MODIFIED docs/agent-id/interactive-agent-authentication-authorization-flow.md

Modified by Dickson Mwendia on Jun 4, 2026 1:10 PM
📖 View on learn.microsoft.com

+29 / -23 lines changed

Commit: Address issues flagged in the AIRA dashboard

Changes:

Before

After

ms.topic: how-to
ms.date: 03/17/2026
ms.reviewer: dastrock, jomondi
 
#customer-intent: As a developer building interactive agents, I want to authenticate users, configure authorization, and acquire tokens through the On-Behalf-Of flow, so that my agent can securely act on behalf of users to access protected resources.
---
 
# Authenticate users and acquire tokens for interactive agents
 
Interactive agents take actions on behalf of users. To do so securely, the agent must authenticate the user, obtain consent for the required permissions, and acquire access tokens for downstream APIs. This article walks you through implementing the end-to-end flow for your interactive agent:
 
1. Register a redirect URI for your agent identity blueprint.
1. Configure user or admin authorization (consent).
- An [agent identity](create-delete-agent-identities.md).
- A client application registered in Microsoft Entra to handle user authentication.
- Familiarity with the [OAuth 2.0 authorization code flow](/entra/identity-platform/v2-oauth2-auth-code-flow).
 
For admin authorization, you also need:
 
 

ms.topic: how-to
ms.date: 03/17/2026
ms.reviewer: dastrock, jomondi
ai-usage: ai-assisted
 
#customer-intent: As a developer building interactive agents, I want to authenticate users, configure authorization, and acquire tokens through the On-Behalf-Of flow, so that my agent can securely act on behalf of users to access protected resources.
---
 
# Authenticate users and acquire tokens for interactive agents
 
Interactive agents take actions on behalf of users. To act on behalf of users securely, the agent authenticates the user, gets consent for required permissions, and acquires access tokens for downstream APIs. This article walks you through the end-to-end authentication and token acquisition flow for your interactive agent:
 
1. Register a redirect URI for your agent identity blueprint.
1. Configure user or admin authorization (consent).
- An [agent identity](create-delete-agent-identities.md).
- A client application registered in Microsoft Entra to handle user authentication.
- Familiarity with the [OAuth 2.0 authorization code flow](/entra/identity-platform/v2-oauth2-auth-code-flow).
- The ability to run an ASP.NET Core web API if you plan to use the token validation and OBO samples in this article.
 
For admin authorization, you also need:

MODIFIED docs/agent-id/integrate-aws-bedrock-agent.md

Modified by Dickson Mwendia on Jun 4, 2026 1:10 PM
📖 View on learn.microsoft.com

+16 / -13 lines changed

Commit: Address issues flagged in the AIRA dashboard

Changes:

Before

After

   - **`AGENT_CLIENT_ID`:** The Agent ID created from the Blueprint.
 
1. (Optional) Create the SPA app and configure OBO. This step is required only if you want to use the OBO identity flow:
 
   **Bash:**
 
- **`KeyVault`:** Certificate from Azure Key Vault.
- **`StoreWithThumbprint`:** Certificate from local machine store.
 
