Semion Vasilevitzky and Jonathan Elkabas

Editor’s Note: Welcome to the second practice tutorial in Understanding and Preventing Entra ID Agent Identity Attacks: A Comprehensive Guide. This multi-part technical walkthrough helps you understand Microsoft’s approach to agent identities and how you can protect them from threat actors. To review previous chapters and practice lessons, start here.


In our first Practice Checkpoint, you learned how to build Agent ID and create your first agent user.

Now that the core objects exist, we’ll wire up the permission model in the same way it appears in real deployments: direct app-only permissions on the agent identity and delegated permissions granted at the blueprint level and marked as inheritable.

This checkpoint sets the exact inputs we’ll later validate in tokens across the authentication flows.

Assign permission to the agent identity

To demonstrate “direct” app-only permissions at the agent identity level, assign an app role to <agent-identity-id> using the same appRoleAssignments pattern as before.

In this demo, the appRoleId represents User.Read.All. We’ll use it later when authenticating as the agent identity and listing users.

Figure 1. Assigning an app role to the agent identity

Configure inheritable permissions

Configure inheritable permissions so the agent can inherit delegated scopes in delegated flows.


Step 1: Grant the delegated permission

Create an oauth2PermissionGrants record that grants Group.Read.All to the agent identity blueprint (standard delegated consent flow).

Figure 2. Granting Group.Read.All to the agent identity

Step 2: Mark it as inheritable

Call the /applications/microsoft.graph.agentIdentityBlueprint /<agent identity blueprint id>/inheritablePermissions endpoint and include the resource app ID of Graph. Use an enumerated scope so the agent identity will inherit only the Group.Read.All permissions.

Figure 3. Limiting the agent identity’s inherited read permissions with an enumerated scope

In a delegated authentication scenario, we will see and use those permissions to list the tenant groups. If you want all permissions to be inherited, just set kind to allAllowed instead of enumerated and remove the scopes property.

Although undocumented, it is possible to inherit enumerated app-only permissions. Instead of scopes, we will use appRoleIds, which require the app role’s GUID. So the request will look like this:

Figure 4. Enabling inheritance of enumerated app-only permissions

You can also set both at the same time. To update existing inheritable permissions, send a Patch request to the relevant resource you want to update.

Patch: /applications/microsoft.graph.agentIdentityBlueprint//inheritablePermissions/

Next up: We’ll discover how your agent identity authenticates and operates in Entra ID.


Explore the guide