Randomized Controlled Trials for Conditional Access Optimization Agent
This addresses the need for effective AI automation in enterprise identity administration, showing significant gains in speed and accuracy for identity administrators, though it is incremental as it applies existing RCT methods to a new domain.
The paper tackled the problem of limited evidence for AI agents in identity governance by conducting the first randomized controlled trial evaluating an AI agent for Conditional Access policy management in Microsoft Entra, finding that agent access improved accuracy by 48% and reduced task completion time by 43%.
AI agents are increasingly deployed to automate complex enterprise workflows, yet evidence of their effectiveness in identity governance is limited. We report results from the first randomized controlled trial (RCT) evaluating an AI agent for Conditional Access (CA) policy management in Microsoft Entra. The agent assists with four high-value tasks: policy merging, Zero-Trust baseline gap detection, phased rollout planning, and user-policy alignment. In a production-grade environment, 162 identity administrators were randomly assigned to a control group (no agent) or treatment group (agent-assisted) and asked to perform these tasks. Agent access produced substantial gains: accuracy improved by 48% and task completion time decreased by 43% while holding accuracy constant. The largest benefits emerged on cognitively demanding tasks such as baseline gap detection. These findings demonstrate that purpose-built AI agents can significantly enhance both speed and accuracy in identity administration.