Views:

 


COMING SOON - Security Setting!

Only available with Entra ID P1 (Business Premium) or Entra ID P2 (E5) licenses. 
To be compliant with Microsoft requirements, you also need to assign a Microsoft Agent 365 license to each user. Enforcement of Agent 365 licensing is coming soon.
Before enabling this setting, ensure your users are appropriately licensed.

 

Summary

This Conditional Access Policy blocks access to all cloud resources for agent identities assessed as high risk. Agent identities represent the accounts used by AI agents or automated systems to authenticate across services. Risk levels are determined by Microsoft based on signals from Microsoft Entra ID Protection.

This setting uses Conditional Access Policies, therefore is not compatible with Security Defaults (MFA setting).

 

Setting available configurations

  • Enabled: Creates a conditional access policy in the tenant, targeting all agent identities and all resources (formerly "All cloud apps") and blocking access if the agent risk is High.   
    Policy name: "Block high risk agent identities from accessing resources (OP)" 

  • Disabled: Removes the conditional access policy enabled by Office Protect, if any. Office Protect will not delete conditional policies it did not create.

  • Custom Policy (Ignore): We will not monitor nor attempt to modify the organization’s High risk agent identities conditional access policies. We recommend using this if you prefer using a customized policy, so Office Protect does not overwrite your customization.

This setting can be found in your Entra ID admin portal > Protection > Conditional Access > Policies

 

Microsoft documentation

Learn more about agent identities

Learn more about risk levels

Learn more about Conditional Access for agents