Your AI agents are calling APIs, reading databases, and writing to storage. But whose identity are they using? Today, most agents authenticate as the signed-in user (inheriting far too many permissions) or as the hosting application (making every agent on the same compute indistinguishable in your audit logs). Neither option gives you what you actually need: a discrete, auditable, least-privilege identity for the agent itself. In this session, we'll explore how Microsoft Entra Agent ID solves this problem by extending the Microsoft identity platform with a new category of identity purpose-built for AI agents. We'll break down the core building blocks (agent identity blueprints, agent identities, and federated identity credentials) and show how they chain together to enable secretless, scoped authentication from your compute infrastructure through to Azure data-plane services. Then we'll go hands-on with a live demo of an AI agent that authenticates under its own identity to call both Azure services using the .NET Azure SDK and custom APIs, so you can see the full token flow and RBAC model in action across first-party and your own services. What you'll walk away with: - A clear understanding of the identity gap in today's agent architectures and why managed identities alone aren't enough. - The building blocks to give your agents their own identities, permissions, and audit trails, without storing a single secret. - Patterns for authenticating to Azure services and your own custom APIs Whether you're a platform engineer locking down agent permissions or a developer building autonomous agents that call downstream services, this session gives you the identity primitives to do it securely.