Introduction
Contoso Financial Services expanded its use of AI agents—automating compliance checks, surfacing regulatory guidance, and handling routine client queries. Each agent runs as an identity in Microsoft Entra Agent ID. When the security team audits the agent landscape, they find agents created months ago that are still active with no access conditions enforced. Traditional access controls weren't designed for agent identities, and the team needs a systematic approach to secure them.
Microsoft Entra Agent ID gives agent identities a home in Microsoft Entra—but identity alone isn't security. The controls that matter are the ones that govern what agents can do, when they can authenticate, and what happens when an agent identity is no longer needed.
This module builds on the foundational knowledge of Microsoft Entra Agent ID and focuses on applying Conditional Access policies to agent identities. You map how agents authenticate, configure policies that enforce access conditions, and manage the agent identity lifecycle to reduce risk from compromised or over-privileged agents.
Note
This module assumes you reviewed Introduction to Microsoft Entra Agent ID, which covers what agent identities are. It explores how they differ from other identity types, and how to navigate the Microsoft Entra admin center to view and manage them.
Learning objectives
In this module, you learn how to:
- Map how AI agents authenticate and identify where Conditional Access applies
- Configure Conditional Access policies scoped to agent identities
- Control agent access
- Manage agent identity lifecycle events
Prerequisites
Before you begin, you should have:
- Completed Introduction to Microsoft Entra Agent ID
- Understanding of Microsoft Entra Conditional Access policy structure
- Familiarity with Microsoft Entra ID authentication concepts