Skip to content

Add guidance for controlling AI agent identity and permissions #1422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
azarboon wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add guidance for controlling AI agent identity and permissions #1422

azarboon wants to merge 2 commits into from

Conversation

@azarboon
Copy link
Contributor

@azarboon azarboon commented Jan 18, 2026
edited
Loading

This change adds actionable guidance for controlling the permissions and autonomy of AI agents to address risks related to OWASP LLM06 Excessive Agency. The current article focuses on securing AI workloads, networks, and data paths, but does not sufficiently address AI agents that can autonomously invoke APIs, modify data, or trigger downstream actions. This creates a security gap in which agents may operate with excessive privileges, limited traceability, and insufficient oversight. This update introduces agent-specific controls to help mitigate these risks.

@azarboon
Enhance AI agent security guidelines
dc9380e 
Added guidance on controlling AI agent permissions to enhance security and compliance.
@prmerger-automator
Copy link
Contributor

prmerger-automator bot commented Jan 18, 2026

@azarboon : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@learn-build-service-prod
Copy link
Contributor

learn-build-service-prod bot commented Jan 18, 2026

Learn Build status updates of commit dc9380e:

💡 Validation status: suggestions

File Status Preview URL Details
docs/scenarios/ai/secure.md 💡Suggestion Details

docs/scenarios/ai/secure.md

  • Line 45, Column 390: [Suggestion: docs-link-absolute - See documentation] Absolute link 'https://learn.microsoft.com/entra/agent-id/identity-professional/microsoft-entra-agent-identities-for-ai-agents' will be broken in isolated environments. Replace with a relative link.
  • Line 45, Column 551: [Suggestion: docs-link-absolute - See documentation] Absolute link 'https://learn.microsoft.com/azure/role-based-access-control/overview' will be broken in isolated environments. Replace with a relative link.
  • Line 45, Column 757: [Suggestion: docs-link-absolute - See documentation] Absolute link 'https://learn.microsoft.com/agent-framework/tutorials/agents/function-tools-approvals?pivots=programming-language-csharp' will be broken in isolated environments. Replace with a relative link.
  • Line 45, Column 1027: [Suggestion: docs-link-absolute - See documentation] Absolute link 'https://learn.microsoft.com/entra/identity/conditional-access/overview' will be broken in isolated environments. Replace with a relative link.
  • Line 45, Column 1184: [Suggestion: docs-link-absolute - See documentation] Absolute link 'https://learn.microsoft.com/security/zero-trust/zero-trust-overview' will be broken in isolated environments. Replace with a relative link.

For more details, please refer to the build report.

Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.

@learn-build-service-prod
Copy link
Contributor

learn-build-service-prod bot commented Jan 18, 2026

Learn Build status updates of commit 80969f8:

💡 Validation status: suggestions

File Status Preview URL Details
docs/scenarios/ai/secure.md 💡Suggestion Details

docs/scenarios/ai/secure.md

  • Line 45, Column 390: [Suggestion: docs-link-absolute - See documentation] Absolute link 'https://learn.microsoft.com/entra/agent-id/identity-professional/microsoft-entra-agent-identities-for-ai-agents' will be broken in isolated environments. Replace with a relative link.
  • Line 45, Column 551: [Suggestion: docs-link-absolute - See documentation] Absolute link 'https://learn.microsoft.com/azure/role-based-access-control/overview' will be broken in isolated environments. Replace with a relative link.
  • Line 45, Column 757: [Suggestion: docs-link-absolute - See documentation] Absolute link 'https://learn.microsoft.com/agent-framework/tutorials/agents/function-tools-approvals' will be broken in isolated environments. Replace with a relative link.
  • Line 45, Column 992: [Suggestion: docs-link-absolute - See documentation] Absolute link 'https://learn.microsoft.com/entra/identity/conditional-access/overview' will be broken in isolated environments. Replace with a relative link.
  • Line 45, Column 1149: [Suggestion: docs-link-absolute - See documentation] Absolute link 'https://learn.microsoft.com/security/zero-trust/zero-trust-overview' will be broken in isolated environments. Replace with a relative link.

For more details, please refer to the build report.

Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.

@azarboon
Copy link
Contributor Author

azarboon commented Jan 18, 2026

I considered using relative links, but I was concerned about introducing incorrect paths. In this repo, referenced pages resolve under different prefixes such as /azure-docs and /entra-docs, while links in the article use /azure and /entra. Without a clear way to verify the correct relative path, I opted to use full URLs to avoid linking to the wrong location. These can be safely converted to relative links if preferred. This approach minimizes the risk of broken or misleading links.

@ttorble ttorble requested a review from Copilot January 19, 2026 16:18
Copilot AI reviewed Jan 19, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds guidance for controlling AI agent permissions and autonomy to address OWASP LLM06 Excessive Agency risks. The addition expands the security documentation to cover AI agents that can autonomously invoke APIs and perform actions, filling a gap in the current guidance that focuses primarily on workloads, networks, and data paths.

Changes:

  • Added a new point (#4) under "Secure AI resources" section with comprehensive guidance on controlling AI agent permissions and autonomy

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ttorble
Copy link
Contributor

ttorble commented Jan 19, 2026

@stephen-sumner

Can you review the proposed changes?

IMPORTANT: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

@prmerger-automator prmerger-automator bot added the aq-pr-triaged tracking label for the PR review team label Jan 19, 2026
@azarboon
Copy link
Contributor Author

azarboon commented Jan 29, 2026

@stephen-sumner can you please review this?

@stephen-sumner
Copy link
Contributor

stephen-sumner commented Jan 29, 2026

@azarboon - It's in the backlog for me to review. Thank you for your patience.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@stephen-sumner stephen-sumner Awaiting requested review from stephen-sumner

Assignees

@stephen-sumner stephen-sumner

Labels

aq-pr-triaged tracking label for the PR review team caf/svc caf-scenario-ai/subsvc Change sent to author do-not-merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@azarboon @ttorble @stephen-sumner