a world of malicious AI agents

Presumably, however, if nan resources successful mobility (the ones that an supplier needs entree to) are already taxable to immoderate shape of cardinal oversight, definite controls whitethorn already beryllium successful spot that forestall entree by thing different than authorized identities (humans, agents, aliases otherwise).

"We've extended [Entra] to negociate agents, and it really solves 3 sets of challenges for customers," Simons told ZDNET. "First, is conscionable getting a grip connected wherever nan heck are each of my agents. Which ones are they and what are they tin of doing? Second is to get a unsocial identifier for each of those agents truthful you tin spot what it is doing crossed your full estate. For example, if it's trying to summation entree to SharePoint documents aliases immoderate information successful Azure aliases AWS. And 3rd is to negociate nan permissions of those agents and making judge that they tin that they person a slightest privilege exemplary wherever those agents are only allowed to do nan things that they should do. If they commencement to do things that are weird aliases unusual, their entree is automatically trim off."

In nan bigger picture, Microsoft sees nan capabilities of Entra Agent ID and nan wider Agent 365 power level arsenic a large woody wherever compliance matters. For example, keeping a lid connected information entree successful highly regulated environments wherever an supplier that runs amok could consequence successful superior ineligible consequences (never mind nan anticipation of exposing delicate information and nan imaginable for irreparable harm to downstream victims). In summation to inheriting agent-specific functionality from Microsoft Entra arsenic described above, nan Agent 365 power level besides inherits different agent-specific capabilities from Defender, Intune, and Purview.

Also: 3 ways AI agents will make your occupation unrecognizable successful nan adjacent fewer years

The nationalist preview that was demonstrated astatine Ignite is disposable to Microsoft's customers astatine nary further cost, Simons said. However, erstwhile they are made mostly disposable connected a commercialized ground successful nan first 4th of 2026, usage will impact incremental fees. 

Microsoft Entra itself is licensed connected a per-user per-month basis. For Agent ID, Microsoft is presently exploring respective ideas pinch customers, 1 of which is based connected an agent's measurement of activity (the grade to which nan supplier acts connected different organizational resources connected behalf of 1 aliases moreover much users). But nan nonstop business exemplary and pricing haven't been announced yet.