1. Copy the environment template and open it in your editor:
 
   **Bash:**
 
## Start the stack
 
1. Make sure Docker is running and then start all containers:
 
   ```bash
   docker compose up --build -d

   - **`AGENT_CLIENT_ID`:** The Agent ID created from the Blueprint.
 
1. (Optional) Create the SPA app and configure OBO. This step is required only if you want to use the OBO identity flow:
    
   Run the following scripts to create the SPA app registration and configure OBO permissions on the Blueprint. The scripts register the SPA redirect URI and grant the required delegated permissions.
 
   **Bash:**
 
- **`KeyVault`:** Certificate from Azure Key Vault.
- **`StoreWithThumbprint`:** Certificate from local machine store.
 
1.  Create a local `.env` configuration file from the included template. This file stores your tenant, app, and AWS credentials:
 
   **Bash:**
 
## Start the stack
 
1. Verify that Docker Desktop (or Docker Engine) is running on your machine.

MODIFIED docs/identity/devices/howto-device-identity-virtual-desktop-infrastructure.md

Modified by Justin Hall on Jun 4, 2026 9:42 PM
📖 View on learn.microsoft.com

+6 / -6 lines changed

Commit: Update howto-device-identity-virtual-desktop-infrastructure.md (#13401)

Changes:

Before

After

- Reduce costs through consolidation and centralization of resources.
- Deliver end-users mobility and the freedom to access virtual desktops anytime, from anywhere, on any device.
 
There are two primary types of virtual desktops:
 
- Persistent
- Non-persistent
 
Persistent versions use a unique desktop image for each user or a pool of users. These unique desktops can be customized and saved for future use.
 
Non-persistent versions use a collection of desktops that users can access on an as needed basis. These non-persistent desktops are reverted to their original state when a virtual machine goes through a shutdown/restart/OS reset process.
 
It's important to ensure organizations manage stale devices that are created because frequent device registration without having a proper strategy for device lifecycle management.
 
> [!IMPORTANT]
> Failure to manage stale devices can lead to pressure increase on your tenant quota usage consumption and potential risk of service interruption, if you run out of tenant quota. Use the following guidance when deploying non persistent VDI environments to avoid this situation.
 
For successful execution of some scenarios, it's important to have unique device names in the directory. This can be achieved by proper management of stale devices, or you can guarantee device name uniqueness by using some pattern in device naming.
 
This article covers Microsoft's guidance to administrators on support for device identity and VDI. For more information about device identity, see the article [What is a device identity](overview.md).

- Reduce costs through consolidation and centralization of resources.
- Deliver end-users mobility and the freedom to access virtual desktops anytime, from anywhere, on any device.
 
There are two versions of virtual desktops. These names refer to the user session and profile experience, not the lifecycle of the underlying virtual machine (VM).
 
- Persistent
- Non-persistent
 
Persistent versions use a unique desktop image for each user or a pool of users. These unique desktops can be customized and saved for future use. 
 
Session host VMs in both pooled and personal host pools are standard Azure virtual machines and are persistent by default. Azure Virtual Desktop doesn't automatically delete, reset, or recreate these VMs unless customers explicitly implement automation or third‑party tooling, which can result in non‑persistent behavior at the device or identity level.
 
Non-persistent versions use a collection of desktops that users can access on an as needed basis. These non-persistent desktops are reverted to their original state when a virtual machine goes through a shutdown/restart/OS reset process.
 
> [!IMPORTANT]
> Stale devices increase your tenant quota usage consumption. To avoid consumption increase from stale devices when you deploy non-persistent VDI environments, see [Non-persistent-vdi](#non-persistent-vdi).
 
Some scenarios require unique device names in the directory. This can be achieved by proper management of stale devices, or you can guarantee device name uniqueness by using some pattern in device naming.
 
This article covers Microsoft's guidance to administrators on support for device identity and VDI. For more information about device identity, see the article [What is a device identity](overview.md).

MODIFIED docs/includes/secure-recommendations/61013.md

Modified by shlipsey3 on Jun 4, 2026 7:50 PM
📖 View on learn.microsoft.com

+6 / -6 lines changed

Commit: ai-pillar-links

Changes:

Before

After

# userimpact: Low
# implementationcost: Low
---
Microsoft Entra Agent ID requires every [agent identity](../../agent-id/agent-identities.md) and [agent identity blueprint](../../agent-id/agent-blueprint.md) to have at least one sponsor. A sponsor is a human user, or supported group, that holds business accountability for the agent's lifecycle, such as deciding when the agent is no longer needed, approving extensions when access expires, and authorizing suspension during incidents. A sponsor is different from an owner, which designates the human users responsible for technical operations and incident response.
 
Sponsorship is the entry point for identity governance:
 
 
**Remediation action**
 
- [Administrative relationships in Microsoft Entra Agent ID](../../agent-id/agent-owners-sponsors-managers.md)
- [Governing agent identities](../../id-governance/agent-id-governance-overview.md)
- [Agent identity sponsor tasks in Lifecycle Workflows](../../id-governance/agent-sponsor-tasks.md)
- [Access packages for agent identities](../../agent-id/agent-access-packages.md)
- [Create an access package in entitlement management](../../id-governance/entitlement-management-access-package-create.md)

# userimpact: Low
# implementationcost: Low
---
Microsoft Entra Agent ID requires every [agent identity](/entra/agent-id/agent-identities) and [agent identity blueprint](/entra/agent-id/agent-blueprint) to have at least one sponsor. A sponsor is a human user, or supported group, that holds business accountability for the agent's lifecycle, such as deciding when the agent is no longer needed, approving extensions when access expires, and authorizing suspension during incidents. A sponsor is different from an owner, which designates the human users responsible for technical operations and incident response.
 
Sponsorship is the entry point for identity governance:
 
 
**Remediation action**
 
- [Administrative relationships in Microsoft Entra Agent ID](/entra/agent-id/agent-owners-sponsors-managers)
- [Governing agent identities](/entra/id-governance/agent-id-governance-overview)
- [Agent identity sponsor tasks in Lifecycle Workflows](/entra/id-governance/agent-sponsor-tasks)
- [Access packages for agent identities](/entra/agent-id/agent-access-packages)
- [Create an access package in entitlement management](/entra/id-governance/entitlement-management-access-package-create)

MODIFIED docs/includes/secure-recommendations/61014.md

Modified by shlipsey3 on Jun 4, 2026 7:50 PM
📖 View on learn.microsoft.com

+5 / -5 lines changed

Commit: ai-pillar-links

Changes:

Before

After

# userimpact: Medium
# implementationcost: Medium
---
Microsoft Entra Agent ID introduced two identity types: [agent identities](../../agent-id/agent-identities.md) and [agent identity blueprint principals](../../agent-id/agent-blueprint.md). These identity objects derive from service principals, and so carry the same requirements and best practices for ownership, lifecycle management, and cleanup as any service principal. Blueprint principals are the provisioning surface from which agent identities are created and can hold grants that propagate to child agents. Having a designated owner for these objects helps in two important areas of agent identity management: 
 
- Risks are contained and investigated by a responsible party
- Disabled objects don't introduce dormant privileges
 
**Remediation action**
 
- [Administrative relationships in Microsoft Entra Agent ID](../../agent-id/agent-owners-sponsors-managers.md)
- [Manage agent identities in your organization](../../agent-id/manage-agent-identities-admin.md)
- [Governing agent identities](../../id-governance/agent-id-governance-overview.md)
- [Manage agents in end-user experience](../../agent-id/manage-agent-identities-end-user.md)

# userimpact: Medium
# implementationcost: Medium
---
Microsoft Entra Agent ID introduced two identity types: [agent identities](/entra/agent-id/agent-identities) and [agent identity blueprint principals](/entra/agent-id/agent-blueprint). These identity objects derive from service principals, and so carry the same requirements and best practices for ownership, lifecycle management, and cleanup as any service principal. Blueprint principals are the provisioning surface from which agent identities are created and can hold grants that propagate to child agents. Having a designated owner for these objects helps in two important areas of agent identity management: 
 
- Risks are contained and investigated by a responsible party
- Disabled objects don't introduce dormant privileges
 
**Remediation action**
 
- [Administrative relationships in Microsoft Entra Agent ID](/entra/agent-id/agent-owners-sponsors-managers)
- [Manage agent identities in your organization](/entra/agent-id/manage-agent-identities-admin)
- [Governing agent identities](/entra/id-governance/agent-id-governance-overview)
- [Manage agents in end-user experience](/entra/agent-id/manage-agent-identities-end-user)

MODIFIED docs/includes/secure-recommendations/61008.md

Modified by shlipsey3 on Jun 4, 2026 7:50 PM
📖 View on learn.microsoft.com

+4 / -4 lines changed

Commit: ai-pillar-links

Changes:

Before

After

 
**Remediation action**
 
- [Conditional Access for agent identities](../../identity/conditional-access/agent-id.md)
- [Add or deactivate custom security attributes in Microsoft Entra ID](../../fundamentals/custom-security-attributes-add.md)
- [Assign custom security attributes to an application](../../identity/enterprise-apps/custom-security-attributes-apps.md)
- [Manage custom security attribute assignments using Microsoft Graph](/graph/custom-security-attributes-examples)
- [Filter for applications in Conditional Access](../../identity/conditional-access/concept-filter-for-applications.md)

 
**Remediation action**
 
- [Conditional Access for agent identities](/entra/identity/conditional-access/agent-id)
- [Add or deactivate custom security attributes in Microsoft Entra ID](/entra/fundamentals/custom-security-attributes-add)
- [Assign custom security attributes to an application](/entra/identity/enterprise-apps/custom-security-attributes-apps)
- [Manage custom security attribute assignments using Microsoft Graph](/graph/custom-security-attributes-examples)
- [Filter for applications in Conditional Access](/entra/identity/conditional-access/concept-filter-for-applications)

MODIFIED docs/includes/secure-recommendations/61011.md

Modified by shlipsey3 on Jun 4, 2026 7:50 PM
📖 View on learn.microsoft.com

+4 / -4 lines changed

Commit: ai-pillar-links

Changes:

Before

After

 
**Remediation action**
 
- [Authenticate users in interactive agents](../../agent-id/interactive-agent-authentication-authorization-flow.md)
- [Request delegated user authorization for interactive agents](../../agent-id/grant-agent-access-microsoft-365.md)
- [Agent users in Microsoft Entra Agent ID](../../agent-id/agent-users.md)
- [Microsoft Entra Agent ID overview](/entra/agent-id/what-is-microsoft-entra-agent-id)
- [Sign-in logs in Microsoft Entra ID](../../identity/monitoring-health/concept-sign-ins.md)

 
**Remediation action**
 
- [Authenticate users in interactive agents](/entra/agent-id/interactive-agent-authentication-authorization-flow)
- [Request delegated user authorization for interactive agents](/entra/agent-id/grant-agent-access-microsoft-365)
- [Agent users in Microsoft Entra Agent ID](/entra/agent-id/agent-users)
- [Microsoft Entra Agent ID overview](/entra/agent-id/what-is-microsoft-entra-agent-id)
- [Sign-in logs in Microsoft Entra ID](/entra/identity/monitoring-health/concept-sign-ins)

MODIFIED docs/includes/secure-recommendations/61012.md

Modified by shlipsey3 on Jun 4, 2026 7:50 PM
📖 View on learn.microsoft.com

+3 / -3 lines changed

Commit: ai-pillar-links

Changes:

Before

After

# userimpact: Low
# implementationcost: Low
---
When an organization enables AI agents in Microsoft Entra, [agent identities](../../agent-id/agent-identities.md) can access tokens to access organizational resources without an interactive user session and device, location, or MFA signals that classic Conditional Access uses to make trust decisions for human users. Microsoft Entra ID Protection for agents continuously evaluates each agent's behavior and emits a risk level that is driven by signals such as:
 
- Unfamiliar resource access (the agent reaches outside its established patterns)
- Sign-in spikes (token replay or automation abuse)
 
**Remediation action**
 
- [ID Protection for agents](../../id-protection/concept-risky-agents.md)
- [Conditional Access for agent identities](../../identity/conditional-access/agent-id.md)

# userimpact: Low
# implementationcost: Low
---
When an organization enables AI agents in Microsoft Entra, [agent identities](/entra/agent-id/agent-identities) can access tokens to access organizational resources without an interactive user session and device, location, or MFA signals that classic Conditional Access uses to make trust decisions for human users. Microsoft Entra ID Protection for agents continuously evaluates each agent's behavior and emits a risk level that is driven by signals such as:
 
