MYBrainDump

, , ,

Microsoft Agent 365 — The Unified Control Plane to Observe, Govern & Secure Every AI Agent at Enterprise Scale

🎧 Listen to this article

🤖 AI-generated podcast summary · Voices: OpenAI TTS · Music: „Future Bits“ by Transistor.fm (CC BY-SA 4.0)

Just as Entra manages human identities, Agent 365 gives every AI agent a first-class identity, lifecycle controls, access policies, and full observability — regardless of where the agent was built. It plugs into the same M365 Admin Center, Entra, Defender, and Purview that your IT and security teams already use.

📑 Table of Contents
  1. What Is Microsoft Agent 365?
  2. Who Benefits — and How
  3. 4 Capability Pillars
  4. Admin Experience
  5. Technical Setup — Agent Onboarding
  6. 6 Real-World Scenarios
  7. Governance Coverage by Agent Source
  8. Licensing & Getting Started
  9. Sources

What Is Microsoft Agent 365?

The Problem

Agents come from Copilot Studio, Agent Builder, Microsoft Foundry, third-party vendors, and ISVs. Each platform has its own governance story. Without a cross-platform view, IT can’t answer basic questions: How many agents exist? What data do they access? Who owns them? What happens when a creator leaves?

The Solution

Agent 365 is one control plane on top of your existing security stack — connecting M365 Admin, Entra, Defender, and Purview with agent-specific capabilities: unified registry, visual map, first-class agent identities, Conditional Access, threat detection, and governed MCP tool servers — across all four pillars below.

💡 A helpful mental model (inspired by John Savill’s excellent visual overview): Think of agent requirements as a hierarchy — similar to Maslow’s pyramid for humans. At the base, every agent needs an Identity. With identity comes Security (guardrails, least privilege). Then Fit for Purpose (is it productive, not hallucinating?). Then Productivity (M365 integration, Work IQ). And at the top: Enterprise Integration (discoverable by humans and other agents). Agent 365 addresses every level.

Who Benefits — and How

Agent 365 serves four distinct roles. Each gets answers to questions they can’t answer today.

🛡️ IT Admin / Global Admin

„How many agents does our org have? Who owns them? What data can they access?“

  • Agent Registry — unified inventory across all platforms
  • Agent Map — visual topology of all registered agents
  • Detect ownerless agents; reassign on offboarding
  • Allow/block Work IQ MCP servers tenant-wide
  • Approve or block agents before deployment

🔍 CISO / Security Analyst

„Are any agents being misused? Which ones are high-risk? Can I stop a compromised agent in real time?“

  • Defender XDR — risk indicators and severity alerts per agent
  • Threat detections: prompt injection, exfiltration, anomalies
  • Conditional Access policies targeting agent identities
  • Azure AI Content Safety Prompt Shield for runtime defense
  • Advanced Hunting via agent-specific action types in CloudAppEvents

📋 Compliance Officer / DPO

„Can I prove we’re compliant? What would I show in an audit? What data are agents touching?“

  • Purview Audit — logs all agent↔human, agent↔tool, agent↔agent interactions
  • DSPM for AI — data risk signals per agent
  • Insider Risk Management for agents (preview)
  • eDiscovery & retention on agent interaction data
  • Sensitivity label enforcement on accessed content

💻 Developer / Architect

„How do I make my agent enterprise-ready without rewriting everything or asking IT for raw Graph permissions?“

  • Agent 365 SDK — onboard any agent into the registry
  • Entra Agent ID — first-class identity with 2 auth flows
  • Work IQ MCP servers — governed access to M365 + D365 data
  • No custom Graph API wiring — governed tooling out of the box
  • Foundry agents auto-provision Entra Agent IDs

4 Capability Pillars

Agent 365 extends M365 Admin, Entra, Defender, and Purview with agent-specific capabilities — organized into four pillars.

