|
| 1 | +# Agentic Identity with the M365 Agents SDK |
| 2 | + |
| 3 | +# Agentic Users and Terms |
| 4 | +To create an AI Teammate who works alongside humans, Microsoft introduced few key concepts like Agent Blueprint (AB), Agent Identity (AI), Agentic User (AU). Agentic Users are autonomous agents that want to behave like user accounts. |
| 5 | + |
| 6 | +**Agentic User** is an identity for an autonomous agent that acts like a user to access resources. Each agentic user is tied to a particular agent instance "parent", and from there to a specific Agent ID Blueprint. Agentic users support the features of normal user accounts -- they can have mailboxes and participate in chats, etc., with some small restrictions for security. |
| 7 | + |
| 8 | +**Agent ID Blueprint** is an application that holds the business logic and orchestration for an agent and has the ability to create and manage agent identities. These agent identities are tied to their parent Agent ID Blueprint and can only be managed by that specific Blueprint. |
| 9 | + |
| 10 | +[TODO - Confirm] This value will match the Agent ID configured in the Azure Bot Service. |
| 11 | + |
| 12 | +**Agent Identity** is an app-like identity, derived from service principal that represents an autonomous agent. An Agent ID Blueprint can get tokens for its child Agent Identities through FIC impersonation. Agent Identities are single tenant, created in the tenant where the Agent ID Blueprint is installed, but a given Agent ID Blueprint can create and manage multiple Agent Identities within a single tenant. |
| 13 | + |
| 14 | +**Agentic Instance ID** |
| 15 | + |
| 16 | +**Agentic Instance Token** |
| 17 | + |
| 18 | +# Sample Agentic Agents |
| 19 | + |
| 20 | +# Agentic Configuration Settings |
| 21 | +## Python |
| 22 | +## C# |
| 23 | +## Javascript |
| 24 | + |
| 25 | +# Common Configuration Errors |
| 26 | + |
| 27 | +## context.identity is required for agentic activities |
| 28 | + |
| 29 | +## Missing MSAL Configuration |
| 30 | + |
| 31 | +## Missing Agent Instance ID |
| 32 | + |
| 33 | +## Agentic user not configured |
| 34 | + |
| 35 | +## IAgenticTokenProvider Not Found |
| 36 | + |
| 37 | +# Common MSAL Errors |
| 38 | + |
| 39 | +## Failed to obtain token |
| 40 | + |
| 41 | +## Undefined Agent Application Instance ID |
| 42 | + |
| 43 | +## Failed to acquire agentic instance token |
| 44 | + |
| 45 | +## Failed to acquire token |
| 46 | + |
| 47 | +## Agent application instance Id and agentic user Id must be provided |
| 48 | + |
| 49 | +## Failed to acquire token for client - no payload |
| 50 | + |
| 51 | +## Unable to retrieve agentic user token |
| 52 | + |
| 53 | +# Appendix 1 - Linking to this document. |
| 54 | +This document is deep linked from the M365 Agents SDK. When errors / exceptions are generated, those exceptions contains aka.ms links that deep link into the sections here. |
| 55 | + |
| 56 | +This means the names used in the section headers are fragile. The algorithm for deeplinking into a GitHub document is: |
| 57 | +1. Identify the Header ID: GitHub automatically generates an ID for each header in a Markdown file. This ID is derived from the header text by lowercasing it, replacing spaces with hyphens, and removing special characters. |
| 58 | + * For a header like `# My Section`, the ID would be my-section |
| 59 | + * For a header like `## Another Great Section!`, the ID would be another-great-section. |
| 60 | +1. Construct the Link: Use standard Markdown link syntax with the header ID as the destination, prefixed by a hash (#). |
| 61 | + |
| 62 | +## Appendix 2 - Links (Autogenerated via GitHub Copilot) |
| 63 | + |
