At Workday Rising 2025, Workday and Microsoft laid out a joint plan to give every AI agent the same treatment as a human employee: a verified identity, a role, a budget line, and a permanent audit trail. The integration registers agents built in Copilot Studio and Azure AI Foundry into Workday’s Agent System of Record (ASOR), with each agent receiving a Microsoft Entra Agent ID that makes it visible to IT, security, HR, and finance teams from a single control plane.
For enterprises already running dozens—or hundreds—of autonomous agents, that shift from “bot sprawl” to governed workforce is the core sell. Here’s what the tie-up actually delivers, where it still leaves gaps, and the steps your teams should take now.
A Three-Layer Governance Model Arrives
The Workday-Microsoft integration orchestrates agents across three control planes that had previously been siloed:
- Identity – Microsoft Entra Agent ID extends directory principles to software agents. Every agent created in Copilot Studio or Azure AI Foundry automatically gets a directory identity, making it discoverable in the Entra admin center and subject to conditional access, lifecycle policies, and access reviews.
- Runtime & orchestration – Copilot Studio (low-code) and Azure AI Foundry (pro-code) remain where agents are built, deployed, and connected to enterprise data and APIs.
- Business context & governance – Workday ASOR becomes the central registry. Once an agent is identity-provisioned, Workday’s Agent Gateway ingests it into ASOR, where administrators assign the agent a role scope, permitted actions, cost center attribution, service-level objectives, and monitoring hooks.
When an agent needs to interact with another agent—say a Copilot-based chat assistant hands off to a Workday HR agent to update career goals—the transition uses the Agent-to-Agent (A2A) protocol and Model Context Protocol (MCP) to preserve context, enforce policies, and log every step against the agent’s identity. The handoff isn’t just a data exchange; it’s a governed transaction with identity-backed audit logs that tie back to business processes in Workday.
The Problem This Solves: Unchecked AI Agent Sprawl
Most organizations moved from pilot projects to scaled agentic automation without the operational guardrails long required for human staff. Three headaches have become acute:
- Shadow bots multiplying: Lines of business spin up agents with no central catalog, creating hidden cost pools and compliance risks.
- Fractured identity and access: Agents often use service accounts or API keys with inconsistent permissions, leaving security teams blind to what those bots can actually do.
- ROI that’s impossible to measure: Without unified telemetry and cost-center attribution, finance can’t calculate whether digital labor is saving or bleeding money.
Workday’s ASOR plus Microsoft Entra Agent ID tackles these directly. By forcing every agent to have an identity, an owner, a budget code, and performance metrics, the integration gives CIOs and CISOs auditable, budgeted, and governed automation at scale. It also lets CFOs see digital labor on a dashboard next to human headcount.
What This Means for Different Teams
For IT administrators: Expect new object types to appear in Entra. Agents from Copilot Studio will surface with a specific “Agent ID” object class, but early tenant feedback suggests Azure AI Foundry agents may appear as managed identities or service principals. Validate the specific identity semantics in your own directory before building policies. You’ll need to extend conditional access rules to cover agent identities and design deprovisioning workflows that reach from Entra through to ASOR and downstream connectors.
For security teams: The identity-first approach is a double-edged sword. On the plus side, you finally have visibility into machine identities that previously operated off the books. You can apply least-privilege, just-in-time elevation, and short-lived credentials. But every new identity expands the attack surface. A compromised agent with elevated rights could move at machine speed. The same disciplined credential hygiene you use for service principals—secrets rotation, rigorous permission reviews—must now apply to agents.
For HR and finance leaders: ASOR turns agents into line items. You can assign cost centers, set budgets, track time savings, and measure ROI through Workday analytics. The dashboard will show where agents are used, how often they escalate to humans, and their impact on process costs. That data is essential for making the business case for further automation investment.
For line-of-business owners: You’ll still build agents in Copilot Studio with low-code tooling, but governance won’t be an afterthought. Before an agent goes live, it will require an Entra Agent ID and an ASOR registration where finance and HR peers sign off on its budget and permitted actions. This adds a few steps but eliminates the risk of an unowned bot causing a compliance incident.
A Brief History of Agent Governance (or Lack Thereof)
Workday introduced ASOR earlier in 2025 as a direct response to enterprise demand for a system-of-record that could treat digital workers like human ones. Microsoft’s complementary move was Entra Agent ID, built on the insight that directory identity—not just API keys—must be the foundation for Zero Trust in an agent world.
The rise of Copilot Studio and Azure AI Foundry gave organizations powerful, accessible tools to create agents, but that very accessibility led to proliferation without centralized control. Existing identity and governance systems weren’t designed for autonomous software that could operate across clouds and business applications. ASOR and Entra Agent ID close that gap by giving agents a structured, policy-enforced home that spans identity, runtime, and business process.
