From OBO APIs to Agent Identities: Entra Conditional Access Still Works the Same

Six years ago I wrote a small sample to help me better understand how the On-Behalf-Of (OBO) flow actually works — a browser SPA calling a middle-tier Web API, which called Azure SQL on behalf of the signed-in user. Today it might be an assistive AI agent calling a MCP Server with the delegated constrains of the end-user. Same rules apply. This article explains why. Three sentences that should survive beyond any particular technology: If your system acts on behalf of a user, delegation rules apply. If delegation rules apply, Conditional Access applies at token issuance for the downstream resource. APIs, agents, and MCP servers don't change that — they just change the shape of the middle tier. If an AI agent acts on behalf of a user, your existing Conditional Access policies that govern how users access corporate data already apply — automatically. You don't need to invent "agent-specific Conditional Access" for assistive agents. Assistive agents don't bypass Conditional Access. They in