This post is a part of the AB-620: Designing and Building Integrated AI Agent Solutions in Copilot Studio Exam Prep Hub.
This topic falls under these sections:
Plan and configure agent solutions (30–35%)
--> Plan an agent solution
--> Plan identity strategy
Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.
Introduction
One of the most important planning activities when designing an AI agent is determining how the agent and its users will be identified, authenticated, and authorized. An effective identity strategy ensures that agents securely access enterprise resources while protecting sensitive organizational data.
In Microsoft Copilot Studio, an identity strategy defines:
- How users sign in
- How the agent authenticates to external systems
- What permissions users and agents receive
- How identities are managed across enterprise applications
- How security policies are enforced
- How compliance requirements are met
Identity planning is closely related to security planning. Before integrating an agent with Microsoft 365, Dynamics 365, SharePoint, Azure AI Search, REST APIs, or other enterprise systems, architects must determine how identities will be established and trusted.
For the AB-620 exam, you should understand the principles of identity management, authentication methods, authorization models, Microsoft Entra ID, delegated versus application permissions, service principals, managed identities, and least-privilege access.
Why an Identity Strategy Is Important
Without a well-designed identity strategy, an AI agent could:
- Access unauthorized information
- Perform actions it should not perform
- Expose sensitive data
- Violate compliance requirements
- Create security vulnerabilities
- Fail to authenticate with enterprise systems
A properly planned identity strategy ensures:
- Secure user authentication
- Secure system authentication
- Appropriate authorization
- Protection of enterprise resources
- Regulatory compliance
- Consistent user experiences
Identity should be planned before any integrations are implemented.
Key Identity Concepts
Understanding several core identity concepts is essential.
Identity
An identity represents a person, application, service, or device.
Examples include:
- Employee
- Customer
- Administrator
- AI agent
- Service account
- Application
Every identity has unique characteristics that distinguish it from others.
Authentication
Authentication answers the question:
Who are you?
Authentication verifies the identity of a user or application before granting access.
Common authentication methods include:
- Username and password
- Multi-factor authentication (MFA)
- OAuth 2.0
- OpenID Connect
- Microsoft Entra ID sign-in
- Certificate-based authentication
Successful authentication establishes trust.
Authorization
Authorization answers the question:
What are you allowed to do?
After authentication, authorization determines which resources the identity can access.
Examples:
- View customer records
- Create support tickets
- Modify invoices
- Delete files
- Approve purchase requests
Authentication occurs first; authorization occurs second.
Microsoft Entra ID
Microsoft Entra ID (formerly Azure Active Directory) is Microsoft’s cloud-based identity and access management service.
It provides:
- User authentication
- Single Sign-On (SSO)
- Conditional Access
- Identity governance
- Application registration
- OAuth authorization
- Enterprise identity management
Most enterprise Copilot Studio solutions use Microsoft Entra ID as their identity provider.
Single Sign-On (SSO)
Single Sign-On allows users to authenticate once and access multiple applications without repeatedly entering credentials.
Benefits include:
- Better user experience
- Reduced password fatigue
- Improved security
- Simplified administration
Example:
A user signs into Microsoft 365 and can then access a Copilot Studio agent, SharePoint, Outlook, and Dynamics 365 without additional sign-ins.
Multi-Factor Authentication (MFA)
MFA requires users to provide two or more forms of verification.
Examples include:
- Password
- Mobile authentication app
- Text message
- Hardware token
- Biometric verification
MFA significantly reduces the risk of compromised credentials.
Organizations commonly require MFA for AI agents accessing sensitive business systems.
Delegated Permissions
Delegated permissions allow an application or agent to perform actions on behalf of a signed-in user.
The agent can only perform actions that the user is already authorized to perform.
Example:
An employee asks:
“Show me my support tickets.”
The agent retrieves only that employee’s tickets because it uses the employee’s delegated permissions.
Advantages:
- User-specific security
- Respects existing permissions
- Simplifies auditing
Application Permissions
Application permissions allow an application to access resources independently of a signed-in user.
The application acts using its own identity.
Example:
A scheduled AI process updates inventory overnight.
No user is signed in.
The application authenticates using its own credentials.
Application permissions are common for background services and automation.
Service Principals
A service principal is the security identity created for an application within Microsoft Entra ID.
Rather than using a user account, applications authenticate using their own service principal.
Benefits include:
- Secure application identity
- Better auditing
- Easier permission management
- Reduced reliance on user accounts
Many enterprise integrations use service principals.
