At Identiverse, Aembit Unveils MCP Governance for Microsoft Copilot Studio Agents

{
"title": "At Identiverse, Aembit Unveils MCP Governance for Microsoft Copilot Studio Agents",
"content": "Aembit, a company specializing in workload identity and access management (IAM), announced at the Identiverse conference in Las Vegas on June 16, 2026, that its platform now supports Microsoft Copilot Studio. The integration gives enterprises the ability to govern how AI agents—built with Copilot Studio—access critical business tools and data through the Model Context Protocol (MCP). This move marks a significant step toward securing agentic AI at scale.

For security teams struggling with the proliferation of non-human identities—service accounts, APIs, bots, and now AI agents—the news signals a maturing market for blended IAM. Aembit’s platform, traditionally focused on workload identity, now treats AI agents as another type of non-human actor that requires tightly scoped, just-in-time access. By extending its policy engine to Copilot Studio agents, Aembit aims to close the governance gap that has left many organizations uneasy about autonomous AI operations.

The Evolution of IAM: From Humans to Non-Humans

Identity and access management originated to control what human users could do within corporate networks. Over time, the explosion of cloud services and APIs introduced \"machine identities\" or \"workloads\"—non-human actors that needed credentials to interact with each other. Managing these became a distinct discipline, with tools like HashiCorp Vault, CyberArk, and later Aembit, focusing on secrets management and workload IAM.

AI agents represent the next evolutionary step. Unlike static services, agents can make decisions, chain tools together, and operate with a degree of autonomy. They blur the line between a simple API call and a human-like action. A Copilot Studio agent might, for instance, analyze a customer complaint, access the CRM, draft a response, and even issue a refund—all without human intervention. Such power requires a governance model that is both flexible and airtight.

Aembit positions its platform as filling the gap by enabling context-based, just-in-time access for AI agents. Traditional IAM was never designed for the velocity and context-sensitivity of agentic workloads, where permissions must be evaluated on the fly based on risk, intent, and data sensitivity.

How MCP Governance Works in Practice

The Model Context Protocol (MCP) has rapidly become the standard for connecting AI agents to external tools and data sources. Originally open-sourced by Anthropic, MCP allows any AI model to interact with a growing ecosystem of servers offering everything from database queries to web search and enterprise applications. Copilot Studio supports MCP, meaning agents built on that platform can tap into dozens of services without custom code.

This interconnectivity, while powerful, creates a sprawling attack surface. Without centralized governance, each MCP tool integration becomes a separate security silo. An agent might be granted broad database access when it only needs to read a single field; or it might inadvertently chain tools together in a way that exposes sensitive data.

Aembit’s platform acts as a policy enforcement point for MCP connections. When a Copilot Studio agent initiates a request to an MCP server, Aembit intercepts the call, verifies the agent’s identity, and evaluates the applicable access policies. Policies can be based on numerous attributes: the agent’s role, the requested resource, time of day, geolocation, data classification, and even the previous behavior of the agent. If the request is permitted, Aembit generates a short-lived token that allows the connection to proceed.

The process is entirely programmatic and adds negligible latency. Because Aembit integrates at the identity layer—not as a proxy or gateway—it can scale to handle the high rate of calls typical of agentic workflows. The platform also logs every access decision, giving security operations teams a full audit trail. This is critical for compliance and for detecting unusual patterns that might indicate a compromised agent.

Blended IAM: Unifying Human and Non-Human Governance

Aembit has long advocated for \"blended IAM\"—a single policy framework that governs both human and non-human identities. With the addition of AI agents, that vision becomes even more compelling. Consider a business process that starts with a human request (say, an employee asking a Copilot agent to generate a report), which then triggers the agent to access data via MCP tools. Both the human and the agent must be authorized, but their access requirements differ.

In Aembit’s model, an administrator can define a policy that says: \"When John, a manager, asks the HR copilot to pull salary data, the copilot can only read salary records for direct reports, and only during business hours, and must use a read-only MCP connection.\" This policy covers both the human identity (John) and the workload identity (the copilot). It’s a seamless blend that traditional tools struggle to implement.

The platform integrates with existing identity providers like Microsoft Entra ID, Okta, and Ping Identity. That means enterprises don’t need to rip and replace their current IAM infrastructure; Aembit layers on top, adding the dynamic, granular controls that static group memberships cannot provide.

Immediate Impact on Windows and Microsoft-Centric Enterprises

For the Windows and Microsoft ecosystem, this announcement carries particular weight. Copilot Studio is not an isolated tool; it’s deeply embedded in the Power Platform, Dynamics 365, and Microsoft 365. Many organizations are building agents that extend Windows-based line-of-business applications, or that manage IT tasks on Windows servers. The ability to enforce strict access policies on these agents is crucial for preventing data leaks and privilege escalation.

Windows administrators who are already juggling service accounts, managed identities, and application pools can now add AI agents to the governance framework. Aembit’s solution gives them a unified view of who (or what) can do what across the enterprise. For example, a Copilot agent that helps reset Active Directory passwords via a self-service portal can be limited to only resetting passwords for non-admin users and never touching group memberships. Such granularity is difficult to achieve with native Active Directory or even Entra ID features alone.

At Identiverse, Aembit demonstrated a scenario where a Copilot agent for IT support attempts to use an MCP-connected database to look up a user’s ticket history. The agent was granted a temporary, read-only credential that expired after 60 seconds, and all actions were logged. This kind of just-in-time access, Aembit argued, is the only safe way to allow agents to operate autonomously.

Competitive Landscape and Industry Significance

Aembit is not alone in the non-human identity space. Major players like CyberArk, HashiCorp, and BeyondTrust offer workload identity solutions, and cloud providers have their own managed identity services. However, Aembit’s explicit focus on AI agents and MCP governance sets it apart. By targeting Copilot Studio—the most widely adopted agent builder in the Microsoft ecosystem—Aembit is positioning itself as a critical enabler for secure agentic AI adoption.

The announcement comes at a time when enterprises are moving beyond proof-of-concept AI agents to production deployments. According to Aembit’s own research, cited at the conference, over 60% of organizations plan to have AI agents in production within the next two years, but fewer than 20% feel they have adequate security controls. That gap represents a significant market opportunity, and Aembit is racing to fill it.

Analysts at Identiverse noted that the combination of agentic AI and MCP is likely to become the default architecture for next-generation business applications. As a result, governance at the MCP layer will be as important as API gateway security is today. Aembit’s early move could become a de facto standard.

Deployment and Operational Considerations

Getting started with Aembit’s Copilot Studio integration is straightforward for organizations already using the platform. Copilot Studio agents are registered as workloads in Aembit, and administrators define access policies using a visual policy builder or via infrastructure-as-code. Aembit then provisions dedicated identity profiles for these agents, replacing any hard-coded credentials or static service accounts.

The platform supports a range of cloud deployment models, including SaaS and private cloud,