Pillar 1: Observability → M365 Admin Center

  • Agent Registry — unified inventory across all platforms: publisher, owner, data access, security posture, status
  • Agent Map — interactive visual topology of all registered agents; clusters: Copilot Studio lite/full, Microsoft Corporation, M365 Agents Toolkit, Others
  • Shadow agent detection — surfaces unregistered third-party agents that exist only as app registrations
  • Ownerless agents — detect agents with no active owner; flag for reassignment
  • Approve / block / deploy agents to specific users or groups

Pillar 2: Governed Access → Entra + M365 Admin Center

  • Microsoft Entra Agent ID — 4 Entra object types (agent blueprint, blueprint principal, agent identity, agent user); two authentication flows: agent identity (autonomous/app-only) and on-behalf-of (OBO)
  • Why a new identity type? — A regular user account won’t work (agents can’t do MFA or passkeys). A service principal is too limited (no hierarchy, no sponsorship, too long-lived for ephemeral agents). The Entra Agent ID solves both: it provides a first-class, hierarchical identity with built-in lifecycle governance.
  • Sponsorship model — every agent has a human sponsor accountable for its lifecycle; auto-transfers to manager on offboarding
  • Access Packages — scoped Graph API permissions, group memberships, and Entra roles with built-in expiry
  • Conditional Access — risk-based policies targeting agent identities (same Zero Trust framework as users)
  • Work IQ MCP servers (preview) — governed, auditable access to Mail, Calendar, Teams, SharePoint, OneDrive, Word, User, Copilot, Dataverse/D365; admin allows or blocks each server centrally

Pillar 3: Data Protection → Microsoft Purview

  • DSPM for AI — data risk signals, agent activity insights, oversharing recommendations
  • Audit — all four interaction types logged: agent↔human, human↔agent, agent↔tools, agent↔agent
  • Insider Risk Management (preview) — extends insider risk protection to agents; detects risky agent interactions with sensitive data
  • Sensitivity Labels — enforced on content agents access; agent-generated content does not automatically inherit labels from source items
  • eDiscovery & Retention — search, hold, and export agent interaction data
  • Data Lifecycle Management — retention and deletion policies for prompts and agent-generated data
  • DLP — policies govern the locations agents operate in (Exchange, SharePoint, Teams)
  • Communication Compliance — detect and enable human oversight of risky AI communications

Pillar 4: Threat Defense → Microsoft Defender XDR

  • Risk indicators — per-agent severity alerts, governance gap signals
  • Advanced Hunting (KQL) — agent-specific action types in CloudAppEvents table (InvokeAgent, InferenceCall, ExecuteToolBySDK, and more)
  • Out-of-the-box threat detections — prompt injection, data exfiltration, anomalous behavior (integrated with Purview Insider Risk)
  • Azure AI Content Safety Prompt Shield — jailbreak and indirect prompt injection defense, surfaced in Defender
  • Agent activity telemetry — Agent 365 SDK traces viewable in Defender for incident investigation
  • Agent-specific attack chain — incident view links agent identity, tools called, and data accessed

Work IQ MCP servers — The governed alternative to raw Microsoft Graph access. IT admins allow or block each server (Mail, Calendar, Teams, SharePoint, OneDrive, Word, Dataverse, and more) centrally in M365 Admin Center. When a server is blocked, it is blocked for every agent and every user — no exceptions. Every tool call is logged and auditable. Currently in preview; continues in preview after Agent 365 GA on May 1, 2026.

Admin Experience

Agent 365 doesn’t replace your existing admin centers — it extends each of them with agent-specific capabilities. Here’s how the responsibilities are distributed:

M365 Admin Center — IT Admin / Global Admin

  • Agent Registry — see every agent, across all platforms
  • Agent Map — visual topology, filter by platform/publisher
  • Approve/block agents, deploy to users/groups
  • Activate templates, assign licenses
  • MCP Tooling — allow/block Work IQ servers centrally
  • Ownerless agents — detect and reassign

Entra Admin Center — Identity Admin / Security Admin

  • Agent Identities — view/manage all Entra Agent IDs (4 object types: blueprint, blueprint principal, agent identity, agent user)
  • Sponsors & owners — assign, transfer, review; auto-transfer to manager on offboarding
  • Conditional Access — create policies targeting agent IDs
  • ID Protection — risky agent sign-ins, anomalous behavior
  • Access Packages — scoped Graph permissions, groups, Entra roles with expiry
  • Two auth flows — agent identity (autonomous/app-only) and on-behalf-of (OBO)

Defender XDR — Security Analyst / SOC

  • Agent overview — posture, risk, active incidents
  • Advanced Hunting (KQL) — agent-specific action types in CloudAppEvents for config, ownership, risk
  • Threat detections — prompt injection, exfiltration, anomalies (via Purview Insider Risk integration)
  • AI Prompt Shield — Azure AI Content Safety jailbreak/injection defense, surfaced in Defender
  • Agent activity logging — traces from Agent 365 SDK telemetry, viewable in Defender
  • Incident investigation — agent-specific attack chain