Managed Identities
Managed identities provide Azure services with automatically managed identities in Microsoft Entra ID.
Advantages include:
- No password management
- No stored credentials
- Automatic credential rotation
- Simplified security
Managed identities are recommended for Azure-hosted services whenever supported.
OAuth 2.0
OAuth 2.0 is the primary authorization framework used by many Microsoft services and external APIs.
Rather than sharing passwords, OAuth issues access tokens.
Typical OAuth flow:
- User signs in.
- Identity provider authenticates the user.
- An access token is issued.
- The agent presents the token to the target service.
- The service validates the token and authorizes access.
OAuth improves security by avoiding direct password sharing.
Access Tokens
An access token is a temporary credential issued after successful authentication.
Tokens contain information such as:
- User identity
- Application identity
- Granted permissions (scopes)
- Expiration time
Because tokens expire, they reduce the risk associated with stolen credentials.
Identity Providers
An identity provider (IdP) authenticates users and applications.
Examples include:
- Microsoft Entra ID
- Active Directory Federation Services (AD FS)
- External OAuth providers
- OpenID Connect providers
The identity provider establishes trust between the user and enterprise applications.
Planning Authentication for Enterprise Integrations
Every enterprise integration requires an authentication strategy.
Examples:
| System | Typical Authentication Method |
|---|---|
| Microsoft 365 | Microsoft Entra ID |
| Dynamics 365 | Microsoft Entra ID |
| SharePoint | Microsoft Entra ID |
| Azure AI Search | Microsoft Entra ID or API key |
| REST APIs | OAuth, API key, or certificate |
| Custom applications | OAuth or custom authentication |
Architects should choose authentication methods supported by both Copilot Studio and the target system.
API Keys
Some external systems authenticate using API keys.
Advantages:
- Simple implementation
- Common with third-party APIs
Disadvantages:
- Harder to rotate securely
- Less granular permissions
- Must be protected carefully
Whenever possible, OAuth is generally preferred over API keys because it provides stronger security and more flexible authorization.
Conditional Access
Conditional Access allows organizations to apply security policies based on specific conditions.
Policies may evaluate:
- User identity
- Device compliance
- Geographic location
- Risk level
- Application
- Network location
Examples:
- Require MFA outside the corporate network.
- Block access from high-risk countries.
- Require managed devices for sensitive applications.
Conditional Access enhances security without changing application logic.
Least Privilege Principle
One of the most important identity planning principles is least privilege.
Grant only the permissions necessary to perform required tasks.
For example:
Instead of allowing an agent to modify every customer record, grant permission only to update support case statuses if that is all the agent requires.
Benefits include:
- Reduced attack surface
- Lower risk of accidental changes
- Improved compliance
- Easier auditing
Role-Based Access Control (RBAC)
RBAC assigns permissions based on roles instead of individual users.
Examples of roles:
- Sales Representative
- HR Manager
- Finance Administrator
- Customer Service Agent
The AI agent inherits permissions associated with the user’s assigned role.
RBAC simplifies administration and supports consistent security.
Identity for Multi-Agent Solutions
In multi-agent architectures, each agent may have its own identity and permissions.
Example:
- HR agent accesses HR systems only.
- Finance agent accesses accounting systems only.
- IT agent accesses service management systems only.
Separating identities improves:
- Security
- Auditing
- Governance
- Maintainability
Avoid using one highly privileged identity for every agent.
Identity and Enterprise Knowledge
When agents retrieve enterprise knowledge from sources such as SharePoint or Azure AI Search, identity determines which documents users can access.
For example:
An HR employee may see personnel policies, while a sales employee sees only sales documentation.
Identity-aware retrieval helps ensure that users receive only the information they are authorized to access.
Compliance Considerations
Identity strategies often support compliance with organizational and regulatory requirements.
Examples include:
- Audit logging
- User accountability
- Access reviews
- Data protection
- Separation of duties
- Identity governance
Strong identity management helps organizations satisfy security and compliance standards.
Common Identity Planning Mistakes
Avoid these common mistakes:
- Using shared user accounts for applications
- Granting excessive permissions
- Ignoring MFA requirements
- Hardcoding credentials in applications
- Failing to rotate API keys
- Choosing application permissions when delegated permissions are sufficient
- Forgetting Conditional Access requirements
- Not documenting identity architecture
- Giving every agent identical permissions
Best Practices
When planning an identity strategy:
- Use Microsoft Entra ID whenever possible.
- Enable Single Sign-On for a seamless user experience.
- Require Multi-Factor Authentication for sensitive resources.
