Access reviews should sit with the identity or platform team that can verify object ownership, delegated authority, and downstream use. The review must include the agent identity itself, the principal behind it, and any related service or application object. Without that chain, certification becomes a paper exercise instead of governance.
Why This Matters for Security Teams
Access reviews for agent identities in Entra ID are not a clerical exercise. They are the control point where ownership, delegated authority, and actual downstream usage either line up or fall apart. If the reviewer cannot confirm who created the agent, who sponsors it, and what it is allowed to do, the certification only validates a directory object, not a real operational workload. That gap matters because NHIs now outnumber human identities by 25x to 50x in modern enterprises, and NHI Mgmt Group research shows most organisations still lack full visibility into service accounts.
For Microsoft Entra ID, the right owner is usually the identity or platform team, but only when that team can verify the chain from agent identity to business owner to application or service object. Security teams often assign reviews to application owners who do not understand the agent’s runtime behaviour, or to technical admins who cannot judge business necessity. Current guidance suggests treating agent identities as governed infrastructure with human accountability attached, not as isolated directory entries. That is the distinction that keeps access reviews meaningful rather than performative.
In practice, many security teams discover broken ownership only after a dormant agent has already accumulated broad permissions and been reused in ways nobody documented.
How It Works in Practice
The review process should start with object provenance. The reviewer needs to confirm three things: who owns the agent identity in Entra ID, who holds delegated authority to approve its access, and which service principal or application object the identity supports. That is especially important when an agent uses shared credentials, multiple app registrations, or automation frameworks that mask the real operator. Without that chain, access certification cannot answer the core question of whether the agent should still exist, not just whether it has been reviewed.
In practice, the identity or platform team is often best placed to run the review because it can inspect directory metadata, ownership fields, sign-in patterns, conditional access context, and associated permissions. Business stakeholders should still validate necessity, but they should not be asked to interpret Entra ID object relationships alone. NHI lifecycle controls are the right lens here, including rotation, offboarding, and ownership validation, as outlined in NHI Lifecycle Management Guide and the broader Ultimate Guide to NHIs.
- Validate the agent identity, not just the app registration it belongs to.
- Confirm a named human sponsor who can justify the agent’s continued use.
- Check whether the agent’s permissions still match the task it performs.
- Remove orphaned objects that no longer have a business owner or runtime dependency.
- Re-certify after major workflow, permission, or workload changes.
For governance design, this aligns with the control logic behind OWASP Top 10 for Agentic Applications 2026 and the NIST AI Risk Management Framework, both of which emphasize accountability and runtime governance. These controls tend to break down when agent identities are created by automation pipelines that bypass ownership fields or when multiple teams share a single service principal because no one wants to manage the lifecycle.
Common Variations and Edge Cases
Tighter ownership rules often increase administrative overhead, requiring organisations to balance governance quality against the speed of delivery. That tradeoff is real, especially in environments where developers spin up agents quickly and platform teams inherit the cleanup. There is no universal standard for this yet, but current guidance suggests the reviewer should be the team that can verify object lineage, while the business owner remains accountable for purpose and necessity.
Edge cases appear when the agent is embedded in a vendor-managed application, when one agent impersonates many downstream workflows, or when the Entra ID object has no clean human sponsor. In those situations, the review should escalate rather than auto-approve. If the object cannot be tied to a responsible owner, it should be treated as unmanaged access. That is also where findings from the 52 NHI Breaches Analysis become operationally relevant, because weak ownership is often the precursor to credential sprawl and privilege retention.
Security teams should also be cautious with “shared ownership” models. Shared ownership usually means no one is actually accountable when the agent’s permissions drift. Best practice is evolving, but the safest pattern is a single operational owner, a separate business sponsor, and periodic validation that the agent still matches its declared purpose.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Ownership and accountability are core to NHI governance and review hygiene. |
| OWASP Agentic AI Top 10 | A1 | Agentic systems need runtime accountability, not just static directory ownership. |
| NIST AI RMF | AIRMF governance requires clear accountability for AI system decisions and actions. |
Assign each agent identity a single accountable owner and verify it during every access review.
Related resources from NHI Mgmt Group
- How should security teams run access reviews for non-human identities?
- How should security teams govern Microsoft Agent ID objects as non-human identities?
- How should security teams govern non-human identities that have persistent access?
- When do NHI access reviews create more value than a one-time cleanup?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 1, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org