Microsoft Shows How to Call Azure Services from an AI Agent Using Entra ID and .NET SDK

Microsoft’s demo walks developers through the full lifecycle of an autonomous AI‑driven chatbot that talks to Azure services without ever borrowing a user’s credentials. The sample, posted by Will Velida on March 2, shows how to provision an Entra Agent ID via the “Agent Identity Blueprint” and then bind that service principal to a Cosmos DB role, so the agent can read and write conversation history under its own audit trail. By configuring the .NET Azure SDK with MicrosoftIdentityTokenCredential and the .WithAgentIdentity() extension, the code obtains a token that carries the agent’s unique appId, letting Azure’s RBAC surface the exact permissions granted to that single agent rather than to the host container or a shared managed identity.

The approach solves two long‑standing pain points that Microsoft calls “the identity problem with AI agents.” According to Velida, most agents today either act on‑behalf‑of a user—inherit­ing the user’s full permission set—or use an app‑only credential that collapses every agent on a machine into a single identity. Both models make it impossible to audit which autonomous process performed a given operation, and they force developers to over‑provision permissions. Entra Agent ID, introduced in the Microsoft identity platform, creates a distinct service principal for each agent, allowing fine‑grained Azure RBAC or data‑plane role assignments. Tokens issued to the agent therefore appear in Azure Monitor and Cosmos DB logs as “Agent XYZ accessed resource,” giving security teams a clear, auditable trail.

The demo also integrates the Microsoft Agent Framework, which maps LLM‑generated function calls to concrete SDK operations. In the sample, a GPT‑4o‑powered chat model receives a user query, decides it needs to persist the exchange, and automatically triggers a Cosmos DB write using the agent’s credential. Velida notes that the entire pipeline runs on Azure Container Apps, meaning the same compute can host multiple agents, each with its own Entra Agent ID and isolated permissions. This “autonomous agent token pattern” eliminates the need for developers to embed secrets or manage separate credential stores, aligning with Microsoft’s broader push toward zero‑trust cloud architectures.

Industry observers see the move as part of Microsoft’s larger strategy to commercialize autonomous Copilot‑style agents, which entered public preview earlier this year according to The Register. By giving each AI assistant a discrete identity, Microsoft not only tightens security but also creates a billing and governance model that can be scaled across enterprises. CNBC has reported that the new tooling will help companies “control, track, and audit AI agents,” a capability that has been a major concern for regulated sectors such as finance and healthcare. The Entra Agent ID blueprint therefore positions Azure as a more attractive platform for organizations that need both powerful generative AI and strict compliance.

While the demo is technically detailed, Velida emphasizes that the pattern is intended to be reusable across services beyond Cosmos DB. Any Azure resource that supports Azure AD authentication—Key Vault, Blob Storage, or even third‑party SaaS APIs—can be accessed by an agent with its own service principal. The .NET SDK’s fluent credential model abstracts away the token‑exchange mechanics, letting developers focus on business logic rather than credential plumbing. As AI agents become more autonomous, Microsoft’s identity extensions may become the de‑facto standard for “agent‑as‑a‑service” deployments, ensuring that the cloud’s most capable assistants remain both powerful and accountable.