Microsoft Entra ID · Developer & Technical

Agent ID Administrator

Manages all aspects of agents in a tenant including identity lifecycle operations for agent blueprints, agent service principals, agent identities, and agentic users.

Scope: Full control over AI agent identities and their lifecycle in Microsoft Entra ID; identity-side counterpart to AI Administrator in Microsoft Agent 365

Permissions

  • Create and manage agent identities (Microsoft Entra Agent ID)
  • Manage agent blueprints
  • Update agent role assignments
  • Enable/disable agents
  • Manage agent credentials
  • Create agentic users
  • Manage agents surfaced in the Microsoft Agent 365 inventory that have an Entra agent identity

Common use cases

  • Managing AI agent authentication
  • Configuring agent service principals
  • Setting up agentic user accounts
  • Controlling agent permissions

Best practices

  • Apply least privilege to agents
  • Review agent permissions regularly
  • Monitor agent activity
  • Use managed identities where possible

Security considerations

  • Agents can act autonomously
  • Credential management is critical
  • Monitor for privilege escalation

Common questions

When should I assign the Agent ID Administrator role?

Assign Agent ID Administrator when you need to: Managing AI agent authentication; Configuring agent service principals; Setting up agentic user accounts; and Controlling agent permissions. It is part of Microsoft Entra ID and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Agent ID Administrator role do?

The Agent ID Administrator role grants permissions including: Create and manage agent identities (Microsoft Entra Agent ID); Manage agent blueprints; Update agent role assignments; Enable/disable agents; Manage agent credentials; and Create agentic users. See the Permissions section above for the full list.

What are the security risks of the Agent ID Administrator role?

Key considerations when assigning Agent ID Administrator: Agents can act autonomously; Credential management is critical; and Monitor for privilege escalation. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →