Microsoft Entra Agent ID Logs Reveal Suspicious Assistive Agent Activity

This Red Canary investigation details how assistive AI agents, when granted delegated access via Microsoft Entra On Behalf Of flows, can be abused to perform malicious actions that appear to come from legitimate users. The report demonstrates detection by correlating Purview Exchange, Graph Activity, and sign-in logs, highlights key log fields (e.g., Agent.agentType, Agent.parentAppId), and publishes IoCs—IP addresses, agent/app IDs, tenant and endpoint details—plus recommendations for defenders to monitor delegated permission grants and unexpected Graph API Mail.Send activity.