--- name: Conditional Access for Agents description: "Turns an AI agent's risk profile and data tier into a Microsoft Entra Conditional Access policy specification ready for admin review, aligned to Essential Eight." --- # Conditional Access for Agents > **TL;DR:** This skill takes an autonomous agent's risk profile, data tier and runtime context and produces a ready-to-review Microsoft Entra Conditional Access policy specification, so an admin can harden the agent before it goes live. ## How do you design Conditional Access for an Entra Agent ID? The skill produces a Microsoft Entra Conditional Access policy specification scoped to a named agent or agent group, with all conditions, controls and session settings expressed in the same shape an Entra admin configures in the portal. As Agentic AI and Copilot Studio agents take on autonomous actions, each agent identity needs the same identity hardening a human account receives. This skill targets the Entra Agent ID directly, defining who the agent is, the device and network states it may run from, the sign-in risk it may tolerate, and the session limits that constrain its tokens, so the policy is precise, defensible and ready for review. ## When should you run this skill? - "Design a Conditional Access policy for an AI agent" - "Write CA policy for agent identities" - "Harden agent runtime with Conditional Access" - "Restrict an agent to managed devices only" ## How this skill works, step by step 1. Collect the agent context: Agent ID, owner, data tier (Public, Internal, Confidential, Restricted), runtime locations, parent application. 2. Determine the trust baseline: which device states, networks, and risk levels are acceptable. 3. Define users / workload identities — target the Agent ID directly. 4. Define conditions — locations, device compliance, sign-in risk, client app. 5. Define grant controls — require compliant device, require approved client app, block on high risk. 6. Define session controls — token lifetime, sign-in frequency, app-enforced restrictions. 7. Produce the policy specification below. ## Output format A JSON-shaped policy specification: ```json { "displayName": "CA — Agent ", "state": "enabledForReportingButNotEnforced", "conditions": { "users": {...}, "applications": {...}, "locations": {...} }, "grantControls": { "operator": "AND", "builtInControls": [...] }, "sessionControls": { "signInFrequency": {...} } } ``` Followed by a plain-English review summary for the approving admin. ## Scope and safety The skill produces a specification only and defaults to report-only state; the assigning admin promotes it to enforced. This skill does NOT: - Create or assign the policy (specification only). - Test the policy in What-If. - Override existing Conditional Access baselines. ## Licensing and permissions ### Licences and add-ons | Capability used | Minimum licence | | --- | --- | | Conditional Access policy authoring and session controls | Microsoft Entra ID P1 | | Risk-based conditions (sign-in risk, user risk) | Microsoft Entra ID P2 | | Agent identities targeted by the policy | Microsoft Entra Agent ID | ### Least-privilege roles - Global Reader — read existing Conditional Access policies, named locations and agent identities to ground the specification. - Security Reader — read sign-in risk and Identity Protection signals where risk-based conditions are used. The skill only produces a specification; promoting it to enforced requires a Conditional Access Administrator, which is held by the approving admin rather than the skill. ### Microsoft Graph permissions (read-only) - `Policy.Read.All` — read existing Conditional Access policies and named locations to align the new specification. - `Application.Read.All` — read the parent application and agent identity details targeted by the policy. - `IdentityRiskyUser.Read.All` — read user and sign-in risk signals where risk-based conditions apply. ## Sources and compliance - Aligned to ASD Essential Eight Control 6: User Application Hardening. - Supports E8 ML2 evidence for Control 6 and Control 8 (multi-factor authentication where applicable). - Conditional Access for autonomous agents entered preview in May 2026. - Reference: [https://learn.microsoft.com/en-us/entra/identity/conditional-access/agent-id](https://learn.microsoft.com/en-us/entra/identity/conditional-access/agent-id) - Output in Australian English.