TL;DR: Agent identities sit at the centre of a fast-moving governance problem because attackers already target identity systems to control access, and Microsoft’s Agent ID preview still leaves changing behaviours and APIs in play, according to Semperis. The critical gap is that agent identities are not people, so human IAM assumptions no longer hold.
NHIMG editorial — based on content published by Semperis: Entra ID agent identities and the attacks that target them
Questions worth separating out
Q: How should security teams govern Entra ID agent identities in production?
A: Treat agent identities as machine identities with explicit ownership, scoped permissions, and a documented lifecycle.
Q: What breaks when agent identities are managed like ordinary user accounts?
A: Human account controls assume a person, a predictable login pattern, and a review cycle tied to employment or role change.
Q: When should teams treat an Entra ID agent identity as too immature for production use?
A: Use that threshold when the registration process, token behaviour, and offboarding path are still changing or cannot be verified consistently in your tenant.
Practitioner guidance
- Inventory agent identity objects separately from users and service principals Create a distinct register for blueprint, principal, agent identity, and agent user objects so ownership and scope are traceable across the lifecycle.
- Validate claims across every authentication flow Test the token claims produced by each flow in a non-production tenant and confirm they reliably identify the agent, the scope, and the intended action.
- Treat preview behaviours as provisional control points Do not base production approvals on agent identity behaviours, APIs, or UI paths that Microsoft still classifies as preview until they have been tested for persistence and offboarding.
What's in the full article
Semperis' full guide covers the operational detail this post intentionally leaves for the source:
- Practice checkpoints that walk through agent identity creation and verification in an Entra ID tenant
- Object-by-object guidance on blueprint, principal, agent identity, and agent user relationships
- Hands-on validation steps for permissions and token claims across three authentication flows
- Chapter-level references to where agent identities may go wrong and how to test those failure points
👉 Read Semperis' guide to Entra ID agent identities and attack paths →
Entra ID agent identities: what IAM teams need to watch now?
Explore further
Entra ID agent identities are not a new flavour of user account, they are a separate governance problem. The article is right to insist that these identities are not people, because human IAM assumptions about authentication flow, review cadence, and accountability do not map cleanly onto them. Once an identity can act on behalf of software behaviour rather than a person, the programme needs to treat it as a machine identity with its own lifecycle and oversight. Practitioner conclusion: govern agent identities with machine-identity controls, not user-centric shortcuts.
A few things that frame the scale:
- 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time, according to the Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why agent identity programmes fail when governance cannot see every machine identity in scope.
A question worth separating out:
Q: Who should own access reviews for agent identities in Entra ID?
A: Access reviews should sit with the identity or platform team that can verify object ownership, delegated authority, and downstream use. The review must include the agent identity itself, the principal behind it, and any related service or application object. Without that chain, certification becomes a paper exercise instead of governance.
👉 Read our full editorial: Entra ID agent identities expose the next IAM control gap