Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
[This article is prerelease documentation and is subject to change.]
Microsoft Copilot Studio integrates with Microsoft Entra Agent ID in preview.
Important
- This is a preview feature.
- Preview features aren’t meant for production use and might have restricted functionality. These features are available before an official release so that customers can get early access and provide feedback.
Overview
Agent identities extend identity governance and visibility to agents. These identities help your organization build, discover, govern, and protect agent identities across services by using a unified platform.
When you enable this feature for an environment, Copilot Studio automatically creates a Microsoft Entra agent identity for each new agent. You can view and manage these identities in the Microsoft Entra admin center.
You configure agent identity behavior at the environment level in the Power Platform admin center.
Key benefits:
- Audit logging in Microsoft Entra ID
- Agent lifecycle management
- Integration with Entra ID Governance
Microsoft Entra ID logs authentication activity. You can view sign-in events in the Microsoft Entra admin center.
When you create the first agent identity in an enabled environment, Copilot Studio adds a blueprint to your tenant. The blueprint is named Microsoft Copilot Studio agent identity blueprint. A corresponding blueprint principal is also created.
For more information, see Understanding Blueprint Principals. For technical details, see How are agent identities created? in the Microsoft Entra Agent ID documentation.
Prerequisites
- You must be a Power Platform tenant admin or have the Environment Admin role.
Opt out of automatic agent identity creation
You can currently opt out of Entra Agent Identity at the environment level.
To opt out:
In the Power Platform admin center, select Copilot, and then select Settings.
In the list that appears, under the Copilot Studio section, select Entra Agent Identity for Copilot Studio.
Select the environment where you want to disable Entra Agent IDs, and then select Edit setting.
On the next panel, clear the On checkbox, and then select Save. After saving, close the panel.
Important
The opt-out setting is temporary. Microsoft Entra agent identities will be required for all new agents in the future.
Existing agents and backfill
Existing agents created before Entra Agent Identity was enabled for an environment continue using app registrations. They will be migrated to Agent IDs in the future.
Note
Governance capabilities work for both Agent IDs and App Registration IDs during the transition period.
Validate or retrieve agent identity details
To confirm that Copilot Studio created an agent identity, review the agent metadata:
In Copilot Studio, go to the Settings page for your agent.
Select Advanced.
Expand the Metadata section. The GUID for the agent identity that is associated with the agent appears under Entra Agent ID. Use this GUID in the Microsoft Entra admin center to confirm that agent identities are populated.
Understanding Blueprint Principals
When you create the first agent identity in an environment, Copilot Studio adds a Microsoft Copilot Studio agent identity blueprint to your tenant. The agent identity associated with your Copilot Studio agent is created as a child of this blueprint principal.
Blueprint ID: 25664c89-cea5-4ab6-b924-a54fd8a19ae0
All agent identities are children of the Copilot Studio global blueprint.
For more information, see How are agent identities created?.
Deleting agent identities
When you delete an agent in Copilot Studio, Copilot Studio also deletes the associated Microsoft Entra agent identity.
Frequently asked questions
For answers to commonly asked questions about agent identities, app registrations, and authentication, see App registration, agent identities, and authentication.