AegisAI uses Entra ID (formerly Azure AD) on-behalf-of flow to propagate the calling user's identity to Synapse, Fabric, Cosmos DB, and the data services Microsoft Copilot Studio already lives in. Conditional Access policies stay enforced. Purview lineage tracks the actual user.
✓ LIVE: Synapse SQL endpoint via REST. AAD per-user RBAC check framework. Entra ID JWT validation.
⧉ EARLY ACCESS · Q3 2026: OBO flow end-to-end to data plane, Synapse Spark pool per-user job submission, Conditional Access propagation
⧉ ROADMAP · Q4 2026: Microsoft Fabric / OneLake item-level enforcement, Power BI semantic model RLS, Cosmos DB partition-key RBAC, Azure OpenAI per-user quota, Purview lineage correlation
The OBO flow primitive is built and reused per Azure service. Each new data plane integration is ~5 engineer-days against a customer Azure sandbox.
Conditional Access policies, Synapse workspace role assignments, Fabric capacity permissions, Cosmos DB RBAC, Purview data classifications — Azure's permission model is rich. Most "AI on Azure" tutorials skip it entirely with a service principal and broad scope. That choice flattens your security posture.
Your CISO spent six months designing Conditional Access policies — MFA on data access, IP restrictions, device compliance. A service principal sidesteps all of it. The CA policies become decorative.
Purview tracks data lineage based on the calling principal. When everything calls as the same service principal, lineage becomes useless — you can't tell which business unit is touching what.
B2B guest users, multi-tenant SaaS, sovereign clouds — the right answer requires per-user identity that survives tenant boundaries. A single-tenant service principal can't model this.
AegisAI uses the OAuth 2.0 on-behalf-of (OBO) flow to exchange the user's IdP token for a delegated token bound to the user. Synapse, Fabric, and Cosmos DB see the actual user. Conditional Access still fires. Purview lineage stays accurate.
Synapse workspace role assignments and dedicated SQL pool grants apply per user. Serverless SQL pool RBAC and data-plane permissions evaluate against the calling user's Entra ID principal.
Fabric workspaces have item-level permissions. OneLake security applies role-level access per delta table. AegisAI propagates the user's identity so workspace boundaries, item permissions, and table-level access all work as configured.
Cosmos DB RBAC role assignments apply at the database, container, or partition-key level. AegisAI's OBO token carries the user identity so partition-key-scoped permissions and document-level conditions still fire.
Azure OpenAI deployments support per-user content filtering and per-user rate limits. When Copilot Studio calls data services via AegisAI, the underlying data calls happen under the user's identity — not the Copilot Studio service principal.
Sign-in logs show the actual user with the actual app context. Security ops can investigate suspicious patterns at the user level.
MFA, device compliance, IP allow-lists, risk-based policies — all fire per user. AI access doesn't become a CA bypass route.
Data lineage maps reflect actual user touchpoints. Data classification reports answer "who accessed PII?" with real names.
Per-user cost attribution lets FinOps teams allocate AI consumption to actual business units, not a shared integration spend.
30-minute architecture call. We open the operator console and run real queries through your stack — AWS, Azure, GCP, or all three. You see the audit chain tick up in real time.