- Unfamiliar resource access (the agent reaches outside its established patterns)
- Sign-in spikes (token replay or automation abuse)
 
**Remediation action**
 
- [ID Protection for agents](/entra/id-protection/concept-risky-agents)
- [Conditional Access for agent identities](/entra/identity/conditional-access/agent-id)

MODIFIED docs/includes/secure-recommendations/61006.md

Modified by shlipsey3 on Jun 4, 2026 7:50 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: ai-pillar-links

Changes:

Before

After

 
**Remediation action**
 
- [Assign a Microsoft Entra ID role via the admin center](../../identity/role-based-access-control/manage-roles-portal.md)
- [Create a PIM-eligible assignment for a Microsoft Entra ID role](../../id-governance/privileged-identity-management/pim-how-to-add-role-to-user.md)

 
**Remediation action**
 
- [Assign a Microsoft Entra ID role via the admin center](/entra/identity/role-based-access-control/manage-roles-portal)
- [Create a PIM-eligible assignment for a Microsoft Entra ID role](/entra/id-governance/privileged-identity-management/pim-how-to-add-role-to-user)

MODIFIED docs/includes/secure-recommendations/61009.md

Modified by shlipsey3 on Jun 4, 2026 7:50 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: ai-pillar-links

Changes:

Before

After

---
When an organization deploys AI agents, those agents acquire access tokens to access organizational resources on every interaction, but without an interactive user session and device, location, or MFA signals that classic Conditional Access uses to make trust decisions for human users. Microsoft Entra Agent ID introduces two distinct identity types:
 
- An [agent identity](../../agent-id/agent-identities.md): An identity account within Microsoft Entra ID that provides unique identification and authentication capabilities for AI agents.
- An [agent's user account](../../agent-id/agent-users.md): An optional account that pairs 1:1 with an agent identity when the agent must access systems that require a user object.
 
Conditional Access treats both agent identity objects as separate principal types. So a policy that targets agent identities can't target an agent's user account, and vice versa. A tenant that enables agent workloads without at least one Conditional Access policy enforcing block-unless-approved has no enforcement boundary on autonomous AI access. Every token request from an agent identity or agent's user account is allowed by default. Threat actors seek to exploit this type of failure mode when they compromise a single agent identity or its backing agent's user account and pivot through the resources that identity can reach.
 

---
When an organization deploys AI agents, those agents acquire access tokens to access organizational resources on every interaction, but without an interactive user session and device, location, or MFA signals that classic Conditional Access uses to make trust decisions for human users. Microsoft Entra Agent ID introduces two distinct identity types:
 
- An [agent identity](/entra/agent-id/agent-identities): An identity account within Microsoft Entra ID that provides unique identification and authentication capabilities for AI agents.
- An [agent's user account](/entra/agent-id/agent-users): An optional account that pairs 1:1 with an agent identity when the agent must access systems that require a user object.
 
Conditional Access treats both agent identity objects as separate principal types. So a policy that targets agent identities can't target an agent's user account, and vice versa. A tenant that enables agent workloads without at least one Conditional Access policy enforcing block-unless-approved has no enforcement boundary on autonomous AI access. Every token request from an agent identity or agent's user account is allowed by default. Threat actors seek to exploit this type of failure mode when they compromise a single agent identity or its backing agent's user account and pivot through the resources that identity can reach.
 

MODIFIED docs/includes/licensing-governance.md

Modified by Jeremy Conley on Jun 4, 2026 3:16 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: Fix bookmark references to remove -preview suffix

Changes:

Before

After

|[EM - Agents and service principals assigned to access packages](~/id-governance/entitlement-management-access-package-create.md#allow-users-service-principals-and-agent-identities-in-your-directory-to-request-the-access-package)|||||| :white_check_mark: |
