Merge pull request #53410 from R-C-Stewart/NEW-introduction-entra-agent-id

New module upload for Introduction to Microsoft Entra Agent ID

Author: AnnaMHuff

learn-pr/wwl-sci/introduction-entra-agent-id/1-introduction.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.introduction-entra-agent-id.introduction
+title: Introduction
+metadata:
+  title: Introduction
+  description: "Introduction to Microsoft Entra Agent ID and the challenges of managing AI agent identities in enterprise environments."
+  ms.date: 02/09/2026
+  author: wwlpublish
+  ms.author: roberts
+  ms.topic: unit
+durationInMinutes: 3
+content: |
+  [!include[](includes/1-introduction.md)]

learn-pr/wwl-sci/introduction-entra-agent-id/2-describe-agent-id-compare-identities.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.introduction-entra-agent-id.describe-agent-id-compare-identities
+title: Describe agent ID and compare identity types
+metadata:
+  title: Describe agent ID and compare identity types
+  description: "Learn how Microsoft Entra Agent ID compares to service principals and managed identities, and understand when to use each identity type."
+  ms.date: 02/09/2026
+  author: wwlpublish
+  ms.author: roberts
+  ms.topic: unit
+durationInMinutes: 8
+content: |
+  [!include[](includes/2-describe-agent-id-compare-identities.md)]

learn-pr/wwl-sci/introduction-entra-agent-id/3-identify-products-use-agent-identities.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.introduction-entra-agent-id.identify-products-use-agent-identities
+title: Identify products that use agent identities
+metadata:
+  title: Identify products that use agent identities
+  description: "Discover which Microsoft products automatically create and manage agent identities, including Microsoft Foundry, Copilot Studio, and Azure services."
+  ms.date: 02/09/2026
+  author: wwlpublish
+  ms.author: roberts
+  ms.topic: unit
+durationInMinutes: 10
+content: |
+  [!include[](includes/3-identify-products-use-agent-identities.md)]

learn-pr/wwl-sci/introduction-entra-agent-id/4-navigate-admin-center-view-agents.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.introduction-entra-agent-id.navigate-admin-center-view-agents
+title: Navigate the admin center to view agents
+metadata:
+  title: Navigate the admin center to view agents
+  description: "Learn how to navigate the Microsoft Entra admin center to view, search, filter, and manage agent identities and blueprints."
+  ms.date: 02/09/2026
+  author: wwlpublish
+  ms.author: roberts
+  ms.topic: unit
+durationInMinutes: 12
+content: |
+  [!include[](includes/4-navigate-admin-center-view-agents.md)]

learn-pr/wwl-sci/introduction-entra-agent-id/5-understand-access-permissions.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.introduction-entra-agent-id.understand-access-permissions
+title: Understand access and permissions
+metadata:
+  title: Understand access and permissions
+  description: "Learn about the roles required to manage agent identities, how permission inheritance works, and security restrictions for agent identities."
+  ms.date: 02/09/2026
+  author: wwlpublish
+  ms.author: roberts
+  ms.topic: unit
+durationInMinutes: 10
+content: |
+  [!include[](includes/5-understand-access-permissions.md)]

learn-pr/wwl-sci/introduction-entra-agent-id/6-understand-microsoft-graph-operations.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.introduction-entra-agent-id.understand-microsoft-graph-operations
+title: Understand Microsoft Graph operations
+metadata:
+  title: Understand Microsoft Graph operations
+  description: "Learn how to use Microsoft Graph APIs to programmatically query and manage agent identities, including permission requirements and common operations."
+  ms.date: 02/09/2026
+  author: wwlpublish
+  ms.author: roberts
+  ms.topic: unit
+durationInMinutes: 8
+content: |
+  [!include[](includes/6-understand-microsoft-graph-operations.md)]

