Microsoft dropped several agent security announcements at RSAC 2026 this week. The centerpiece: Agent 365 — a control plane for AI agents — goes GA on May 1. Plus: Zero Trust for AI, shadow AI detection, and a new identity security dashboard.
Here is what matters and what is still missing.
What Microsoft Shipped
Agent 365 (GA May 1): A control plane that gives IT/security/business teams visibility into agent activity. Includes Defender, Entra, and Purview capabilities for securing agent access, preventing data oversharing, and detecting threats.
Zero Trust for AI: New guidance and tools extending zero trust architecture to AI workloads. A Zero Trust Assessment for AI pillar coming summer 2026.
Shadow AI Detection: Entra Internet Access now identifies previously unknown AI applications at the network layer. GA March 31.
Unified Identity Security: End-to-end coverage across identity infrastructure, control plane, and threat detection/response — all in one dashboard.
The Identity Bet
Microsofts framing is clear: "Identity is the foundation of modern security, the most targeted layer in any environment, and the first line of defense."
They are not wrong. Every announcement traces back to identity:
- Agent 365 = identity-based agent governance
- Shadow AI detection = discovering unidentified AI
- Zero Trust for AI = continuous identity verification
- Passkey integration = strengthening authentication primitives
80% of Fortune 500 companies are already using agents. Microsofts research shows these agents can become "double agents" — the same capability that makes them useful makes them dangerous.
What Is Still Missing
Microsofts approach is comprehensive within the Microsoft ecosystem. Agent 365 works because Microsoft controls the identity layer (Entra), the compute layer (Azure), the policy layer (Purview), and the detection layer (Defender).
But agents do not live in one ecosystem.
A real-world agent might:
- Run on AWS but authenticate via Azure AD
- Call APIs hosted on GCP
- Interact with agents running on a developers laptop
- Participate in multi-agent workflows spanning three organizations
Agent 365 secures agents within Microsoft. It does not answer:
- Cross-platform identity. How does an Azure agent prove its identity to a non-Azure service?
- Agent-to-agent trust. Agent 365 governs agents from above. What about peer-to-peer trust between agents?
- Portable identity. If you move an agent from Azure to AWS, does its identity survive?
- Decentralized verification. All trust flows through Microsofts identity infrastructure. That is a single point of failure.
These are exactly the problems that Agent Identity Protocol (AIP) solves with DID-based cryptographic identity. Every agent gets an Ed25519 keypair, a DID, and a trust graph that works across platforms, clouds, and organizational boundaries.
The Convergence Signal
Microsoft joining the agent identity conversation at this scale validates the thesis: agent identity is not optional infrastructure — it is the foundation everything else sits on.
The question is whether the industry converges on platform-specific solutions (Agent 365, Okta Agent Kit, 1Password Unified Access) or interoperable standards (DIDs, verifiable credentials, cross-protocol trust).
History suggests both will exist. The platform solutions will handle 80% of enterprise use cases. The interoperable layer will handle the 20% that matters most: cross-organizational coordination, agent marketplaces, open multi-agent systems.
That 20% is where we are building.
AIP v0.5.52 — 651 tests, 22 registered agents, 5-engine cross-protocol interop. W3C DID method registration pending.
Agent Identity Protocol on GitHub | PyPI | Trust Observatory
Top comments (0)