Using Workday’s Agent System for secure AI agent management

Workday and Microsoft are linking Workday’s Agent System of Record to Microsoft identity and AI tooling. The public reporting says agents can be registered in Workday and tied to Microsoft Entra identities and Azure AI tools source. Workday’s own announcement adds that the aim is to make agents manageable alongside people source.

The useful part is straightforward: give an AI agent a record, an identity, and some governance hooks. That means an Agent System of Record entry, a verifiable identity, and lifecycle events that fit into existing HR and IT processes. The practical gain is clearer audit trails and less chance of shadow agents running with unchecked access.

That changes how I would handle AI agent workflows. I would treat an agent like any other controlled actor. Permissions would sit in Azure identity controls, agent roles would map back to Workday attributes, and actions would be logged for review. It also makes it easier to keep experimental agents separate from production ones.

Expect HR platform owners, identity and access engineers, AI platform leads, and compliance teams to be involved. HR can manage the Agent System of Record entries. Identity teams can issue and vet Entra Agent IDs. AI platform owners can manage model access in Azure. Compliance can set retention and logging rules.

Secure management of AI agents

Permissions are the hard part. Agents need least-privilege scopes for data access, service calls, and downstream systems. In practice I would create role templates in Azure for common agent types: read-only analyst, workflow orchestrator, and transaction processor. Then I would map those templates to Workday roles so provisioning can be automated. That keeps human mistakes out of agent privileges and limits the blast radius when an agent misbehaves.

Identity verification gives the agent a cryptographic and organisational anchor. I would use Microsoft Entra Agent ID for authentication and Workday’s Agent System of Record for the organisational record. That lets me tie an identity to a registered agent and keep the agent’s attributes, owner, purpose, and allowed datasets in one place. That helps when something goes wrong and someone has to work out what the agent actually touched.

Best practices for secure workflows

• Define a registration workflow. Require a documented purpose, owner, and data access justification before issuing an Entra Agent ID. Record those fields in the Agent System of Record.
• Automate provisioning. Use Azure role templates and Workday events to connect identity issuance to approvals. That avoids manual credential handoffs.
• Enforce least privilege. Grant the smallest set of permissions needed and time-box sensitive rights.
• Log everything. Record agent actions in central logging, and keep links back to the agent record for traceability.
• Version-control agent artefacts. Treat prompts, chain logic, and connectors as code and keep them in a registry that references the agent ID.

Challenges in implementation
Mapping Workday attributes to Azure policies is rarely one-to-one. Identity lifecycles differ, with HR events moving more slowly than CI/CD-driven model updates. I also see governance gaps around third-party agents supplied by vendors, which may not fit cleanly into internal identity controls. Those need clear contract terms and token-exchange patterns. Telemetry and observability for agent behaviour is still weak in many stacks, so custom logging is probably unavoidable for now.

Agents should be treated as governed identities from day one. Workday’s Agent System of Record can hold the record of what the agent is and why it exists. Microsoft Azure and Entra can handle access and operational controls. The handoffs between the two need to be automated so approvals, provisioning, and revocation stay repeatable.