- Prefer delegated permissions for user-driven interactions.
- Use application permissions only when necessary.
- Use managed identities for Azure-hosted services.
- Apply the principle of least privilege.
- Implement Role-Based Access Control.
- Use OAuth instead of API keys whenever supported.
- Separate identities for different agents and services.
- Monitor authentication failures and access logs regularly.
Exam Tips
For the AB-620 exam, remember these key points:
- Authentication verifies identity; authorization determines permissions.
- Microsoft Entra ID is the primary identity provider for Microsoft cloud services.
- Single Sign-On improves both usability and security.
- MFA adds an additional layer of protection.
- Delegated permissions operate on behalf of a signed-in user.
- Application permissions allow applications to act independently.
- Managed identities eliminate the need to manage credentials for Azure services.
- Service principals represent applications in Microsoft Entra ID.
- OAuth is generally preferred over API keys.
- Always apply the principle of least privilege.
Practice Exam Questions
Question 1
A company wants its AI agent to access Microsoft 365 resources using the identity of the signed-in employee. Which permission model should be used?
A. Application permissions
B. Delegated permissions
C. Anonymous access
D. API key authentication
Correct Answer: B
Explanation: Delegated permissions allow the AI agent to perform actions on behalf of the signed-in user and respect that user’s existing permissions.
Question 2
What is the primary purpose of authentication?
A. Determine which resources a user can modify
B. Encrypt all enterprise data
C. Verify the identity of a user or application
D. Record audit logs
Correct Answer: C
Explanation: Authentication establishes who the user or application is before access decisions are made. Authorization determines what the authenticated identity can access.
Question 3
An Azure-hosted service needs to authenticate to Azure resources without storing passwords or secrets. Which identity solution is recommended?
A. Managed identity
B. API key
C. Shared service account
D. Username and password
Correct Answer: A
Explanation: Managed identities automatically manage credentials for Azure services, eliminating the need to store or rotate secrets.
Question 4
Which Microsoft service is the primary identity provider for Microsoft cloud applications and Copilot Studio integrations?
A. Azure AI Search
B. Microsoft Defender for Cloud
C. Microsoft Dataverse
D. Microsoft Entra ID
Correct Answer: D
Explanation: Microsoft Entra ID provides authentication, authorization, Single Sign-On, Conditional Access, and identity management for Microsoft cloud services.
Question 5
A background process updates inventory records every night without any user interaction. Which permission model is most appropriate?
A. Delegated permissions
B. Anonymous authentication
C. Application permissions
D. Guest user permissions
Correct Answer: C
Explanation: Application permissions allow applications to operate independently of a signed-in user, making them appropriate for scheduled or automated processes.
Question 6
Which security principle recommends granting only the permissions required to perform a specific task?
A. Defense in depth
B. Separation of duties
C. Zero Trust
D. Least privilege
Correct Answer: D
Explanation: The principle of least privilege minimizes security risks by limiting permissions to only those necessary for the required operations.
Question 7
Which authentication mechanism is generally preferred over API keys because it provides temporary access tokens and granular authorization?
A. Basic Authentication
B. OAuth 2.0
C. NTLM
D. Windows Authentication
Correct Answer: B
Explanation: OAuth 2.0 issues temporary access tokens instead of sharing passwords and supports fine-grained authorization scopes.
Question 8
What is the primary benefit of Single Sign-On (SSO)?
A. It permanently stores user credentials in every application.
B. It replaces authorization policies.
C. It allows users to authenticate once and access multiple trusted applications.
D. It eliminates the need for user identities.
Correct Answer: C
Explanation: Single Sign-On improves user experience and security by allowing one authentication session to provide access to multiple authorized applications.
Question 9
What is the purpose of a service principal in Microsoft Entra ID?
A. It represents an application or service as a security identity.
B. It stores enterprise knowledge for AI agents.
C. It replaces Conditional Access policies.
D. It creates Power Automate workflows.
Correct Answer: A
Explanation: A service principal is the identity used by an application or service to authenticate and access resources securely in Microsoft Entra ID.
Question 10
An organization requires users connecting from unmanaged devices to complete additional verification before accessing sensitive AI agents. Which capability addresses this requirement?
A. Role-Based Access Control
B. Managed identities
C. Conditional Access
D. Delegated permissions
Correct Answer: C
Explanation: Conditional Access evaluates conditions such as device compliance, location, and risk level to enforce security requirements like Multi-Factor Authentication before granting access.
Go to the AB-620 Exam Prep Hub main page