The new cross-vendor integration, announced at Workday Rising 2025, is the first time these pieces have been stitched together in a coordinated way. Prior to this, organizations had to cobble together custom logging, manual spreadsheets, and fragile point-to-point integrations to track what their agents were doing. Now they have an off-the-shelf joint solution.
Where to Start: A Governance Playbook
Implementation doesn’t happen overnight. Here’s the sequence that IT, security, and HR leaders should follow to turn the vision into practice.
Inventory every existing agent. Before you can govern agents, you need to know what you have. Catalog all current automations, bots, and AI agents. Classify each by business impact, data sensitivity, runtime owner, and whether it will be migrated into ASOR. This inventory is your baseline for risk assessment and prioritization.
Make identity non-negotiable. Mandate that every agent interacting with sensitive systems or data must have an Entra Agent ID (or equivalent directory identity). Enforce conditional access, just-in-time privilege elevation, and short-lived tokens for high-privilege agent tasks. Tie agent identities to your existing access review cadence.
Design least-privilege at the action level. Map out exactly what each agent is allowed to do. In ASOR, attach permitted action sets and SLOs to each registered agent. Require explicit approvals for sensitive operations—like financial adjustments or PII access—and implement continuous permission reviews.
Stitch your audit trails from day one. True accountability requires log correlation that persists across Entra, Copilot/Foundry runtimes, and Workday ASOR. Define correlation keys that follow a transaction end-to-end. Set log retention policies and automated alerting for anomalous agent behavior. Without this observability architecture, audits will have gaps that undermine the whole governance model.
Spin up a cross-functional governance council. AI agent governance isn’t just a tech problem. Bring together security, HR, finance, legal, and business owners to define escalation paths, incident response playbooks for agent compromise, and deprovisioning routines that cascade from ASOR through to all connected systems. Decide who “owns” an agent when something goes wrong, and document those owners in ASOR.
Pilot, measure, and then scale. Start with a few bounded, role-based agents that handle low-risk, high-value tasks. Use Workday ASOR dashboards to measure time saved, transactions automated, and cost per agent. Let those ROI numbers justify broader rollout, but don’t move beyond pilot until you’ve validated the full governance lifecycle—including deprovisioning—in a non-critical environment.
The Risks You Can’t Ignore
No technical integration eliminates operational risk. The Workday-Microsoft model closes major gaps but introduces new ones that require active management.
- Identity expansion equals attack surface growth. Every new Entra Agent ID is a potential vector. Organizations that treat agent identities like service accounts—with the same rigor around credential rotation, monitoring, and least privilege—will contain the risk; those that don’t will create a high-velocity threat.
- Privilege creep is still possible. Role-based agents are meant to be capable, but capability without guardrails becomes dangerous. Overly broad permission sets, skipped approval steps, or lack of action-level authorization can let an agent access data or systems beyond its true need.
- End-to-end auditability is hard. Stitching logs across Entra, Microsoft runtimes, and Workday ASOR requires deliberate engineering. Log formats, retention rules, and correlation keys must be aligned across vendors. In a proof-of-concept, demand a demonstration that follows a transaction from start to finish.
- Vendor lock-in vs. open ecosystem is unresolved. Workday positions ASOR as an open gateway; Microsoft defaults to its own stacks. The tightest integration will be Workday + Microsoft, and stretching governance to alternative agent runtimes may cost you. Procurement teams should evaluate portability of agent metadata and multi-vendor scenarios now.
- Humans still matter most. Technology provides the framework, but governance maturity requires organizational muscle: training, playbooks, and executive buy-in. Without those, the tools become another layer of complexity rather than a safety net.
The Industry Shift: From Tools to Workforce Management
Workday’s ASOR and Microsoft’s Entra Agent ID reflect a broader market truth: AI agents aren’t just new software features; they’re a new category of labor. Giving them employee-style identity, budgets, and auditability isn’t a luxury—it’s a prerequisite for operating at scale without breaking compliance or the bank.
The integration also signals a maturing alliance between two enterprise giants. Workday’s Agent Marketplace and Microsoft’s agent toolchain will likely grow tighter, making the combined experience compelling for organizations already on Microsoft 365 and Azure. At the same time, Workday’s support for MCP and A2A protocols suggests ambition to be an open orchestration layer, provided other partners adopt the same standards.
Customers should watch for three things: independent audits that validate vendor claims about end-to-end audit trails, real customer case studies that prove ASOR’s ROI measurement holds up in production, and the emergence of third-party agent runtimes that connect cleanly to the ASOR gateway. The governance model will only be as strong as the ecosystem around it.
For now, the takeaway is practical: the tools to govern AI agents like employees are here, in preview form, from two vendors that already run your HR and productivity stacks. The next move belongs to CIOs and their cross-functional peers—to inventory, pilot, secure, measure, and then scale with discipline.