|[EM - Users request access for themselves](~/id-governance/entitlement-management-overview.md)||| :white_check_mark: | :white_check_mark: | :white_check_mark: ||
|[EM - Admins directly assign a user assignments(including guests)](~/id-governance/entitlement-management-access-package-assignments.md#directly-assign-an-identity)||| :white_check_mark: | :white_check_mark: | :white_check_mark: ||
|[EM - Admins directly assign agents and service principals](../id-governance/entitlement-management-access-package-assignments.md#directly-assign-any-identity-preview)|||||| :white_check_mark: |
|[EM - Admins directly assign any user (Preview) - via email address for users not yet in your directory](~/id-governance/entitlement-management-access-package-assignments.md#directly-assign-any-identity-preview)|||| :white_check_mark: | :white_check_mark: ||
|[EM - Managers requesting on behalf of employees](~/id-governance/entitlement-management-request-behalf.md)|||| :white_check_mark: | :white_check_mark: ||
|[EM - Owners and sponsors request access on behalf of their agents or service principals](~/id-governance/entitlement-management-request-behalf.md#scenarios-for-requesting-on-behalf-of-agent-identities)|||||| :white_check_mark: |
|**EM - Supported resources**|**Free**|**Microsoft Entra ID P1**|**Microsoft Entra ID P2**|**Microsoft Entra ID Governance**| **Microsoft Entra Suite** | **Microsoft Agent 365** |

|[EM - Agents and service principals assigned to access packages](~/id-governance/entitlement-management-access-package-create.md#allow-users-service-principals-and-agent-identities-in-your-directory-to-request-the-access-package)|||||| :white_check_mark: |
|[EM - Users request access for themselves](~/id-governance/entitlement-management-overview.md)||| :white_check_mark: | :white_check_mark: | :white_check_mark: ||
|[EM - Admins directly assign a user assignments(including guests)](~/id-governance/entitlement-management-access-package-assignments.md#directly-assign-an-identity)||| :white_check_mark: | :white_check_mark: | :white_check_mark: ||
|[EM - Admins directly assign agents and service principals](../id-governance/entitlement-management-access-package-assignments.md#directly-assign-any-identity)|||||| :white_check_mark: |
|[EM - Admins directly assign any user - via email address for users not yet in your directory](~/id-governance/entitlement-management-access-package-assignments.md#directly-assign-any-identity)|||| :white_check_mark: | :white_check_mark: ||
|[EM - Managers requesting on behalf of employees](~/id-governance/entitlement-management-request-behalf.md)|||| :white_check_mark: | :white_check_mark: ||
|[EM - Owners and sponsors request access on behalf of their agents or service principals](~/id-governance/entitlement-management-request-behalf.md#scenarios-for-requesting-on-behalf-of-agent-identities)|||||| :white_check_mark: |
|**EM - Supported resources**|**Free**|**Microsoft Entra ID P1**|**Microsoft Entra ID P2**|**Microsoft Entra ID Governance**| **Microsoft Entra Suite** | **Microsoft Agent 365** |

MODIFIED docs/identity/saas-apps/braze-tutorial.md

Modified by omondiatieno on Jun 4, 2026 9:16 AM
📖 View on learn.microsoft.com

+0 / -3 lines changed

Commit: Remove redundant author, ms.author, and ms.reviewer from saas-apps tutorials

Changes:

Before

After

title: Configure Braze for Single sign-on with Microsoft Entra ID
description: Learn how to configure single sign-on between Microsoft Entra ID and Braze.
 
author: nguhiu
manager: mwongerapk
ms.reviewer: celested
ms.service: entra-id
ms.subservice: saas-apps
 
ms.topic: how-to
ms.date: 03/25/2025
ms.author: gideonkiratu
 
# Customer intent: As an IT administrator, I want to learn how to configure single sign-on between Microsoft Entra ID and Braze so that I can control who has access to Braze, enable automatic sign-in with Microsoft Entra accounts, and manage my accounts in one central location.
---

title: Configure Braze for Single sign-on with Microsoft Entra ID
description: Learn how to configure single sign-on between Microsoft Entra ID and Braze.
 
manager: mwongerapk
ms.service: entra-id
ms.subservice: saas-apps
 
ms.topic: how-to
ms.date: 03/25/2025
 
# Customer intent: As an IT administrator, I want to learn how to configure single sign-on between Microsoft Entra ID and Braze so that I can control who has access to Braze, enable automatic sign-in with Microsoft Entra accounts, and manage my accounts in one central location.
---
 
 
 

MODIFIED docs/identity/saas-apps/confluence-app-proxy-tutorial.md

Modified by omondiatieno on Jun 4, 2026 9:16 AM
📖 View on learn.microsoft.com

