The immediate response was operational: rotate the keys, revoke the tokens, restore the integrations. Institutions did this manually, under time pressure, during finals. The structural question follows. Those rotated credentials still exist. New ones are being minted. The integrations they serve are not going away.
Microsoft has the most obvious claim to governing those credentials. Entra ID is the dominant identity provider in higher education. Microsoft's agent governance platform reached general availability weeks before the Canvas breach became public. The timing invites scrutiny.
A naming note first. Microsoft uses two product names that overlap. Entra Agent ID is the identity platform: token flows, agent identity constructs, the Auth SDK that external platforms integrate with. Agent 365 is the broader governance product that wraps Entra Agent ID with Defender integration, Purview DLP, Intune policy enforcement, and the M365 admin center agent catalog. The guideline's "Entra Agent ID" refers to the identity layer. The governance features that matter for NHI lifecycle management live in Agent 365. Both are relevant here.
What Entra Agent ID governs. The GA release (May 1, 2026) covers the On-Behalf-Of agent model, where every action an agent takes is attributable both to the agent's own Entra identity and to the user it represents. Microsoft's platform documentation describes governance across Microsoft-owned platforms including Copilot Studio, Microsoft Foundry, and Teams, as well as non-Microsoft platforms that support OAuth 2.0 and OpenID Connect. The critical qualifier: those non-Microsoft platforms must explicitly integrate with the Microsoft Entra Auth SDK or workload identity federation. The external platform has to build the integration. Passive discovery does not apply.
Named launch partners include Adobe, SAP, Zendesk, and Manus, along with agent frameworks like n8n and AWS Bedrock. Cross-cloud registry sync with AWS Bedrock and Google Cloud connections is in public preview, not GA. Useful for visibility across multi-cloud environments. Production-grade lifecycle management remains ahead of it.
The June 2026 Entra changelog shows continued investment. Agent identities now require a delegated human sponsor accountable for their access and lifecycle. Lifecycle Workflows automatically transfer sponsorship when a sponsor leaves the organization. Genuine NHI governance within the Entra perimeter. Autonomous agentic identity capabilities, where agents operate as their own first-class users rather than on behalf of a human, remain in Frontier preview with no announced GA date.
What it requires. The Entra Agent ID platform is available to Entra customers. The full governance layer requires Agent 365 licensing at $15/user/month or M365 E7 at $99/user/month. The governance features most relevant to security operations sit behind the higher-tier license.
For a campus deep in the Microsoft ecosystem, this is incremental spend on an existing relationship. For a campus running multi-cloud research computing with workloads on AWS, Azure, and institutional HPC clusters, the licensing math changes. The governance most urgently needed covers non-Microsoft credential surfaces, and that is precisely where Agent 365 has the least reach without explicit platform integration from the other side.
What it cannot reach. Canvas OAuth tokens, LTI developer keys, and personal access tokens are issued by Instructure's own OAuth server. Separate OAuth servers, separate token namespaces, separate credential stores. Microsoft's own documentation on agent tokens confirms that platforms integrating with Entra Agent ID use standard token claims appropriate for their authentication method. None of the Canvas credential surface appears in the Entra admin center without Instructure building and deploying an integration with the Microsoft Entra Auth SDK. No such integration has been announced. Canvas is not among Microsoft's named launch partners.
The same gap applies to non-Azure HPC service accounts, custom REST API integrations between campus research systems, and credentials minted by any third-party platform that has not opted into the Entra identity framework. In a campus environment, this covers most of the credential surface the Canvas breach just exposed.
What Microsoft exited. Microsoft ended sales of Entra Permissions Management, its CIEM product, on April 1, 2025. Support was retired on November 1, 2025, extended one month from the original October 1 date per a September 29 update. Microsoft directed customers to Delinea as a recommended third-party alternative.
Permissions Management was the product positioned to govern cross-cloud entitlements outside the M365 perimeter. Microsoft chose to exit that market seven months before the Canvas breach made cross-platform credential governance an urgent campus problem. Agent 365's capabilities within its perimeter remain intact. The exit marks where Microsoft's current ambition stops.
The window. Within the Microsoft ecosystem, Entra Agent ID and Agent 365 together constitute the most mature agent identity governance framework shipping today. The steelman case is genuine: human-sponsored lifecycle management, Defender behavioral monitoring, Purview DLP, cross-cloud registry discovery in preview. For institutions whose credential surfaces live primarily inside the M365 perimeter, this is real capability.
Outside that perimeter, the credential surfaces the Canvas breach exposed remain ungoverned by any platform. The 8,809 institutions that rotated their Canvas tokens in May 2026 did so manually. The replacement tokens carry the same architectural properties: refresh tokens that persist indefinitely, mobile tokens that never expire, LTI keys that outlast the integrations they were built for.
A competitive window for platform-neutral NHI governance in higher education is open. Agent 365 was not designed to close it. The window is narrowing. Microsoft's ecosystem gravity pulls more campus workloads inside the Entra perimeter every budget cycle. Whether the credential surfaces outside that perimeter get governed before the next breach finds them is an open question, and the clock set by the Canvas breach is already running.