Establish Identity Requirements for Agent Development

Implementation Effort: Low – Requires documenting standards and integrating into development processes.
User Impact: Low – Standards apply to new agent development, not existing systems.

Overview

Before building new agents, organizations must establish identity requirements that ensure every agent is properly registered, authenticated, and governed from inception. This supports the Zero Trust principle of Verify Explicitly by ensuring agents use strong identity foundations, and Use Least Privilege Access by requiring managed identities that can be scoped to specific resources.

Agents built without proper identity foundations create governance blind spots—they may use shared credentials, lack audit trails, or bypass Conditional Access policies. Establishing identity requirements as development standards ensures all new agents integrate with Agent ID SDKs for registry enrollment and use managed identities for Azure resource access. These requirements should be enforced through code reviews, CI/CD gates, and developer documentation.

Key activities include:

• Agent ID SDK integration requirement: Mandate that all new agents integrate with the Agent ID SDK to register in the enterprise Agent Registry and participate in governance workflows
• Managed identity requirement: Require agents to use managed identities for Azure resource access, eliminating credential management and enabling fine-grained RBAC
• Developer documentation: Publish standards and code samples showing proper identity integration patterns
• Enforcement gates: Add CI/CD checks or architecture review gates to verify identity requirements before deployment

Reference

• Publish Agents to Registry
• Agent ID SDK Overview
• Managed Identities for Azure Resources
• Authenticate and Authorize AI APIs with Managed Identity
• Microsoft Entra ID P1 — feature comparison