Bemærk
Adgang til denne side kræver godkendelse. Du kan prøve at logge på eller ændre mapper.
Adgang til denne side kræver godkendelse. Du kan prøve at ændre mapper.
Important
Windows 365 for Agents is in public preview. The feature is under active development and might change before general availability.
Windows 365 for Agents delivers an execution environment for agent workloads by combining Microsoft Entra identity, Cloud PC isolation, and Microsoft 365 security controls, governed end to end by Zero Trust principles. Each Cloud PC is Microsoft Entra-joined and Microsoft Intune-enrolled, which gives agents a managed identity and device posture from day one. Exposed as an MCP tool within Agent 365, it inherits the platform's security and audit trail, with Microsoft Defender providing threat protection and Microsoft Purview delivering data governance and compliance visibility across every agent action.
Cloud PCs for Agents are:
- Pooled: Dynamically assigned from a shared pool per task.
- Stateless: Reset after every agent session, with no state carried forward
- Programmatic: Accessed by agents, not interactive users.
Windows 365 for Agents integrates identity, authentication, and device trust into every agent session, which ensures that all actions are governed, isolated, and auditable. By using an identity-first, Zero Trust approach, every agent request is validated by using identity, device, and policy signals, with security controls enforced throughout the session lifecycle.
Why identity matters here
Identity is central to how Windows 365 for Agents delivers secure automation at scale.
| Capability | What it enables |
|---|---|
| Enables safe pooling | Many agents share infrastructure without sharing identity. |
| Session-scoped access | Every connection is authenticated and policy-governed. |
| Supports ephemeral compute | Identity travels with the session, not the device. |
| Enforces isolation | Sessions are independent and reset between uses. |
| Full auditability | Every action traces back to a specific agent user's identity. |
Together, this model ensures that agents can operate at scale, across shared, dynamic infrastructure, while remaining fully governed within enterprise security and compliance boundaries. Agents get the access they need to be productive, under the same enterprise guardrails as your human users.
Identity integration with Microsoft Entra
Microsoft Entra provides a unified identity and policy control plane across agents (see Microsoft Entra Agent ID documentation), Cloud PCs, and sessions. In Windows 365 for Agents, agents don't have an assigned dedicated device. Instead, they check out a Cloud PC from the assigned Cloud PC pool per task, use it, and then check it back in to the pool after task completion, which triggers a reset. The agent user's identity is bound to the session, not the device. Authentication is reestablished on every connection, and access is continuously governed by policy.
Agent identities
Each agent uses a dedicated Microsoft Entra agent user identity, separate from human users, and seamlessly authenticates with token-based flows into Windows 365 for Agents virtual machines. Resource access is explicitly assigned to each agent identity, with lifecycle management (creation, disablement, auditing) centrally managed in Agent 365. This model lets multiple agents share a Cloud PC pool while maintaining strict identity-level control, visibility, and audit trails. Agents never reuse or impersonate user credentials, which ensures a clear security boundary. Windows 365 for Agents virtual machines are agent-only and are strictly reserved for programmatic agent workloads, which ensures that only authorized agent identities can initiate sessions, run tasks, or access resources. This design enforces strong isolation between automated agents and human users, which further reduces risk and maintains a secure, auditable boundary.
Policy enforcement across the lifecycle
Policy enforcement spans the agent lifecycle:
- Identity control: Microsoft Entra as the centralized identity and policy plane.
- Pool assignment for agents in Intune: Determines which agent identities can acquire Cloud PCs.
- Session establishment: Microsoft Entra Conditional Access evaluates identity and context before permitting connection.
- Resource access: Downstream policies define what agents can do after they connect.
This approach keeps agents within the same enterprise security boundaries as human users, even as programmatic, autonomous actors.
Windows 365 for Agents supports Conditional Access policies for agent user identities with the Block access control available today. Organizations can explicitly block agent identities from accessing resources, which ensures that only reviewed and approved agents operate. Any agent that exhibits risk or violates the policy is immediately blocked.
End-to-end audit trail
Because the human user and the agent user each have distinct Microsoft Entra identities, every action is correctly attributed across the full delegation chain. Administrators can trace a request from the moment a human user prompts an agent through every task the agent performs on their behalf, with activity correlated across:
- Agent 365: The originating user prompt and the agent's task execution.
- Microsoft Entra sign-in logs: Authentication events for both the human user and the agent user identity.
- Microsoft Defender: Threat signals and security events tied to the session.
- Microsoft Purview: Data access, compliance, and governance activity.
This unified audit view gives security and compliance teams a single, coherent record of who initiated what, which agent acted, and what the agent did. It preserves accountability even as work is delegated to autonomous agents.
For more information, see Secure AI agents at scale by using Microsoft Agent 365.
Next steps
- Learn about the agent authentication model.
- Learn about the agent session lifecycle.