Microsoft Entra Agent ID: A Practical Guide to Blueprints and Agent Identities
As AI agents become an increasingly important part of modern work, organizations need a way to govern them with the same level of control and consistency applied to human identities. Microsoft Entra Agent ID is the identity platform purpose-built for AI agents. It extends the security and governance capabilities of Microsoft Entra, including Conditional Access,…
Microsoft Orphaned Agents Identities: The hidden identity debt in your Entra tenant
In my previous post, I covered agents without an Owner or Sponsor, identities with no one accountable for them. This blog post covers a related but distinct problem: agents that have lost their parent Blueprint entirely. Microsoft Entra supports two types of agents. Classic agents are Service Principals with no parent Blueprint. They were created…
Microsoft Ownerless Agents: The silent risk in your Entra tenant
AI agents are being deployed faster than they are being governed. Every agent created in Microsoft Copilot Studio or Microsoft Foundry becomes an identity in Microsoft Entra ID. Depending on how and when the agent was created, this is either a classic Service Principal or a modern Agent Identity, each with different governance and security…
Microsoft 365 Copilot: Why self-service trials are a security risk
Every day, employees across your organization are just a few clicks away from activating Microsoft 365 Copilot, without involving IT, without security review, and without completing any required training. By default, Microsoft enables self-service trials and purchases directly in the Microsoft 365 admin portal, meaning a motivated user can have Microsoft 365 Copilot running within…
Microsoft Purview: Implementing HR Data Connector for Insider Risk Management
Microsoft Purview includes a Human Resources (HR) connector that ingests resignation data, enabling Insider Risk Management to automatically identify departing employees as potential insider threats. In this technical guide, we will implement the HR data connector that feeds resignation data into Insider Risk Management. This enhances the ‘Data theft by departing users’ policy template, one…
Microsoft Copilot Studio: Real-Time Protection for AI Agents
The rise of low-code platforms has fundamentally changed how organizations approach AI. Microsoft Copilot Studio exemplifies this shift, enabling business users across organizations to build intelligent AI agents without writing a single line of code. Microsoft Copilot Studio is a low-code development platform that allows anyone in an organization to create AI-powered conversational agents. These agents…
Microsoft Defender for Identity Recommended Actions: Ensure that all privileged accounts have the configuration flag
Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended actions and what they mean, a plan of approach, their impact, and my security recommendations, hopefully helping others. The twenty-seven one in the series is the “Ensure that all privileged accounts have the configuration flag”…
Microsoft Defender for Identity Recommended Actions: Change password of built-in domain Administrator account
Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended actions and what they mean, a plan of approach, their impact, and my security recommendations, hopefully helping others. The twenty-sixth one in the series is the “Change password of built-in domain Administrator account” recommended action. Introduction You have twenty-seven…
Microsoft Defender for Identity Recommended Actions: Change password for KRBTGT account
Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended actions and what they mean, a plan of approach, their impact, and my security recommendations, hopefully helping others. The twenty-fifth one in the series is the “Change password for krbtgt account” recommended action. Introduction You have twenty-seven recommendations if…
Microsoft Defender for Identity Recommended Actions: Built-in Active Directory Guest account is enabled
Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended actions and what they mean, a plan of approach, their impact, and my security recommendations, hopefully helping others. The twenty-fourth one in the series is the “Built-in Active Directory Guest account is enabled” recommended action.…
Something went wrong. Please refresh the page and/or try again.
Microsoft Security Blog 