Microsoft Entra ID · Developer & Technical

Agent ID Developer

Creates agent blueprints and their service principals. The user is added as owner of the agent blueprint and its service principal.

Scope: Create and own agent blueprints for AI agent development

Permissions

  • Create agent blueprints
  • Create agent service principals
  • Read service principal properties
  • Become owner of created blueprints

Common use cases

  • Building AI agent applications
  • Setting up agent authentication
  • Developing copilot integrations

Best practices

  • Follow secure development practices
  • Document agent capabilities
  • Test thoroughly before production

Security considerations

  • Created agents can have broad access
  • Developer becomes owner - review ownership

Common questions

When should I assign the Agent ID Developer role?

Assign Agent ID Developer when you need to: Building AI agent applications; Setting up agent authentication; and Developing copilot integrations. It is part of Microsoft Entra ID and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Agent ID Developer role do?

The Agent ID Developer role grants permissions including: Create agent blueprints; Create agent service principals; Read service principal properties; and Become owner of created blueprints. See the Permissions section above for the full list.

What are the security risks of the Agent ID Developer role?

Key considerations when assigning Agent ID Developer: Created agents can have broad access; and Developer becomes owner - review ownership. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →