Satya Nadella says AI agents need identities, permissions, and audits like employees

Microsoft CEO Satya Nadella says AI agents should be treated like employees, not magic software. In a Friday episode of the "Possible Podcast" posted with Reid Hoffman, Nadella argued that organizations need to give AI agents identities, permissions, sandboxes, and policies that can be audited.

He made the point with a practical headache. Nadella said he often runs 100 AI coding agents at once and that guiding each through a chat interface creates an enormous cognitive load. “The cognitive load on me managing this is so high,” he said. The message is clear: if you are juggling dozens or hundreds of agents, you will not scale management with vibes and chat windows. You need governance that works even when the humans are busy.

This is happening because companies are already spending vast sums to adopt AI, while the day-to-day reality is messier. Many organizations are still figuring out how their AI agents will work with their human employees. The governance problem is particularly tough because AI agents blur categories. They can act, access systems, generate outputs, and create downstream risk in ways that look less like a static software feature and more like an operational workforce.

Nadella said Microsoft is starting to think of agents the way it thinks about staff it must oversee. That includes giving agents specific permissions for what they can and cannot access inside the company. It also includes ways to audit their work, so that when something goes wrong, you can trace what happened instead of guessing. His framing was direct: “You need to give them identities, you need to give them sandboxes, then you need to set policies to govern them.” That is the core operating model he is advocating.

If that sounds like traditional enterprise security language, it is. The shift is that those concepts are now being applied to autonomous-ish software agents. Nadella connected the strategy to four pillars: security, containment, managability, and observability. “I think security, containment, managability, and observability is the way we're going to have confidence around these agents,” he said. In other words, teams need confidence that agents can be constrained, monitored, and understood after deployment, not only evaluated in a demo.

Microsoft’s infrastructure plan for this shows up in its Agent 365 suite, which Nadella said includes Entra and Purview. Entra is Microsoft’s digital identity and network access product, which maps neatly to his “identities” and “permissions” argument. Purview is used to label data AI agents create, which matters for auditing and data handling. The implied workflow is straightforward: identity and access controls determine what an agent can touch; containment prevents uncontrolled behavior; labeling helps categorize outputs; and observability plus audits allow review and accountability.

There is also a regulatory and compliance subtext here, even though Nadella is not citing new rules in the source. As AI systems move from experimental use to enterprise workflows, regulators and auditors tend to ask for traceability: who or what had access, what actions were taken, and what data was used. Nadella’s insistence on identities and audits is basically an enterprise-ready answer to those questions. It turns “AI created a result” into “an agent with a named identity, scoped permissions, and auditable actions produced that result.” That is the difference between defensible operations and perpetual uncertainty.

Finally, this is not just a Microsoft story. It is a board-level issue. When Nadella said he can have 100 AI coding agents running at once, he highlighted a scaling trap: if governance does not keep up, risk stacks faster than adoption. Companies can end up with sprawling agent ecosystems, each with its own access patterns, data flows, and failure modes. The second-order effect is that security and compliance teams get pulled into reactive firefighting, while product teams push for speed. Nadella’s proposed model, treating agents like employees with governable permissions, is a way to reduce that tension by standardizing how agents are created and controlled.

And there is a human element to this conversation too. Hoffman said during the discussion that after 10 years, he'd be leaving Microsoft’s board to return to what he called “founder mode.” Whether or not you care about board dynamics, the governance question is the same: can you operationalize AI at scale without losing control of identity, access, and accountability? Nadella’s answer is that you can, if you build the same guardrails you use for people, then apply them to agents before they run wild in your environment.