Control 1.11: Conditional Access and Phishing-Resistant MFA
Control ID: 1.11 Pillar: Security Regulatory Reference: GLBA 501(b), FINRA 4511, SEC 17a-3/4, SOX 302 Last UI Verified: February 2026 Governance Levels: Baseline / Recommended / Regulated Last Verified: 2026-02-03
Agent 365 Architecture Update
Entra Agent ID (Public Preview) extends Conditional Access to agent identities with agent-specific risk signals and custom security attributes. Agents are now first-class identities subject to risk-based policies, replacing per-platform identity models (service principals, managed identities). See Unified Agent Governance for agent Conditional Access policy examples and configuration guidance.
Agent Registry Visibility (February 2026): Copilot Studio agents are visible in the Agent 365 registry. Microsoft Foundry agents are expected at GA. Declarative agents appear in the registry but lack org-wide deployment capability — export/import is required for broader distribution, and direct publish is under consideration. Admins can block or delete declarative agents but cannot deploy them org-wide from the registry.
Objective
Implement adaptive access control using Microsoft Entra Conditional Access to enforce risk-based policies for users creating and managing AI agents, and for agents themselves through Microsoft Entra Agent ID. This control helps ensure that authorized, authenticated users can create, publish, and manage agents in regulated environments.
Why This Matters for FSI
- GLBA 501(b): Strong authentication requirements for customer data access
- FINRA 4511: Access control and audit trails for records
- SEC 17a-3/4: Access controls supporting recordkeeping integrity
- SOX 302: Internal access controls for financial systems
- FFIEC: Risk-based MFA requirements for financial institutions
Control Description
| Capability | Description |
|---|---|
| Conditional Access policies | Risk-based access control for agent creators |
| Phishing-resistant MFA | FIDO2, passkeys, certificates for strong authentication |
| Agent identity protection | Entra Agent ID for AI agent governance |
| Authentication strengths | Tiered authentication requirements |
| Agent sponsorship | Human accountability for agent lifecycle |
Key Configuration Points
- Configure Conditional Access policies requiring MFA for all users
- Define authentication strengths (phishing-resistant for enterprise zone)
- Exclude and validate break-glass (emergency access) accounts
- Configure named locations for trusted networks
- Enable Microsoft Entra Agent ID for agent identity governance
- Assign human sponsors to Zone 2/3 agents
- Use Quarantined collection for agents pending compliance review
- Configure Privileged Identity Management (PIM) for AI administration roles
Service Principal Security Group Bypass
Service Principals used by Power Automate flows and automation scripts may not be members of security groups used in Conditional Access policy assignments, causing them to bypass CA controls. This occurs because Service Principals are application identities without user group membership.
Compensating Controls:
- Use Named Locations to restrict Service Principal sign-ins to trusted IP ranges
- Apply app-specific CA policies targeting Service Principal application IDs directly
- Monitor Service Principal sign-ins via Entra ID Sign-in Logs with filter
User Type = Service Principal - Review Service Principal consent and permissions quarterly per Control 2.8
See Conditional Access Automation solution for Service Principal CA policy templates.
PIM Baselines for AI Administration Roles
Privileged Identity Management (PIM) provides just-in-time access for AI governance roles. Configure PIM for:
| Role | PIM Setting | Activation Duration | Approval Required |
|---|---|---|---|
| Power Platform Admin | Eligible | 4 hours max | Yes - AI Governance Lead |
| Entra Security Admin | Eligible | 4 hours max | Yes - Security Manager |
| Purview Compliance Admin | Eligible | 8 hours max | Yes - Compliance Officer |
| Environment Admin | Eligible | 4 hours max | Yes - AI Governance Lead |
| Agent Sponsor (Zone 3) | Eligible | 8 hours max | Yes - Compliance Officer |
PIM Configuration for AI Governance:
- Enable PIM for all AI administration directory roles
- Require MFA at activation (phishing-resistant for Zone 3)
- Configure justification requirement with audit logging
- Set maximum activation duration per role sensitivity
- Configure approval workflows with backup approvers
- Enable alerts for PIM activation failures and anomalies
Agent Identity Governance: Agent ID vs. Blueprint
Microsoft provides two complementary approaches for agent identity governance. Understanding when to use each is essential for Zone 2+ deployments.
