Entra Adds Facet Claims For Agent Identification

Microsoft Entra introduces new "facet" claims in Agent ID tokens that add identity context without changing core claims like tid, sub, and azp. The multivalued claims (xms_tnt_fct, xms_sub_fct, xms_act_fct and xms_par_app_azp) help distinguish tenant, subject, and acting app or agent for logging, auditing, and SOC investigations, while guidance warns against using them for authorization.
Key Points
- 1Describe new multivalued facet claims: xms_tnt_fct, xms_sub_fct, xms_act_fct, and xms_par_app_azp
- 2Clarify identity relationships so teams can distinguish user, tenant, and acting app or AI agent
- 3Enable improved logs, auditing, and SOC investigations but caution against using for authorization
Scoring Rationale
Useful, actionable Entra token enhancement improves agent visibility, but limited novelty and applicability mainly affects Entra/Azure customers.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