Purview — Compliance Admin / DPO

  • DSPM for AI — agent instances, data risks, recommendations
  • Audit — all interactions: agent↔human, agent↔tools, agent↔agent
  • DLP policies — protect locations where agents operate (Exchange, SharePoint, Teams)
  • Sensitivity Labels — enforce on agent content access
  • Insider Risk Management — extends insider risk protection to agents
  • eDiscovery & Retention — search/hold/export agent data

Key insight: Agent 365 automatically enables audit, data classification, and AI compliance assessments for every agent instance — zero configuration. For Insider Risk and CA, you target agent identities the same way you target users. DLP policies govern the locations agents interact with (Exchange, SharePoint, Teams).

Technical Setup — Agent Onboarding

Onboarding effort depends entirely on where an agent was built. Copilot Studio, Agent Builder, and Foundry agents published to Copilot Chat auto-register. Pro-code backend agents and external-org agents require deliberate steps from IT.

Prerequisite (today — Frontier preview): Sign in to Microsoft 365 admin centerCopilotSettingsUser accessCopilot Frontier → enable for users or groups. Requires at least one M365 Copilot license in the tenant. After enabling, an Agents entry appears in the M365 Admin Center left nav — this is your control plane. Source: Agent 365 Overview — Prerequisites

Copilot Studio — Maker submits, Admin approves

  1. Maker: Copilot Studio → Channels → select Microsoft 365 Copilot & Microsoft Teams → confirm „Make agent available in Microsoft 365 Copilot“ → Save (submits for admin review)
  2. Admin: M365 Admin Center → AgentsAll AgentsRequests → select agent → activate, choose governance template (default or custom), review permissions, grant admin consent
  3. Agent goes live in M365 Copilot Agent Store under Built by your org; users install from store, then access in Copilot Chat

Registry category: Published by your org. Agent 365 enrollment is automatic — Copilot Studio is natively integrated with Agent Registry. Agent receives a Microsoft Entra Agent ID and appears in Agent Map without extra steps. Source

Agent Builder — Auto-visible, no maker submission

  1. End user opens Copilot Chat at microsoft365.com/chat → creates agent in Agent Builder — no IT involvement, no submission required
  2. Agent auto-appears in Agent Registry under Shared by creator — immediately visible to admins in M365 Admin Center → Agents
  3. Admin (recommended): deploy to specific groups, apply governance template, assign a sponsor, or block the agent from the Registry

Registry category: Shared by creator. ⚠ Agent Builder agents shared via link are accessible in Copilot Chat only — three sharing options: specific users (up to 98 named users/groups), anyone in your organization, or only you. No formal approval flow, but admins can restrict sharing at org level (all users / specific groups / no users). To deploy in Teams or Outlook, the agent must be published via Copilot Studio (requires admin approval) or sideloaded via ZIP package. This is the primary source of shadow-agent sprawl. Source

Azure AI Foundry — Published to Copilot Chat / Teams

  1. Developer: build custom engine agent in Foundry, publish to the Microsoft 365 Copilot channel — generates a Teams / M365 app package
  2. Admin: M365 Admin Center → AgentsRequests → approve, assign users or groups, apply governance template, grant consent
  3. Agent available in Copilot Chat agent list and Teams app store under Built for your org

Registry category: Published by your org. Azure AI Foundry is natively integrated with Agent Registry — publishing to an M365 channel auto-registers the agent instance and agent card. No extra CLI steps. Source

Foundry / Pro-Code — Backend service, Agent 365 CLI required

  1. Prerequisites: Azure Contributor access · Global Admin (for consent grants) · .NET 8+ · Azure CLI
  2. Install CLI: dotnet tool install --global Microsoft.Agents.A365.DevTools.Cli --prerelease
  3. Configure: create a365.config.json (tenant, subscription, messaging endpoint) — via AI-guided setup or manually
  4. Provision: a365 setup all → creates agent blueprint, Microsoft Entra Agent ID, MCP permission grants
  5. Deploy: a365 deploy → builds and pushes code to Azure
  6. Publish: a365 publish → uploads manifest; admin activates in M365 Admin Center → Agents → Requests

