Muistiinpano
Tämän sivun käyttö edellyttää valtuutusta. Voit yrittää kirjautua sisään tai vaihtaa hakemistoa.
Tämän sivun käyttö edellyttää valtuutusta. Voit yrittää vaihtaa hakemistoa.
Important
Windows 365 for Agents is in public preview. The feature is under active development and might change before general availability.
Windows 365 for Agents uses an authentication model that is tightly integrated with the agent session lifecycle and Cloud PC architecture.
Authentication in the session lifecycle
Agent authentication isn't a one-time event. It's woven into every session. When an agent task begins, a Cloud PC is acquired from the pool and an authenticated session is established: a secure channel opens, Microsoft Entra issues and validates tokens, and access is evaluated against identity, device, and policy signals. Authentication is bound to the device, so only authorized agents can connect to the assigned Cloud PC. After the agent connects, all actions execute under the authenticated agent identity with enterprise single sign-on (SSO) to applications and data. This setup lets agents interact with enterprise resources just like a human user, but under a governed identity. When the task completes, the session ends and the Cloud PC is reset.
Token-based session security
Agent session tokens are cryptographically bound to the device, and session tokens can't be replayed across devices. This approach replaces interactive authentication with strong service-to-service trust, secure token exchange, and policy-based access enforcement.
Continuous verification
Zero Trust applies throughout the session. Every request is validated by using identity and context signals, risk and device signals are evaluated continuously, and access can be revoked dynamically as conditions change.
Isolation and reset by design
Identity is reinforced by the ephemeral nature of agent sessions. Each session runs in a dedicated environment. Identity and tokens are scoped to that device, and the Cloud PC is reset before reuse. No credentials persist, and no trust carries across workloads. This "clean boundary" model ensures that every session starts from a known, secure baseline, which minimizes risk from previous activity.
Next steps
- Learn about the agent session lifecycle.
- Learn about identity and security in Windows 365 for Agents.