| 64 | +The following GitHub Copilot prompt is used to generate the deep links that are listed below. Claude 4.5 was used inside VS Code for the generation. |
| 65 | +``` |
| 66 | +https://github.com/microsoft/Agents/blob/users/cleemullins/ConfigurationAndErrors/M365AgentsAgenticIdentity.md |
| 67 | +
|
| 68 | +Analyze the top level and second level headers of this document. Generate URL's I can use to deeplink into each section. |
| 69 | +
|
| 70 | +The rules for generating those deeplinks are found in "Appendix 1". Exclude all appendix from the list of generated deeplinks. |
| 71 | +
|
| 72 | +The format for the URLs should be: |
| 73 | +
|
| 74 | +https://github.com/microsoft/Agents/blob/{BranchName}/M365AgentsAgenticIdentity.md#TagName |
| 75 | +
|
| 76 | +The branchname in the template above is "users/cleemullins/ConfigurationAndErrors" |
| 77 | +
|
| 78 | +In the example above "TagName" is generated as part of this prompt. Emit this as markdown suitable for pasting into the document in Appendix 2. |
| 79 | +``` |
| 80 | + |
| 81 | +### Top-Level Headers |
| 82 | + |
| 83 | +- [Agentic Identity with the M365 Agents SDK](https://aka.ms/M365AgentsErrorCodes/#agentic-identity-with-the-m365-agents-sdk) |
| 84 | +- [Agentic Users and Terms](https://aka.ms/M365AgentsErrorCodes/#agentic-users-and-terms) |
| 85 | +- [Sample Agentic Agents](https://aka.ms/M365AgentsErrorCodes/#sample-agentic-agents) |
| 86 | +- [Agentic Configuration Settings](https://aka.ms/M365AgentsErrorCodes/#agentic-configuration-settings) |
| 87 | +- [Common Configuration Errors](https://aka.ms/M365AgentsErrorCodes/#common-configuration-errors) |
| 88 | +- [Common MSAL Errors](https://aka.ms/M365AgentsErrorCodes/#common-msal-errors) |
| 89 | + |
| 90 | +### Second-Level Headers |
| 91 | + |
| 92 | +#### Agentic Configuration Settings |
| 93 | +- [Python](https://aka.ms/M365AgentsErrorCodes/#python) |
| 94 | +- [C#](https://aka.ms/M365AgentsErrorCodes/#c) |
| 95 | +- [Javascript](https://aka.ms/M365AgentsErrorCodes/#javascript) |
| 96 | + |
| 97 | +#### Common Configuration Errors |
| 98 | +- [context.identity is required for agentic activities](https://aka.ms/M365AgentsErrorCodes/#contextidentity-is-required-for-agentic-activities) |
| 99 | +- [Missing MSAL Configuration](https://aka.ms/M365AgentsErrorCodes/#missing-msal-configuration) |
| 100 | +- [Missing Agent Instance ID](https://aka.ms/M365AgentsErrorCodes/#missing-agent-instance-id) |
| 101 | +- [Agentic user not configured](https://aka.ms/M365AgentsErrorCodes/#agentic-user-not-configured) |
| 102 | +- [IAgenticTokenProvider Not Found](https://aka.ms/M365AgentsErrorCodes/#iagentictokenprovider-not-found) |
| 103 | + |
| 104 | +#### Common MSAL Errors |
| 105 | +- [Failed to obtain token](https://aka.ms/M365AgentsErrorCodes/#failed-to-obtain-token) |
| 106 | +- [Undefined Agent Application Instance ID](https://aka.ms/M365AgentsErrorCodes/#undefined-agent-application-instance-id) |
| 107 | +- [Failed to acquire agentic instance token](https://aka.ms/M365AgentsErrorCodes/#failed-to-acquire-agentic-instance-token) |
| 108 | +- [Failed to acquire token](https://aka.ms/M365AgentsErrorCodes/#failed-to-acquire-token) |
| 109 | +- [Agent application instance Id and agentic user Id must be provided](https://aka.ms/M365AgentsErrorCodes/#agent-application-instance-id-and-agentic-user-id-must-be-provided) |
| 110 | +- [Failed to acquire token for client - no payload](https://aka.ms/M365AgentsErrorCodes/#failed-to-acquire-token-for-client---no-payload) |
| 111 | +- [Unable to retrieve agentic user token](https://aka.ms/M365AgentsErrorCodes/#unable-to-retrieve-agentic-user-token) |
0 commit comments