Registry category: Agents registered by your org. Shortcut: use GitHub Copilot in agent mode with a365-setup-instructions.md to automate steps 1–6. AI-guided setup docs

External / Third-Party / Other Organization

Path A — Agent is in the Microsoft Store (AppSource / Teams Store):

  1. User finds agent in M365 Copilot Agent Store or Teams App Store and requests it
  2. Admin: M365 Admin Center → AgentsRequests → activate, apply governance template (default or custom), review and grant admin consent
  3. Agent deployed to assigned users; appears in Copilot Chat agent list

Registry category: External partner-built agents

Path B — Agent is not in any store (custom ISV, partner org, self-built external):

  1. Prerequisites: Entra Agent Registry Administrator role · access token with AgentInstance.ReadWrite.All scope
  2. Register agent instance via Graph API: POST /beta/agentRegistry/agentInstances (endpoint URL, owner, originating platform)
  3. Register agent card manifest: POST /beta/agentRegistry/agentInstances/{id}/agentCardManifest (name, skills, capabilities)
  4. Admin assigns sponsor, applies CA + governance policies in Entra Admin Center / M365 Admin Center

Registry category: Agents registered by your org. Shadow agents (Entra app registrations that were never formally registered) are surfaced automatically in the Registry — but remain ungoverned until an admin claims and sponsors them. Source: Self-serve registration

6 Real-World Scenarios

Each starts with a real pain point — what triggered the agent, what goes wrong today, and exactly what Agent 365 changes.