learn-pr/wwl-sci/introduction-entra-agent-id/7-knowledge-check.yml

@@ -0,0 +1,112 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.introduction-entra-agent-id.knowledge-check
+title: Knowledge check
+metadata:
+  title: Module Assessment
+  description: "Module assessment"
+  ms.date: 02/09/2026
+  author: wwlpublish
+  ms.author: roberts
+  ms.topic: unit
+durationInMinutes: 5
+quiz:
+  title: Module Assessment
+  questions:
+  - content: "Which two components make up the Microsoft Entra Agent ID platform?"
+    choices:
+    - content: "Agent identities and service principals"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. Service principals are a separate identity type, not a component of the Agent ID platform."
+    - content: "Agent identities and agent identity blueprints"
+      isCorrect: true
+      explanation: "That's correct. The Microsoft Entra Agent ID platform consists of agent identities and agent identity blueprints."
+    - content: "Agent users and managed identities"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. Agent users are an optional component, and managed identities are a separate identity type."
+    - content: "Service principals and managed identities"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. These are separate identity types, not components of the Agent ID platform."
+  - content: "What is the primary difference between agent identities and service principals in credential management?"
+    choices:
+    - content: "Agent identities use passwords while service principals use certificates"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. Agent identities don't use passwords or certificates directly."
+    - content: "Service principals can't have credentials while agent identities can"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. Service principals can have their own credentials."
+    - content: "Agent identities rely on parent blueprint credentials while service principals manage their own credentials"
+      isCorrect: true
+      explanation: "That's correct. Agent identities inherit credentials from their parent blueprint, while service principals manage their own credentials independently."
+    - content: "Agent identities and service principals use the same credential management approach"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. They have different credential management approaches."
+  - content: "Which Microsoft product automatically creates a shared agent identity when you create your first agent in a project, and then creates a distinct identity when you publish the agent?"
+    choices:
+    - content: "Microsoft Copilot Studio"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. Microsoft Copilot Studio assigns agent identities when enabled at the environment level, but doesn't use the shared/distinct identity pattern."
+    - content: "Microsoft Foundry"
+      isCorrect: true
+      explanation: "That's correct. Microsoft Foundry creates a shared agent identity for development and a distinct identity when you publish the agent."
+    - content: "Azure App Service"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. Azure App Service requires developers to manually create blueprints and agent identities."
+    - content: "Microsoft Teams"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. Microsoft Teams requires developers to manually configure agent identity blueprints in the Developer Portal."
+  - content: "Which roles are required to view and manage agent identities in the Microsoft Entra admin center?"
+    choices:
+    - content: "Global Administrator or User Administrator"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. While Global Administrator has access, User Administrator is not the recommended role for agent identity management."
+    - content: "Agent ID Administrator or Cloud Application Administrator"
+      isCorrect: true
+      explanation: "That's correct. Agent ID Administrator or Cloud Application Administrator are the recommended roles for managing agent identities."
+    - content: "Security Administrator or Compliance Administrator"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. These roles don't have the required permissions for agent identity management."
+    - content: "Application Developer or Service Support Administrator"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. These roles don't have the required permissions for agent identity management."
+  - content: "What happens to RBAC permissions when you publish an agent in Microsoft Foundry?"
+    choices:
+    - content: "They automatically transfer to the new distinct identity"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. RBAC permissions don't automatically transfer when publishing an agent."
+    - content: "They must be manually reassigned to the new agent identity"
+      isCorrect: true
+      explanation: "That's correct. When you publish an agent, RBAC permissions must be manually reassigned to the new distinct agent identity."
+    - content: "They're duplicated across both the shared and distinct identities"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. Permissions aren't automatically duplicated between identities."
+    - content: "They're removed for security reasons"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. Permissions aren't removed; they simply don't transfer automatically."
+  - content: "Which high-privilege Microsoft Entra roles can be assigned to agent identities?"
+    choices:
+    - content: "Global Administrator, Privileged Role Administrator, and User Administrator"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. These high-privilege roles cannot be assigned to agent identities."
+    - content: "None - these roles are blocked from agent identities"
+      isCorrect: true
+      explanation: "That's correct. High-privilege Microsoft Entra roles like Global Administrator, Privileged Role Administrator, and User Administrator are blocked from being assigned to agent identities for security reasons."
+    - content: "Only Global Administrator"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. Global Administrator cannot be assigned to agent identities."
+    - content: "All roles can be assigned to agent identities"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. High-privilege roles are blocked from agent identities."
+  - content: "What is the primary purpose of using Microsoft Graph APIs with agent identities?"
+    choices:
+    - content: "To create user interfaces for agent management"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. Microsoft Graph APIs aren't primarily for creating user interfaces."
+    - content: "To replace the Microsoft Entra admin center"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. Microsoft Graph APIs complement rather than replace the admin center."
+    - content: "To programmatically query, manage, and automate agent identity operations"
+      isCorrect: true
+      explanation: "That's correct. Microsoft Graph APIs enable programmatic querying, management, and automation of agent identity operations at scale."
+    - content: "To store agent identity data in external systems"
+      isCorrect: false
+      explanation: "Sorry, that's incorrect. Microsoft Graph APIs are for interacting with Microsoft Entra data, not storing it externally."

learn-pr/wwl-sci/introduction-entra-agent-id/8-summary.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.introduction-entra-agent-id.summary
+title: Summary
+metadata:
+  title: Summary
+  description: "Summary of Microsoft Entra Agent ID concepts, including agent identities, blueprints, administration, and Microsoft Graph integration."
+  ms.date: 02/09/2026
+  author: wwlpublish
+  ms.author: roberts
+  ms.topic: unit
+durationInMinutes: 2
+content: |
+  [!include[](includes/8-summary.md)]

learn-pr/wwl-sci/introduction-entra-agent-id/includes/1-introduction.md

@@ -0,0 +1,24 @@
+The emergence of AI agents as autonomous enterprise systems introduces unique security and operational challenges that existing identity models weren't designed to address. Organizations need a way to distinguish operations performed by AI agents from operations performed by human users or traditional applications, while maintaining appropriate security controls and governance.
+
+Microsoft Entra Agent ID provides specialized identity constructs designed specifically for AI agents operating in enterprise environments. These identity constructs enable secure authentication and authorization patterns that address the unique requirements of autonomous AI systems.
+
+## Scenario: Managing AI Agent identities
+
+Imagine you're an Identity and Access Administrator at a large organization that's adopting AI agents across multiple departments. Your marketing team uses AI agents in Microsoft Copilot Studio to answer customer inquiries. Your development team builds agents in Microsoft Foundry that access company data. Your IT team deploys agents in Azure App Service to automate workflows.
+
+Each of these agents needs an identity to authenticate and access resources securely. However, using traditional service principals or managed identities doesn't provide the visibility, governance, or security controls designed for AI agents. You need to:
+
+- Distinguish AI agent operations from human user operations in audit logs
+- Apply consistent security policies to all agents of a particular type
+- Prevent agents from gaining excessive privileges
+- Scale identity management to potentially thousands of agents that might be created and destroyed rapidly
+
+Microsoft Entra Agent ID addresses these challenges by providing specialized identity types designed for AI agents.
+
+## Content description
+
+In this module, you learn about Microsoft Entra Agent ID and how it differs from other identity types like service principals and managed identities. You explore which Microsoft products automatically create agent identities and how to view and manage them through the Microsoft Entra admin center. You also learn about the roles required to manage agent identities and how to query them programmatically using Microsoft Graph.
+
+## What is the main goal
+
+By the end of this module, you'll understand what Microsoft Entra Agent ID is. You can explain how it compares to other identity types. You can define which Microsoft products use the Agent ID, and how to view and manage agent identities in your organization.