Example PowerShell to review agent identities (when SDK is available)
News/2026-03-10-example-powershell-to-review-agent-identities-when-sdk-is-available-guide
Enterprise AI📖 Practical GuideMar 10, 20266 min read
?Unverified·Single source

Example PowerShell to review agent identities (when SDK is available)

Featured:Microsoft

Practical focus

Automate repeatable business workflows

Guideline angle

Rolling out AI copilots by department

Example PowerShell to review agent identities (when SDK is available)

How to Gain Visibility and Control Over Enterprise AI Agents with Microsoft Agent 365

TL;DR

  • Microsoft Agent 365 is a new centralized dashboard that gives IT teams real-time visibility, permission management, and security controls over all AI agents in your organization.
  • It works by assigning unique identities to agents via Microsoft Entra Agent ID and maintaining an inventory in the Agent Registry.
  • You can start preparing today by reviewing your Microsoft 365 licensing and planning for the May 1, 2026 general availability of Microsoft 365 E7 (ME7), which bundles Agent 365 with Copilot and advanced security tools.

Prerequisites

Before you can use Agent 365, ensure you meet these requirements:

  • An active Microsoft 365 enterprise tenant with Global Admin or Security Admin privileges.
  • Microsoft 365 E3 or E5 licenses as a baseline (Microsoft 365 E7 will be required for full Agent 365 capabilities).
  • Access to the Microsoft Admin Center and Microsoft Entra admin center.
  • Existing Copilot for Microsoft 365 usage (recommended but not mandatory for initial visibility features).
  • Familiarity with Microsoft Entra ID identity and access management concepts.
  • Budget approval for the upcoming $99 per user per month Microsoft 365 E7 tier (GA on May 1, 2026).

Note: As of March 2026, Agent 365 is in early rollout. Check the Microsoft 365 Admin Center for preview availability in your tenant.

Step 1: Assess Your Current AI Agent Landscape

Start by understanding how many agents already exist in your environment:

  1. Sign in to the Microsoft 365 Admin Center.
  2. Navigate to Reports > Usage > Copilot (or the new Agent Activity section if visible).
  3. Export the report to identify patterns of agent creation.
  4. Ask department leads to document any custom agents built with Azure OpenAI, Power Automate, or third-party platforms.

Practical tip: Run a quick audit using Microsoft Purview to search for “agent” or “Copilot” related activities over the past 90 days. This gives you a baseline before Agent 365 is fully enabled.

Step 2: Prepare for Microsoft 365 E7

Microsoft 365 E7 combines Copilot, security, and agent governance into one suite.

  • Review your current licensing in the Microsoft 365 Admin Center under Billing > Your products.
  • Estimate the number of users who will need agent governance (typically power users, developers, and IT/security teams).
  • Contact your Microsoft account representative to discuss E7 early access or volume licensing.

Expected pricing (as announced): $99 per user per month when generally available on May 1, 2026.

Step 3: Enable and Access the Agent 365 Dashboard

Once available in your tenant:

  1. Go to the Microsoft Admin Center.
  2. In the left navigation, look for the new Agent 365 or Agents hub (it will appear under Show all once enabled).
  3. The dashboard provides three core views:
    • Agent Inventory – Lists every discovered agent.
    • Activity Map – Visualizes agent interactions and data flows.
    • Risk Assessment – Highlights agents with excessive permissions or sensitive data access.

What you’ll see immediately:

  • Unique Agent IDs assigned via Microsoft Entra Agent ID.
  • Permission scopes and last activity timestamps.
  • Risk scores based on 100+ trillion daily security signals Microsoft processes.

Step 4: Register and Govern New AI Agents

Use the Agent Registry to treat agents like employees:

  1. In the Agent 365 dashboard, click Register Agent.
  2. Provide a name, description, and owner.
  3. The system auto-generates a unique Entra Agent ID.
  4. Assign least-privilege roles using Microsoft Entra role-based access control (RBAC).
  5. Set data-loss prevention (DLP) policies to prevent agents from accessing or exfiltrating sensitive information.

Example workflow for registering a custom agent:

Connect-MgGraph -Scopes "Application.Read.All"
Get-MgServicePrincipal -Filter "DisplayName eq 'CustomSalesAgent'"

(Exact cmdlets will be documented in Microsoft Learn upon GA — check official docs for updated syntax.)

Step 5: Monitor and Respond to Agent Risks

Set up ongoing governance:

  • Configure alerts for agents accessing sensitive data.
  • Use the agent mapping view to understand cross-system interactions.
  • Review weekly “Agent Health” reports.
  • Revoke access or quarantine risky agents directly from the dashboard.

Visual step: Look for the “Agent Map” visualization — similar to Microsoft Defender’s attack surface maps — showing which agents talk to SharePoint, Outlook, or external APIs.

Tips and Best Practices

  • Start small: Pilot Agent 365 with 1–2 departments before enterprise rollout.
  • Treat agents like users: Require owners to be real humans who are accountable for agent behavior.
  • Implement zero-trust for agents: Never grant broad “Contributor” permissions; always use granular scopes.
  • Integrate with existing security tools: Connect Agent 365 alerts to Microsoft Defender XDR and Microsoft Sentinel.
  • Educate developers: Update internal guidelines to require all new AI agents to be registered in Agent 365 on day one.
  • Schedule regular reviews: Set a monthly “Agent Governance” meeting similar to access certification reviews.

Common Issues

Why am I getting “Agent not found” after registration?

This usually occurs if the agent was built outside Microsoft’s ecosystem. Ensure the agent uses Microsoft Entra authentication. Use the “Discover Agents” scan in the dashboard to force detection.

How do I handle third-party agents?

Agent 365 supports partner ecosystem agents. During registration, select “External” and provide the partner’s verification details. Full support for non-Microsoft agents will expand after GA.

Will this work with agents built in Azure OpenAI or LangChain?

Yes, but they must authenticate through Microsoft Entra. Agents using direct API keys without Entra identity will show as “Unmanaged” with high risk scores.

The dashboard shows too many agents — where do I start?

Use the built-in risk filter. Sort by “High Risk” first. Focus on agents with broad permissions or access to PII/financial data.

Next Steps

After implementing basic visibility:

  • Explore the upcoming Copilot Cowork research preview (expected later in March 2026) for collaborative agent workflows.
  • Integrate Agent 365 with Microsoft Purview Information Protection for automatic data classification.
  • Train your security team on the new “Agent Identity Lifecycle” process.
  • Evaluate migrating high-risk custom agents to Microsoft’s managed agent capabilities as they become available.

Agent 365 represents Microsoft’s attempt to bring order to the chaotic proliferation of AI agents — essentially giving IT teams “air traffic control” over machine identities that now outnumber human ones by a huge margin.

By following the steps above, you can move from reactive chaos to proactive governance as soon as the tools become available in your tenant.

Sources

Original Source

zdnet.com

Comments

No comments yet. Be the first to share your thoughts!