+0 / -3 lines changed

Commit: Remove redundant author, ms.author, and ms.reviewer from saas-apps tutorials

Changes:

Before

After

title: Configure on-premises Confluence for Single sign-on in application proxy mode
description: Learn application proxy configuration for Microsoft Entra SAML SSO for Confluence.
 
author: dhivyagana
ms.reviewer: celested
ms.topic: how-to
ms.date: 03/25/2025
ms.author: dhivyag
 
# Customer intent: As an IT administrator, I want to learn how to configure single sign-on between Microsoft Entra ID and Application proxy configuration for Confluence SAML SSO so that I can control who has access to Application proxy configuration for Confluence SAML SSO, enable automatic sign-in with Microsoft Entra accounts, and manage my accounts in one central location.
---

title: Configure on-premises Confluence for Single sign-on in application proxy mode
description: Learn application proxy configuration for Microsoft Entra SAML SSO for Confluence.
 
ms.topic: how-to
ms.date: 03/25/2025
 
# Customer intent: As an IT administrator, I want to learn how to configure single sign-on between Microsoft Entra ID and Application proxy configuration for Confluence SAML SSO so that I can control who has access to Application proxy configuration for Confluence SAML SSO, enable automatic sign-in with Microsoft Entra accounts, and manage my accounts in one central location.
---

MODIFIED docs/identity/saas-apps/darwinbox-entra-integration-tutorial.md

Modified by omondiatieno on Jun 4, 2026 9:16 AM
📖 View on learn.microsoft.com

+0 / -3 lines changed

Commit: Remove redundant author, ms.author, and ms.reviewer from saas-apps tutorials

Changes:

Before

After

---
title: Integrate Darwinbox HR With Microsoft Entra ID
description: Learn how to integrate Darwinbox HR with Microsoft Entra ID to automate user provisioning, manage lifecycle workflows, and streamline HR-driven processes. 
author: jenniferf-skc
manager: pmwongera
ms.reviewer: cmmdesai
ms.topic: how-to
ms.date: 06/19/2025
ms.author: jfields
ms.custom: ai-gen-description
ai-usage: ai-assisted
 

---
title: Integrate Darwinbox HR With Microsoft Entra ID
description: Learn how to integrate Darwinbox HR with Microsoft Entra ID to automate user provisioning, manage lifecycle workflows, and streamline HR-driven processes. 
manager: pmwongera
ms.topic: how-to
ms.date: 06/19/2025
ms.custom: ai-gen-description
ai-usage: ai-assisted
 
 
 
 

MODIFIED docs/fundamentals/configure-security.md

Modified by shlipsey3 on Jun 4, 2026 7:39 PM
📖 View on learn.microsoft.com

+1 / -1 lines changed

Commit: link-title-fix

Changes:

Before

After

| Check | Minimum required license |
|---|---|
| [Require Microsoft Entra ID authentication to interact with agents](zero-trust-ai.md#require-microsoft-entra-id-authentication-to-interact-with-agents) | Microsoft Entra ID P1 |
| [Conditional Access policies cover both agent identities and agent users](zero-trust-ai.md#conditional-access-policies-cover-both-agent-identities-and-agent-users) | Microsoft Entra ID P1 |
| [Risk-based Conditional Access blocks risky agent identities](zero-trust-ai.md#risk-based-conditional-access-blocks-risky-agent-identities) | Microsoft Entra ID P2 |
| [Custom security attributes for agent identities are present](zero-trust-ai.md#custom-security-attributes-for-agent-identities-are-present) | None (included with Microsoft Entra ID) |
| [Identity governance for agent identity sponsors is configured](zero-trust-ai.md#identity-governance-for-agent-identity-sponsors-is-configured) | Microsoft Entra ID P1 |

| Check | Minimum required license |
|---|---|
| [Require Microsoft Entra ID authentication to interact with agents](zero-trust-ai.md#require-microsoft-entra-id-authentication-to-interact-with-agents) | Microsoft Entra ID P1 |
| [Conditional Access policies cover both agent identities and agents' user accounts](zero-trust-ai.md#conditional-access-policies-cover-both-agent-identities-and-agents-user-accounts) | Microsoft Entra ID P1 |
| [Risk-based Conditional Access blocks risky agent identities](zero-trust-ai.md#risk-based-conditional-access-blocks-risky-agent-identities) | Microsoft Entra ID P2 |
| [Custom security attributes for agent identities are present](zero-trust-ai.md#custom-security-attributes-for-agent-identities-are-present) | None (included with Microsoft Entra ID) |
| [Identity governance for agent identity sponsors is configured](zero-trust-ai.md#identity-governance-for-agent-identity-sponsors-is-configured) | Microsoft Entra ID P1 |

📋 Microsoft Entra Documentation Changes

📊 Summary

📝 Modified Documentation Files