IT Helpdesk Agent — Copilot Studio
Relevant for: IT Admin, CISO
Pain point: IT support handles 250+ routine tickets per week — password resets, device compliance checks, policy lookups. Each takes a trained technician 15–20 minutes even though the answer always follows the same script. Productive time lost: ~80 person-hours per week.
Lisa builds a Copilot Studio helpdesk agent — password resets, compliance checks, policy lookups in under 2 min via Copilot Chat
Lisa changes teams six months later; agent keeps running with her original Intune + SharePoint permissions, no review triggered
A contractor crafts a prompt that leaks device compliance details of other users — no injection detection, no audit trail
❌ WITHOUT AGENT 365
Copilot Studio agents have Entra app registrations — CA for workload identities is possible (requires Entra Workload ID Premium), but without Agent 365 there’s no first-class Agent ID, no sponsorship model, and no lifecycle governance
Power Platform DLP governs connector-level policies; Purview Insider Risk „Risky AI usage“ policy template (preview) detects suspicious agent behavior — but without Agent 365’s unified telemetry, cross-platform visibility is limited
Lisa leaves → no automatic sponsor transfer, agent keeps running
✅ WITH AGENT 365
Entra Agent ID + CA policy: block agent when risk level is medium or high — ID Protection detects anomalous sign-ins, unfamiliar resource access, and failed access attempts automatically
Defender — Azure AI Content Safety Prompt Shield detects injection attempts
Lisa leaves → sponsorship auto-transfers to her manager; agent flagged for review
Multi-Agent Customer Service Chain — Copilot Studio + Foundry
Relevant for: Customer Service, CISO, IT Admin
Pain point: The customer service team handles 4,000 inquiries per month at an average of 12 minutes each. 60% involve a product question, a refund check, and a CRM update — three steps an agent chain could execute in seconds if the right data were instantly available.
IT builds a multi-agent chain for Anna: Copilot Studio orchestrator delegates to three Foundry sub-agents — product queries, refund approvals (D365), CRM logging; handling time drops 60%
A misconfigured prompt update causes the Refunds Agent to approve every request automatically
Marcus pulls the audit log — all he sees is „D365 updated by service account“; no orchestrator context, no agent chain, no way to scope the damage
❌ WITHOUT AGENT 365
Sub-agents are independent app registrations — no chain topology visible
Purview shows D365 writes, but no agent-to-agent chain context
No anomaly detection on approval rate or sub-agent behavior
✅ WITH AGENT 365
Agent Map — visualizes orchestrator + sub-agent topology end-to-end
Purview audits all agent↔agent interactions: full chain-of-custody
Defender detects anomalous approval spike; Insider Risk Management flags risky agent behavior
CA policy on orchestrator identity: block when risk is elevated; sub-agents that depend on orchestrator tokens are also stopped
AI Ticket Resolver — ServiceNow Add-On (Third-Party ISV)
Relevant for: IT Operations, CISO, IT Admin
Pain point: Kai’s team closes 1,200 Level-1 tickets per month. 960 of them (80%) are password resets and access requests that follow a fixed resolution script — no expert judgment required, yet each still takes a technician 15 minutes to process.
Kai activates an AI Ticket Resolver add-on from their ServiceNow contract — reads Teams chat, Entra user data, SharePoint docs; ticket volume drops 40%
ServiceNow discloses a security breach; Stefan asks „What M365 data did that agent have access to?“
IT finds one Entra app registration with Chat.Read, User.Read.All, Sites.Read.All — consented months ago, owner unknown
❌ WITHOUT AGENT 365
Only visible as an app registration — no agent context (purpose, owner, data scope)
No per-server scoping: it’s all-or-nothing on Graph permissions
Breach at ServiceNow = attacker inherits all three Graph permission scopes
✅ WITH AGENT 365
Registry — surfaces under „External partner-built agents“ with full metadata and ownership
Work IQ MCP: allow Teams + Mail servers, block SharePoint server — per MCP server
Defender — risk severity indicators + exfiltration pattern detection; CA can block on breach signal
Invoice Processing Agent — Foundry (Autonomous Backend)
Relevant for: Finance, IT Admin, Compliance
Pain point: Finance processes 800 supplier invoices per month. Manual 3-way matching takes 3 days end-to-end and produces ~120 exceptions per month requiring follow-up — a predictable, rules-based workflow with heavy compliance obligations and no tolerance for audit gaps.
A nightly Foundry agent reads supplier invoices, validates amounts in D365, writes exception reports to SharePoint — finance team saves hours weekly
Elena hits an ISO audit question: „Provide an audit trail for every AI system processing financial data“
M365 Admin Center: nothing. Purview: nothing. Agent runs as a scheduled Azure App Service, never registered in M365 — Elena’s answer to the auditor: unknown
❌ WITHOUT AGENT 365
Not published to Copilot Chat → not in Agent Registry → no M365 governance
App registration only — broad Graph permissions, no agent context (purpose, owner, data scope)
PII in Outlook invoices: no Purview audit, no sensitivity label enforcement
✅ WITH AGENT 365
Onboard via Agent 365 CLI (a365 setup all → a365 deploy → a365 publish) or register via Graph API (POST /beta/agentRegistry/agentInstances) → listed under „Agents registered by your org“
Work IQ MCP servers replace raw Graph calls — every action logged and auditable
Purview audit covers Outlook + SharePoint interactions; sensitivity labels enforced
Marketing Content Agent — Agent Builder (No-Code Sprawl)
Relevant for: IT Admin, Compliance
Pain point: Sales asks Marketing the same questions every week: current pricing, margin floors, competitive positioning. The SharePoint wiki is updated monthly — by the time a rep finds the right document, the numbers may already be stale. Every mispriced deal is a direct margin hit.
Sarah builds a no-code pricing assistant in Agent Builder, adds 15 SharePoint files including next year’s roadmap and margin floors, shares the link with her 50-person team — no IT approval needed
Sarah changes roles three months later; agent keeps running with her SharePoint access
An intern asks „What are our profit margins per product?“ and gets a detailed answer from confidential data
❌ WITHOUT AGENT 365
Visible in M365 Admin Center (Integrated Apps), but no centralized agent inventory at scale
No lifecycle governance — Sarah leaves, agent keeps serving sensitive data indefinitely
SharePoint knowledge sources: sensitivity labels without encryption configured do not block agent access — visual-only labels provide no protection here
✅ WITH AGENT 365
Agent Map — visualize all lightweight agents across the org at scale
Ownerless detection: Sarah leaves → agent flagged; sponsorship transferred to her manager
Purview Insider Risk Management detects agents surfacing confidential content
AI Deal Coach — Subscribed SaaS Agent (n8n backend)
Relevant for: IT Admin, CISO, Compliance
Pain point: Win rate sits at 34%. Internal analysis shows deals with 3+ structured follow-up touchpoints close at 2× the rate — but coaching is inconsistent. Top performers know exactly when and how to follow up; everyone else improvises. The gap costs millions in pipeline every quarter.
Florian signs up for „DealSense AI“ in 3 minutes — grants Mail.Read + Calendars.Read + D365 access via personal OAuth; win rates improve, eight colleagues follow
Each user signs up individually: 9 OAuth grants, no admin consent, no IT visibility; n8n polls every inbox every 15 min from vendor cloud
DealSense is acquired by a competitor six months later — IT finds out only when a sales rep mentions it in an unrelated support ticket
❌ WITHOUT AGENT 365
9 personal OAuth grants — invisible as agents, no central inventory anywhere
No sponsored identity, no risk indicators, no registry entry for any of them
Data leaves the tenant to vendor cloud — no DLP coverage, no audit trail
✅ WITH AGENT 365
Registry surfaces the 9 ungoverned registrations — IT sees them as unsponsored agents immediately
Admins revoke consent for all 9 grants centrally; restrict user consent settings so new unauthorized apps require admin approval
When DealSense changes ownership, IT revokes all related consents centrally — no user action required

