AI agents are no longer a future concept in identity and security—they are already becoming first‑class citizens in Microsoft Entra. I had session in Experts Live Denmark 2026 and in session “License to Assist – Bringing AI Agents to Entra ID”, Jan Vidar Elven, Senior Architect and Security MVP at Evidi AS, explored how Microsoft’s rapidly evolving AI capabilities are reshaping identity, governance, and security operations.

This session combined real-world demos, architectural insights, and practical takeaways, focusing on how organizations can move from chat-based assistance to autonomous, governed AI agents inside Entra ID.

From prompts to agents: the evolution of Security Copilot

The session started by positioning Microsoft Security Copilot as more than just a conversational interface. While many administrators are familiar with asking Copilot questions—such as tenant statistics, risky users, or sign-in activity—the real shift happens when agents enter the picture.

Security Copilot today offers:

  • A standalone portal experience
  • Deep in-product integration across Microsoft security workloads, including Entra ID
  • A growing agent framework, where agents can continuously analyze, report, and even act

Unlike traditional Copilot prompts that run in the admin’s own context, agents operate on a scheduled, autonomous basis, delivering insights without constant manual interaction.

Entra-focused agents in action

A major part of the session was dedicated to Entra-specific Security Copilot agents, with live walkthroughs showing how they work in practice.

Conditional Access Optimization Agent

This agent continuously analyzes Conditional Access policies and identifies:

  • Overlapping or redundant policies
  • New users or applications not covered by existing policies
  • Configuration gaps that may weaken security posture

The agent can run on a schedule, generate summaries, and notify administrators via email or Microsoft Teams. Importantly, it operates using its own agent identity, not the admin’s user account—a key step toward proper governance.

Access Review Agent

The Access Review agent assists with Entra ID Governance by:

  • Analyzing ongoing access reviews
  • Correlating user activity, employment signals, and lifecycle events
  • Generating approve or deny recommendations based on real signals

Rather than replacing decision-makers, the agent augments them with richer context, helping reduce review fatigue while improving decision quality.

Identity Risk Management Agent

Still in preview, this agent monitors identity risk signals and highlights risky users automatically. It can be scheduled and provides a low-cost way to continuously monitor identity risk without constant manual checks.

Cost, licensing, and SKUs: the reality check

One of the most appreciated parts of the session was the transparent discussion around cost.

Historically, Security Copilot required provisioning Security Compute Units (SCUs) in Azure, billed hourly. This created hesitation, especially for organizations that only needed Copilot occasionally.

Key updates discussed:

  • Microsoft 365 E5 customers now receive included Security Copilot capacity
  • Usage is allocated monthly based on tenant size
  • Additional consumption can be purchased later via pay‑as‑you‑go
  • Agent-based scenarios typically consume very little capacity, making them safer to experiment with than long chat sessions

A key takeaway: agents provide better value than extended interactive chats, both operationally and financially.

Beyond Security Copilot: MCP and custom agents

The session then expanded beyond Microsoft’s built-in agents into custom and developer-driven scenarios.

Model Context Protocol (MCP)

Using MCP servers, administrators and developers can query Entra ID and Microsoft Graph directly from tools like Visual Studio Code—without consuming Security Copilot capacity.

The demo showed how:

  • MCP servers authenticate via Entra
  • Queries are fully auditable
  • Access can be governed using enterprise application controls

This approach opens powerful, low-cost inspection and troubleshooting scenarios for advanced teams.

Building your own agents

Using the Microsoft 365 Agents Toolkit and Copilot Studio, it’s possible to:

  • Build declarative agents
  • Connect them to Microsoft Graph or custom APIs
  • Publish them into Microsoft Teams
  • Govern them using Entra Agent ID

This brings AI development firmly into the identity governance model, rather than leaving it as an unmanaged innovation experiment.

Entra Agent ID: AI as a first-class identity

The session concluded with one of the most forward-looking topics: Entra Agent ID.

AI agents are now treated as:

  • Distinct identities
  • Governable via permissions, groups, and sponsors
  • Subject to lifecycle management and access reviews

Organizations already using Microsoft 365 Copilot or Azure AI services may be surprised by how many agents already exist in their tenant. Entra Agent ID provides the missing control layer—allowing security and identity teams to manage AI just like users, apps, and devices.

Key takeaways

  • AI agents in Entra ID are already production-ready
  • Security Copilot agents provide continuous, low-cost insights
  • Governance improves when agents have their own identities
  • MCP enables powerful, license-efficient Graph exploration
  • Entra Agent ID is the foundation for secure, scalable AI adoption

As Entra continues to evolve, the message from this session was clear:
AI in identity is no longer about asking better questions—it’s about deploying better agents.