Microsoft Entra ID · Developer & Technical
Agent ID Administrator
Manages all aspects of agents in a tenant including identity lifecycle operations for agent blueprints, agent service principals, agent identities, and agentic users.
Scope: Full control over AI agent identities and their lifecycle in Microsoft Entra ID; identity-side counterpart to AI Administrator in Microsoft Agent 365
Permissions
- Create and manage agent identities (Microsoft Entra Agent ID)
- Manage agent blueprints
- Update agent role assignments
- Enable/disable agents
- Manage agent credentials
- Create agentic users
- Manage agents surfaced in the Microsoft Agent 365 inventory that have an Entra agent identity
Common use cases
- Managing AI agent authentication
- Configuring agent service principals
- Setting up agentic user accounts
- Controlling agent permissions
Best practices
- Apply least privilege to agents
- Review agent permissions regularly
- Monitor agent activity
- Use managed identities where possible
Security considerations
- Agents can act autonomously
- Credential management is critical
- Monitor for privilege escalation
Common questions
When should I assign the Agent ID Administrator role?
Assign Agent ID Administrator when you need to: Managing AI agent authentication; Configuring agent service principals; Setting up agentic user accounts; and Controlling agent permissions. It is part of Microsoft Entra ID and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Agent ID Administrator role do?
The Agent ID Administrator role grants permissions including: Create and manage agent identities (Microsoft Entra Agent ID); Manage agent blueprints; Update agent role assignments; Enable/disable agents; Manage agent credentials; and Create agentic users. See the Permissions section above for the full list.
What are the security risks of the Agent ID Administrator role?
Key considerations when assigning Agent ID Administrator: Agents can act autonomously; Credential management is critical; and Monitor for privilege escalation. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.