Randomized Controlled Trials for Conditional Access Optimization Agent

TL;DR

This paper presents the first randomized controlled trial demonstrating that an AI agent significantly improves accuracy and efficiency in managing Conditional Access policies in enterprise identity governance.

Contribution

It provides empirical evidence that AI agents can effectively enhance performance in complex identity management tasks, a novel contribution in this domain.

Findings

Accuracy improved by 48% with AI assistance

Task completion time decreased by 43%

Largest benefits observed in cognitively demanding tasks

Abstract

AI agents are increasingly deployed to automate complex enterprise workflows, yet evidence of their effectiveness in identity governance is limited. We report results from the first randomized controlled trial (RCT) evaluating an AI agent for Conditional Access (CA) policy management in Microsoft Entra. The agent assists with four high-value tasks: policy merging, Zero-Trust baseline gap detection, phased rollout planning, and user-policy alignment. In a production-grade environment, 162 identity administrators were randomly assigned to a control group (no agent) or treatment group (agent-assisted) and asked to perform these tasks. Agent access produced substantial gains: accuracy improved by 48% and task completion time decreased by 43% while holding accuracy constant. The largest benefits emerged on cognitively demanding tasks such as baseline gap detection. These findings demonstrate that purpose-built AI agents can significantly enhance both speed and accuracy in identity administration.