Agents are only useful when they can take real actions such as calling APIs or querying enterprise systems. The challenge is not executing the call itself, but ensuring the agent acts in the correct user context so access remains secure, auditable, and consistent with enterprise authorization policies. In this session, we explain how identity propagation works for interactive agents. We walk through practical examples, including an agent using OAuth identity passthrough to authenticate with MCP-enabled tools, as well as an agent using identity passthrough with a Fabric Data Agent to query data stored in Microsoft Fabric. By combining identity-aware tool execution with row-level security in Fabric, the agent can access data using the end user’s identity rather than a shared application identity. Together, we explore how to build agents that ensure responses are filtered according to existing permissions and help prevent identity manipulation.