Session Abstract

AI agents and automations do not use passwords or MFA, yet they authenticate and access data continuously. Treated like normal users, they become hard to track, easy to over-permission, and difficult to audit. This session shows Microsoft 365 admins how to apply Zero Trust to non-human identities at scale using Microsoft Entra. You will learn how these identities differ from user accounts, what “good” access control looks like in practice, and how to block risky access before it reaches sensitive resources. We will also cover governance patterns that keep ownership clear and permissions time-bound, so every non-human identity has accountability and built-in review.

Thomas Vochten

I am a technology evangelist helping companies to design, implement and secure Microsoft 365. As Microsoft MVP, I also travel the world to speak at events, conferences, and user groups to talk about technology and to make sure people do not make the same expensive mistakes that I made.