Entra.Chat·Jun 28, 2026·47m·Episode #64

From Windows Core to Leading Agent ID: Vince Smith’s Microsoft Story

Download audio Show notes Apple Podcasts

Show notes

Folks, every big thing in identity started as somebody’s late-night side quest and Vince Smith has been in the room for a lot of them.

In this episode of Entra Chat, Vince (the PM lead driving Microsoft Entra Agent ID) walks us back through a 25-year run at Microsoft: shipping beta products off a machine wired straight to the internet under a neighbor’s desk, owning the early RBAC and custom roles work that shaped Entra, surviving a couple of security incidents he mostly can’t talk about, and finally landing on the team building identity for AI agents.

Along the way he owns up to the one feature name he’d take back if he could, and shares the dead-simple trick he used as a junior dev to get senior engineers to answer his questions every single time.

But this isn’t just a war-stories episode. Vince breaks down why agents needed a brand-new kind of identity in the first place. An agent is a strange beast ‘as clumsy and unpredictable as a human, and as fast as a machine’ which means traditional anomaly detection looks at one and basically can’t tell if it’s a user or a workload gone rogue. His answer is the blueprint-and-instance model: one blueprint (think app registration) spinning up many scoped, least-privilege instances, instead of a bazillion app registrations or one over-permissioned service principal that can read everyone’s mailbox. And if you’re wondering why this matters now, Vince makes the case that as users move to passkeys, attackers just slide to the other end of the balloon: non-human identities and workloads. That’s the new frontier.

So what should you actually do Monday morning? His advice is refreshingly un-precious: don’t wait for the perfect plan. Start green, set a standard for every new agent so you stop the bleeding from shadow AI, then stay green and slowly get green by cleaning up the mess behind you. Even just stamping a unique identifier on your agents today buys you the observability you’ll desperately want later.

Be the river that flows around the rocks.

There’s a lot more in the full conversation including how Agent ID and Agent 365 actually fit together, and how Vince came up to speed on a space that’s moving too fast to write a book about. Give it a watch.

Subscribe with your favorite podcast player or watch on YouTube 👇

About Vince Smith

Vince Smith is the PM Lead for Agent ID at Microsoft. A self-described computer nerd and Gen Xer, Vince has been with Microsoft since late 1999, working on everything from Windows Core and GDPR to multi-tenant collaboration and identity protection.

LinkedIn - https://www.linkedin.com/in/vincecsmith/

* Agent 365 - https://www.microsoft.com/en-us/microsoft-agent-365

📗 Chapters

06:23 Provisioning vs. Federation

10:25 The Need for Agent ID

17:28 Blueprints and Multi-Instancing

23:55 Demystifying Agent 365

26:56 The Threat of Non-Human Identities (NHI)

33:08 Planning Your Enterprise AI Strategy

36:14 Defining a “Start Green” AI Plan

40:45 The Best Way to Learn Complex Tech

45:13 The Wild World of CIAM

Podcast Apps

🎙️ Entra.Chat - https://entra.chat

🎧 Apple Podcast → https://entra.chat/apple

📺 YouTube → https://entra.chat/youtube

📺 Spotify → https://entra.chat/spotify

🎧 Overcast → https://entra.chat/overcast

🎧 Pocketcast → https://entra.chat/pocketcast

🎧 Others → https://entra.chat/rss

Merill’s socials

📺 YouTube → youtube.com/@merillx

👔 LinkedIn → linkedin.com/in/merill

🐤 Twitter → twitter.com/merill

🕺 TikTok → tiktok.com/@merillf

🦋 Bluesky → bsky.app/profile/merill.net

🐘 Mastodon → infosec.exchange/@merill

🧵 Threads → threads.net/@merillf

🤖 GitHub → github.com/merill

Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

← Previous

Shadow Admins: The Non-Human Identities Hiding in Your Entra Tenant

Folks, every big thing in identity started as somebody’s late-night side quest and Vince Smith has been in the room for a lot of them. In this episode of Entra Chat, Vince (the PM lead driving Microsoft Entra Agent ID) walks us back through a 25-year run at Microsoft: shipping beta products off a machine wired straight to the internet under a neighbor’s desk, owning the early RBAC and custom roles work that shaped Entra, surviving a couple of security incidents he mostly can’t talk about, and finally landing on the team building identity for AI agents. Along the way he owns up to the one feature name he’d take back if he could, and shares the dead-simple trick he used as a junior dev to get senior engineers to answer his questions every single time. But this isn’t just a war-stories episode. Vince breaks down why agents needed a brand-new kind of identity in the first place. An agent is a strange beast ‘as clumsy and unpredictable as a human, and as fast as a machine’ which means traditional anomaly detection looks at one and basically can’t tell if it’s a user or a workload gone rogue. His answer is the blueprint-and-instance model: one blueprint (think app registration) spinning up many scoped, least-privilege instances, instead of a bazillion app registrations or one over-permissioned service principal that can read everyone’s mailbox. And if you’re wondering why this matters now , Vince makes the case that as users move to passkeys, attackers just slide to the other end of the balloon: non-human identities and workloads. That’s the new frontier. So what should you actually do Monday morning? His advice is refreshingly un-precious: don’t wait for the perfect plan. Start green, set a standard for every new agent so you stop the bleeding from shadow AI, then stay green and slowly get green by cleaning up the mess behind you. Even just stamping a unique identifier on your agents today buys you the observability you’ll desperately want later. Be the river that flows around the rocks. There’s a lot more in the full conversation including how Agent ID and Agent 365 actually fit together, and how Vince came up to speed on a space that’s moving too fast to write a book about. Give it a watch. Subscribe with your favorite podcast player or watch on YouTube 👇 About Vince Smith Vince Smith is the PM Lead for Agent ID at Microsoft. A self-described computer nerd and Gen Xer, Vince has been with Microsoft since late 1999, working on everything from Windows Core and GDPR to multi-tenant collaboration and identity protection. LinkedIn - https://www.linkedin.com/in/vincecsmith/ 🔗 Related Links * Entra Agent ID - https://learn.microsoft.com/en-us/entra/agent-id/what-is-microsoft-entra-agent-id * Agent 365 - https://www.microsoft.com/en-us/microsoft-agent-365 📗 Chapters 06:23 Provisioning vs. Federation 10:25 The Need for Agent ID 17:28 Blueprints and Multi-Instancing 23:55 Demystifying Agent 365 26:56 The Threat of Non-Human Identities (NHI) 33:08 Planning Your Enterprise AI Strategy 36:14 Defining a “Start Green” AI Plan 40:45 The Best Way to Learn Complex Tech 45:13 The Wild World of CIAM Podcast Apps 🎙️ Entra.Chat - https://entra.chat 🎧 Apple Podcast → https://entra.chat/apple 📺 YouTube → https://entra.chat/youtube 📺 Spotify → https://entra.chat/spotify 🎧 Overcast → https://entra.chat/overcast 🎧 Pocketcast → https://entra.chat/pocketcast 🎧 Others → https://entra.chat/rss Merill’s socials 📺 YouTube → youtube.com/@merillx 👔 LinkedIn → linkedin.com/in/merill 🐤 Twitter → twitter.com/merill 🕺 TikTok → tiktok.com/@merillf 🦋 Bluesky → bsky.app/profile/merill.net 🐘 Mastodon → infosec.exchange/@merill 🧵 Threads → threads.net/@merillf 🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe