Microsoft’s approach to governing non-human identities in the autonomous enterprise
In earlier phases of Frost & Sullivan’s AI Transformation series, we examined AI as a business imperative, explored technical readiness, and emphasized the importance of secure-by-design architecture. In our discussions with AWS and Google Cloud, we analyzed how AI must be protected at infrastructure and platform scale.
But the agentic age introduces a more fundamental shift.
As AI systems evolve from copilots to autonomous agents, security is no longer just about protecting models or workloads. It is about governing identities.
AI agents authenticate.
They access enterprise data.
They communicate with other systems.
They execute tasks autonomously.
In effect, they operate as non-human identities within the enterprise environment.
This elevates identity beyond access control. It becomes the control plane for AI governance.
In this third hyperscaler discussion, Frost & Sullivan spoke with Anil Malekani and Neha Monga from Microsoft to examine what this means for CIOs and CISOs navigating AI transformation at scale.
Their perspective reflects a defining reality of this next phase:
Enterprises are no longer just deploying AI tools.
They are onboarding AI identities.
And those identities must be governed with the same rigor, lifecycle discipline, and observability applied to any human workforce.
AI Moves from Assistance to Autonomy
AI adoption is accelerating because it delivers measurable business outcomes:
- Operational efficiency
- Competitive differentiation
- Cost optimization
- Accelerated innovation
However, the shift from AI-enabled applications to AI agents changes the risk calculus.
Agents can:
- Access sensitive enterprise data
- Interact with internal and external systems
- Coordinate with other agents
- Execute actions without real-time human oversight
This introduces new forms of risk:
- Unauthorized data access
- Privilege escalation
- Compromised agent credentials
- Agent-to-agent attack propagation
- Regulatory exposure
Trust, once compromised through AI misuse or breach, is difficult to restore.
As highlighted in our discussion, AI transformation and security transformation are now inseparable. The move toward autonomy requires governance structures designed specifically for non-human actors.
Agent Sprawl and the Rise of Non-Human Identities
The transition toward agentic AI marks a significant step in the evolution of artificial intelligence, bringing with it challenges like agent sprawl and the proliferation of non-human identities. To address these developments, Microsoft has introduced solutions such as Agent 365 and AI security posture management, designed to support organizations as they navigate this rapidly changing landscape.
Agents differ fundamentally from traditional AI applications. They:
- Perform specific tasks independently
- Break complex objectives into coordinated subtasks
- Communicate agent-to-agent
- Operate continuously at machine speed
As enterprises experiment and scale, a new phenomenon emerges: agent sprawl.
Organizations may soon manage hundreds—or even thousands—of AI agents across departments and cloud environments.
This raises essential governance questions:
- Who provisions an AI agent?
- What business role is it assigned?
- What data is it authorized to access?
- How frequently are its permissions reviewed?
- How is anomalous behavior detected and contained?
Each agent represents a non-human identity that must be onboarded, monitored, and eventually retired.
Capabilities such as Entra Agent ID and identity protection services extend identity lifecycle management to AI agents—enforcing least-privilege access, maintaining directories of agent identities, and detecting suspicious behavioral patterns.
From an analyst standpoint, this marks an important inflection point: identity governance is expanding beyond humans and applications to include autonomous AI systems.
Data Governance in the Agentic Environment
While identity becomes the control plane, data remains the primary asset at risk.
AI agents derive their value from data access. This often includes:
- Personally identifiable information (PII)
- Financial records
- Intellectual property
- Sensitive operational data
As agents move across systems and datasets, organizations must ensure:
- Clear data classification
- Policy enforcement aligned with regulatory frameworks
- Continuous observability of data access patterns
- Guardrails embedded directly into AI workflows
Integrated data security posture management, observability tools, and infrastructure protection mechanisms are increasingly necessary to provide unified visibility across identity, data, and AI workloads.
Zero Trust must now extend explicitly to AI agents.
Every identity—human or non-human—must be verified.
Every privilege must be justified.
Every action must be observable.
The perimeter is no longer a meaningful control boundary in an autonomous enterprise.
Identity as the Foundation of the Autonomous Enterprise
The transition to agentic AI is not incremental. It is architectural.
When AI systems become actors capable of reasoning and execution, they must be governed as identities within the enterprise security fabric.
The future security stack will increasingly be defined by:
- Identity provisioning and lifecycle control
- Least-privilege enforcement
- Continuous behavioral monitoring
- Privilege recertification and auditability
- Structured decommissioning of AI agents
In practical terms, organizations must treat AI agents like a digital workforce:
- Defined roles
- Clear responsibilities
- Controlled access
- Continuous oversight
Enterprises that focus only on deploying AI agents may move quickly.
Enterprises that build identity-first governance around those agents will move sustainably.
Practical Guidance for CIOs and CISOs: Know, Protect, Monitor, Respond
In the agentic era, these principles must be applied through an identity-centric lens.
Know
- Inventory all AI agents operating within your environment.
- Define and document each agent’s business role.
- Map what data and systems each agent can access.
- Distinguish between internally developed and externally sourced agents.
Visibility is the foundation of governance.
Protect
- Enforce least-privilege access for every non-human identity.
- Extend Zero Trust policies to AI agents explicitly.
- Classify and safeguard sensitive data accessed by agents.
- Embed secure-by-design controls into AI development processes.
Protection must be identity-driven, not perimeter-driven.
Monitor
- Continuously observe AI agent behavior patterns.
- Detect anomalous activity or abnormal data access.
- Monitor agent-to-agent communication pathways.
- Maintain unified observability across humans, applications, and AI identities.
Autonomous systems require continuous validation.
Respond (and Anticipate)
- Develop incident response playbooks specific to compromised AI agents.
- Revoke or rotate credentials immediately upon detection of risk.
- Use behavioral analytics to anticipate emerging threats.
- Align AI governance tightly with security operations to enable predictive defense.
Response must evolve from reactive remediation to adaptive resilience.
Closing Reflection
AI is entering its agentic phase. Enterprises are moving from tools that assist users to systems that act on their behalf.
This unlocks significant productivity and innovation potential. But autonomy without governance introduces systemic fragility.
As our discussion with Microsoft underscores, the defining challenge of the next decade will not simply be protecting AI workloads—it will be governing AI identities.
Identity is no longer just an access mechanism.
It is the foundation of trust in the autonomous enterprise.
The CIOs and CISOs who recognize this structural shift early will not only secure AI transformation—they will enable it to scale with confidence and control.
