4 Minutes
Microsoft Moves Identity and Access Management into the AI Era with Entra Agent ID
Microsoft is reshaping enterprise security by unveiling Microsoft Entra Agent ID, a new solution aimed at bringing powerful identity and access management tools to artificial intelligence agents. This cutting-edge feature enables organizations to exercise granular control over how AI agents interact with sensitive data, systems, and users—ensuring trust and compliance in the age of automated digital workforces.
Each AI agent assigned through Entra Agent ID receives a distinct identifier and a consistent digital identity. These agent identities function seamlessly across various tools and platforms, supporting essential identity services such as authentication, authorization, and complete lifecycle management. By extending identity management beyond human users, Microsoft is making it easier for organizations to securely integrate AI into their business processes.
Key Features and Advantages of Microsoft Entra Agent ID
With the introduction of Agent ID, administrators can implement Conditional Access policies specifically for AI, mirroring controls used with human accounts. This includes enforcing the principle of least privilege, monitoring AI agent activity, and ensuring all automated processes adhere to company compliance requirements. As a result, the deployment of AI agents within enterprise environments becomes significantly safer and more transparent.
Compared to traditional identity management tools, Agent ID introduces advanced oversight over the actions of autonomous agents, reducing risks related to unauthorized access or unmonitored activity—an increasingly important concern as AI becomes more involved in critical business operations.
Evolution of Passwordless Security: Passkey Profiles and FIDO2 Expansion
Looking forward, Microsoft is enhancing its passwordless authentication strategies. Starting November 2025, Microsoft Entra ID will launch support for passkey profiles in public preview. This update empowers administrators to manage passkey configurations on a group basis, offering deeper flexibility for security teams.
Now, organizations will be able to mix and match various FIDO2 security key models and deploy Microsoft Authenticator passkeys to specific user groups. Microsoft also confirmed broader WebAuthn support: when attestation enforcement is disabled, any WebAuthn-compliant security key or passkey provider will be accepted—unlocking more robust, hardware-based security across diverse enterprise environments.
These advancements mark a significant leap for businesses wishing to adopt nuanced, sophisticated passkey policies while continuing the shift toward a passwordless future. With password compromises responsible for many data breaches, these changes bolster overall digital security posture.
Urgent Migration Deadlines: Entra ID and Azure AD Updates
Microsoft issued several critical migration and retirement deadlines that security administrators must not miss. By July 31, 2025, the User Risk Policy and Sign-In Risk Policy pages within Entra ID Protection will switch to read-only mode. Organizations are strongly encouraged to migrate their management workflows to Conditional Access to maintain effective policy control.
From July onward, guest authentication workflows for B2B Collaboration via Microsoft Entra ID will also change. Guest users will first authenticate on the host organization’s branded login screen before being redirected for final sign-in. This update aims to minimize confusion during cross-tenant authentication and streamline guest user experiences.
Phasing Out Legacy Features and APIs
Between now and August 30, 2025, Microsoft will retire the “Automatically capture sign-in fields” functionality for Password-Based Single Sign-On (SSO). New SSO setups must use the MyApps Secure Sign-In Extension for manual field capture, while existing applications will remain unaffected.
September 2025 is another milestone: Azure AD Graph API will be deprecated, and organizations urgently need to migrate to Microsoft Graph for continued integration and support. Furthermore, Microsoft Authenticator for iOS will transition backup storage exclusively to iCloud and iCloud Keychain, eliminating reliance on in-app backups and personal accounts. For those using Microsoft Entra ID Access Review, starting September, only the previous year’s review history will be accessible; to archive older data, exporting is required.
In mid-October, the retirement of AzureAD PowerShell modules will accelerate with planned outage testing, and Microsoft is encouraging migration to the Microsoft Graph PowerShell SDK or Microsoft Entra PowerShell modules.
Industry Impact and Use Cases
These updates reflect Microsoft’s ongoing commitment to modernizing enterprise identity management, emphasizing robust security as organizations adopt AI, move toward passwordless authentication, and streamline cloud operations. IT leaders and security professionals should act promptly to adapt their strategies and ensure continued protection, compliance, and innovation.
By leveraging the new features in Microsoft Entra, businesses can confidently manage both human and AI identities, embrace advanced authentication standards, and prepare for a secure digital future.
Source: neowin
Comments