Governance Coverage by Agent Source

If all your agents are in Copilot Studio and you never plan to use Foundry, third-party, or ISV agents — Power Platform governance covers a lot. As soon as you cross into other platforms, Agent 365 becomes the only unified layer.

Agent Builder
Runs where: Copilot Chat; Teams, Outlook
Governed by: M365 Admin (Integrated Apps)
+ Agent 365: Agent ID, Conditional Access, Defender, lifecycle governance
Copilot Studio
Runs where: Power Platform
Governed by: PP Admin + M365 Admin + Purview
+ Agent 365: Agent ID, CA, Defender, cross-platform registry view
Foundry (→ Teams)
Runs where: Azure → Teams
Governed by: M365 Admin (after approval)
+ Agent 365: Work IQ MCP servers, Defender, lifecycle governance
Foundry (autonomous)
Runs where: Azure (no Teams bot)
Governed by: ⚠️ Azure Portal only — invisible to M365
+ Agent 365: 🔴 SDK onboarding — only way to reach M365 governance
Third-Party / ISV
Runs where: Vendor cloud
Governed by: ⚠️ Vendor portal only — Entra app reg only
+ Agent 365: 🔴 Registry discovery, Entra Agent ID, MCP scoping
SaaS / n8n (OAuth)
Runs where: Vendor cloud
Governed by: ⚠️ Invisible — personal OAuth, no consent flow
+ Agent 365: 🔴 Flags ungoverned apps; restrict consent + revoke
Multi-Agent chains
Runs where: Mixed
Governed by: ⚠️ No orchestrator-to-sub-agent visibility
+ Agent 365: 🔴 Agent Map, end-to-end A2A audit, orchestrator CA

Licensing & Getting Started

OptionIncludesPriceAvailability
Microsoft 365 E7M365 E5 + Entra Suite + M365 Copilot + Agent 365$99/user/moGA May 1, 2026
Agent 365 StandaloneRegistry + Agent Map + Entra Agent ID + CA + Work IQ MCP$15/user/moGA May 1, 2026
Frontier Preview25 licenses with any M365 Copilot licenseIncludedNow

Licensing model (GA): Per user — all agents acting on behalf of (OBO) a licensed user are covered. Agents acting on behalf of a licensed user do not need their own license. However, Agent Users with their own Exchange, Teams, or SharePoint access require the Agent 365 license.

Important: Agent 365 Standalone ($15/user) includes the control plane: Observability (Registry + Map), Governed Access (Entra Agent ID + CA + Work IQ MCP). The Defender (Threat Defense) and Purview (Data Protection) capabilities activate if those licenses are already present. Microsoft 365 E7 ($99/user) bundles everything — Defender + Purview + Entra Suite + Copilot + Agent 365 — in one SKU.

CSP Promos (May–Dec 2026)

  • 10% off E7 annual (10–9,999 seats)
  • 15% off E7 annual (100–9,999 seats)
  • 15% off E7 triennial (300–9,999 seats)

Get Started

  1. ≥1 M365 Copilot license
  2. Admin Center → Copilot → Frontier
  3. Agents → Accept Terms
  4. Explore Registry & Map

Sources

📺 Recommended visual deep-dive: Agent 365 and Agent ID Overview by John Savill (48 min). Savill walks through the full identity hierarchy (Blueprint → Service Principal → Agent ID → Agent User) on a whiteboard, explains the token exchange flow, and draws an illuminating parallel between the human employee security stack and the agent equivalent. Some concepts in this post — particularly the Maslow-style hierarchy and the „why not a user account / service principal“ reasoning — are inspired by his presentation.

Avatar von Jens
Jens

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert