Microsoft Entra: New service plans for Conditional Access and ID Protection for agents

🚨 The Signal: Microsoft Entra Conditional Access and ID Protection capabilities are now extended to agent identities within Agent 365 and M365 E7. This enables applying existing identity security policies to AI agents, enhancing their security posture.

The Impact

Organizations using Agent 365 or M365 E7 are affected, gaining enhanced security controls for AI agent identities.

• Security Teams: Can enforce Conditional Access and ID Protection on AI agents, reducing risk.
• Identity Admins: Gain new capabilities to secure agent identities using existing Entra policies.
• Compliance Officers: Improved ability to demonstrate secure management of AI agent access.
• AI Solution Owners: Agents benefit from stronger identity protection, reducing compromise risk.

The Action

1. Review existing Conditional Access policies to determine applicability to agent identities.
2. Review existing Identity Protection policies for agent identity scope.
3. Plan for creating new Conditional Access policies specifically targeting agent identities.
4. Plan for creating new Identity Protection policies specifically targeting agent identities.

Domain: Agentic-AI · Impact: medium · Workload: Entra ID · Essential Eight: Multi-Factor Authentication, Restrict Administrative Privileges · ISM: ISM-0109, ISM-0123, ISM-0140, ISM-0445, ISM-0974, ISM-1173, ISM-1175, ISM-1228, ISM-1380, ISM-1401, ISM-1504, ISM-1505, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1679, ISM-1680, ISM-1681, ISM-1682, ISM-1683, ISM-1686, ISM-1688, ISM-1689, ISM-1815, ISM-1819, ISM-1872, ISM-1873, ISM-1874, ISM-1883, ISM-1892, ISM-1893, ISM-1894, ISM-1897, ISM-1898, ISM-1906, ISM-1907