Non-Human Identities And Agent Identities Get Access Package Support With Entra Identity Governance For AI Agents HTMD Blog

Non-Human Identities and Agent Identities Get Access Package Support with Entra Identity Governance for AI Agents! Microsoft Entra Identity Governance has introduced full support for Access Packages for Head of Service and Agent Identity.

This provides a significant expansion of organizational capabilities automate and manage access to non-human identities. This update, was announced recently MSI turns on event, bringing long-awaited capabilities to Entitlement Management, enabling security and measurable governance for application identities and workloads.

At Microsoft Ignite 2025, Microsoft introduced major improvements to its devices Enter AI Agent. Rather than relying on the old Copilot tool that only responds when someone types a remindThe new Agentic AI can work autonomously. He can make decisions, take actionand complete tasks without requiring constant direction from the user.

This new feature makes it easier for organizations to handle it access requestapproval, and review for API permissions. Previously, these steps often required manual work or complicated settings. By expanding Access Packages to include service principals and agent identities, not just users, Entering now provides an automated way to manage permissions for human and non-human identities.

Non-Human Identities and Agent Identities Get Access Package Support with Entra Identity Governance for AI Agents

That scope to request access packages can now include both Service Representative and Agent Identity. This means administrators, Service Principal owners, and in some cases, Service Principals themselves can request access packages. This greatly expands the way access can be managed and automated non-human identity.

• Who can get Access
  • For userservice representative and agent identity in your directory

How Entra Access Packages Now Include Delegation and Application Permissions

All delegated and applications permission can now be added directly as a resource within the access package. This makes it easier for admins to manage it API Permissions in one place and provides the right level of access to service principals, agent identities, and applications without manual setup.

Timely Access and Access Review for Service Representatives

Expired policy allow Service Principals to receive “just in time” or on-demand access, minimizing the risks associated with persistent permissions. Additionally, access review is supported to ensure that application role assignments are not still stale or permanently without evaluation by the workload owner, keeping access controls secure and up to date.

Access Request for Service Principal Owner

Owner a Service Principal Object can request access directly. However, the current system does not support it sponsor or delegate in object levelrestrict more granular or delegated access management.

Need More Help or Have a Technical Question?

Join LinkedIn Page And Telegram Group to get step by step guides and latest news updates. Join us Meeting Page to participate in User group meetings. Also, Join WhatsApp Community to get the latest news about Microsoft Technologies. We were there reddit as well.

Author

Anoop C Nair has been a Microsoft MVP from 2015 onwards for 10 years in a row! He is a Workplace Solutions Architect with over 22+ years of experience in the Workplace technology space. He is also a Blogger, Speaker, and Local User Group Community leader. The main focus is on Device Management technologies such as SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.