Zero Trust security for AI agents
Apply Zero Trust controls to every AI agent in your environment across identity, tool usage, and data access. Extend Conditional Access in Microsoft Entra to evaluate every agent authorization request in real time against the same risk signals as human users. Assign each agent its own managed identity with Entra Agent ID and scope permissions with Access Packages. Govern your MCP catalog as a software supply chain — unapproved tools don't run, and approved servers lock behind Azure API Management.
Log every agent tool call, API access, and data lookup into Microsoft Sentinel for continuous anomaly detection. Purview Insider Risk Management auto-assigns risk levels so you can investigate fast or revoke access entirely. DLP and sensitivity labels in Microsoft Purview restrict what agents can reach and auto-inherit to everything they generate, and Data Access Governance maps exactly what each agent can access before a prompt fires.
Jeremy Chapman, Microsoft 365 Director, shares how to put these controls into practice across every managed, self-hosted, and shadow agent in your estate.
► QUICK LINKS:
00:00 - How AI changes Zero Trust
01:20 - Zero Trust principles
02:27 - How to apply Zero Trust principles
03:40 - Conditional Access for Agent Identities
04:59 - Entra Agent ID + Access Packages
06:07 - Runtime Observability
06:58 - DLP, Sensitivity Labels + Data Access Governance
07:47 - MCP catalog
08:36 - AI apps & experiences
09:24 - Wrap up
► Link References
Watch the rest of this series at https://aka.ms/ZTMechanics
For additional resources, check out https://aka.ms/GoZeroTrust
► Unfamiliar with Microsoft Mechanics?
As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.
• Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
• Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
• Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast
► Keep getting this insider knowledge, join us on social:
• Follow us on Twitter: https://twitter.com/MSFTMechanics
• Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
• Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
• Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Published on:
Learn more
Made for tech enthusiasts and IT professionals. Expanded coverage of your favorite technologies across Microsoft; including Office, Azure, Windows and Data Platforms. We'll even bring you broader topics such as device innovation with Surface, machine learning, and predictive analytics.