Microsoft Entra ID · Developer & Technical

Agent ID Administrator

Manages all aspects of agents in a tenant including identity lifecycle operations for agent blueprints, agent service principals, agent identities, and agentic users.

Scope: Full control over AI agent identities and their lifecycle in Microsoft Entra ID; identity-side counterpart to AI Administrator in Microsoft Agent 365

Permissions

  • Create and manage agent identities (Microsoft Entra Agent ID)
  • Manage agent blueprints
  • Update agent role assignments
  • Enable/disable agents
  • Manage agent credentials
  • Create agentic users
  • Manage agents surfaced in the Microsoft Agent 365 inventory that have an Entra agent identity

Common use cases

  • Managing AI agent authentication
  • Configuring agent service principals
  • Setting up agentic user accounts
  • Controlling agent permissions

Best practices

  • Apply least privilege to agents
  • Review agent permissions regularly
  • Monitor agent activity
  • Use managed identities where possible

Security considerations

  • Agents can act autonomously
  • Credential management is critical
  • Monitor for privilege escalation

Official Microsoft Learn documentation →

Open the interactive RBACMap →