CISO
Enterprise Architect
Compliance Officer
Industry relevance
Financial Services
Healthcare
Government
MAY 1, 2026
Conditional Access for delegated AI agents is now GA. Agents with independent identities, the highest-risk class, remain in preview without equivalent access controls.
Microsoft confirmed on May 1, 2026 that Conditional Access for agents is generally available for delegated access agents, those that act on behalf of a licensed human user. Conditional Access for own-access agents, those that operate with an independent identity not tied to a user session, remains in public preview. Microsoft Entra ID Protection applies dynamic risk evaluation to both agent and user identity signals and feeds those signals into Conditional Access policies. The GA and preview split means the two agent classes operate under materially different access control regimes at Agent 365 launch.
GOVERNANCE IMPLICATION
The GA of Conditional Access for delegated agents closes a specific access control gap that has existed since Copilot Studio agents entered production. Previously, agent-initiated access was governed only by the permissions of the human user account the agent acted under, with no dynamic risk evaluation applied to the agent session. Conditional Access now means elevated risk signals can block or constrain agent access in real time. For regulated organizations, this shifts agent access governance from a static permission model to a dynamic, risk-evaluated one. The GA and preview split is the critical detail: own-access agents with independent identities, the most autonomous and highest-risk class, still lack GA-grade access controls at Agent 365 launch.
SCENARIO
A broker-dealer deploys 20 Copilot Studio agents after Agent 365 GA. The CISO confirms Conditional Access is available and assumes all agents are covered. An internal audit three months later finds eight agents are configured as own-access agents with independent identities. Those eight are not covered by the GA Conditional Access model: they fall under the preview capability the firm never enrolled in. The agents with the broadest data access are the ones outside the GA governance boundary.
THE GOVERNANCE QUESTION
Your Agent 365 deployment includes both delegated agents covered by GA Conditional Access and own-access agents covered only by preview capabilities. Which agents in your registry fall into each class, have you configured Conditional Access policies for each class separately, and who is accountable for the access risk on own-access agents until they reach GA?
CONTROL GAP
Conditional Access policies for agents are not automatically configured at Agent 365 deployment. Each organization must define and test agent-specific policies before agents go live, a governance step that most deployment processes do not include as a required gate.
REGULATORY RELEVANCE
OCC
FINRA
FFIEC
SEC Cyber
NIST Ai RMF
PRIMARY SOURCE
What's New in Agent 365: May 2026
Microsoft Agent 365 Blog
May 1, 2026
Read the primary source →(opens in new tab)CONTINUE READING
JUNE 4, 2026
Identity DataOn June 4, 2026, the Microsoft Security Response Center disclosed CVE-2026-45497, a remote code execution vulnerability in Microsoft 365 Copilot caused by command injection (CWE-77). The advisory carries a CVSS 3.1 base score of 7.7 with a changed-scope rating, indicating the flaw could affect resources beyond the Copilot service boundary. Microsoft fully mitigated the vulnerability in its cloud service before disclosure, requiring no customer action, and published the CVE for transparency under its cloud-service CVE program. There was no evidence of in-the-wild exploitation as of the advisory date.
MAY 21, 2026
Identity DataMicrosoft's May 2026 security roundup (Microsoft Security Blog, May 21, 2026) introduced an Anthropic Claude connector for Microsoft Purview, extending centralized visibility and audit signals across Claude Enterprise, Claude Console, and the Claude API. The same update reported Agent 365 reaching general availability and Windows 365 for Agents expanding in public preview. The connector gives Purview insight into Claude interaction and audit log activity alongside an organization's existing Microsoft AI estate.
MAY 7, 2026
Identity DataMicrosoft Digital published an internal governance guide for Microsoft 365 Copilot on May 7, 2026, updated June 8, 2026, authored by Alex Fleck on the Inside Track Blog. The guide states that by trusting employees to apply sensitivity labels and defaulting new content to inherit labels from parent containers, Microsoft accounts for 99 percent of its governance needs. The guide covers eight chapters: self-service container creation, label taxonomy, file-label inheritance, employee training, DLP-based verification, lifecycle attestation, company-shareable links, and oversharing detection through Microsoft Graph Data Connect.