When to Use Agent ID Only
- Zone 1 agents with simple identity requirements
- Single-tenant deployments with limited scale
- Direct identity assignment via Entra
When to Use Blueprint (Recommended for Zone 2+)
- Enterprise-scale deployments with multiple agents
- Multi-tenant agent platforms
- Formal governance registry required
- Regulatory audit trail requirements
Decision Matrix
| Requirement | Agent ID Only | Agent ID + Blueprint |
|---|---|---|
| Single agent | Sufficient | Optional |
| Multi-tenant | Not supported | Required |
| Regulatory audit | Partial | Full |
| Zone 1 | Sufficient | Optional |
| Zone 2 | Possible | Recommended |
| Zone 3 | Not recommended | Required |
For comprehensive guidance, see Agent Identity Architecture.
Unified Control Plane Visibility with Agent 365
Control 1.11 focuses on Conditional Access policy configuration for users creating agents (maker identity) and for agents themselves (Entra Agent ID). Agent 365 Architecture provides the unified control plane that surfaces how these Conditional Access policies apply across all agent types — Copilot Studio, Agent Builder, SharePoint Agents, and third-party agents.
While this control documents policy configuration, Agent 365 provides cross-platform visibility into policy enforcement and compliance status for all agents in your organization. This visibility is especially valuable in Zone 3 deployments where multiple agent platforms require consistent Conditional Access governance.
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Baseline MFA; document exceptions | Reduce risk while keeping friction low |
| Zone 2 (Team) | Strong auth for admin/maker roles; identified owner | Shared agents increase blast radius |
| Zone 3 (Enterprise) | Phishing-resistant MFA enforced; policy-driven | Highest audit/regulatory risk |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Entra Security Admin | Conditional Access and MFA configuration |
| Authentication Administrator | Authentication methods management |
| Compliance Officer | Regulatory authentication requirements |
| AI Governance Lead | Agent identity governance strategy |
Related Controls
| Control | Relationship |
|---|---|
| 1.4 - Advanced Connector Policies | Connector access control |
| 1.12 - Insider Risk Detection | Risk management integration |
| 3.8 - Copilot Hub | Agent management |
| 3.1 - Agent Inventory | Agent tracking |
| 2.22 - Inactivity Timeout Enforcement | 1.11 addresses authentication session frequency via Conditional Access policies; 2.22 addresses application-level inactivity and session duration enforcement via PPAC settings |
Automated Compliance: Conditional Access Automation
For automated CA policy deployment, daily compliance scanning, and drift detection for AI workloads, see the Conditional Access Automation solution.
Capabilities:
- 8 zone-specific CA policy templates for Copilot Studio, Agent Builder, M365 Copilot
- Daily compliance scanning with break-glass exclusion verification
- Multi-dimensional drift detection (policy disabled, conditions weakened, controls changed)
- Teams adaptive card alerts with zone-based severity classification
- SHA-256 evidence export with integrity hashing for FINRA/SEC examination support
Deployable Solution: conditional-access-automation provides PowerShell deployment scripts, Azure Automation runbook wrappers, and Power Automate flow definitions.
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Verification Criteria
Confirm control effectiveness by verifying:
- Conditional Access policies created and enabled for agent creators
- Break-glass accounts excluded and verified via What if
- Phishing-resistant MFA enforced for Zone 3 users
- Agent ID dashboard shows managed agents with sponsors
- Sign-in logs capture CA policy evaluation
- Authentication method matches zone requirements
Additional Resources
- Microsoft Learn: Conditional Access Overview
- Microsoft Learn: Microsoft Entra Agent ID
- Microsoft Learn: Authentication Methods
- Microsoft Learn: Governing Agent Identities
Agent Essentials & Blueprint (Preview)
Note: The following resources are preview documentation and may change.
- Microsoft Learn: Agent 365 Blueprint (Preview) - 3-phase deployment blueprint with identity integration
- Microsoft Learn: Agent Deployment Checklist (Preview) - Category 1 covers access and availability policies
- Agent Identity Architecture - Framework guidance on Agent ID vs. Blueprint architecture decisions
Updated: February 2026 | Version: v1.3 | UI Verification Status: Current