Skip to main content
9 – 17 UHR +49 8031 3508270 LUITPOLDSTR. 9, 83022 ROSENHEIM
DE / EN

Microsoft Scout: OpenClaw for Microsoft 365 – What the New Autopilot Agent Can Really Do

Tobias Jonas Tobias Jonas | | 10 min read

At Build 2026 on June 2, Microsoft introduced a product that would have seemed unthinkable just months earlier: Microsoft Scout, an autonomous desktop agent built on the open-source technology OpenClaw – the very project Microsoft’s own security team had explicitly warned against running on corporate machines back in February. Scout is the first product in a new category Microsoft calls “Autopilots”: agents that work autonomously in the background with their own identity, instead of waiting for the next prompt.

In this article we look at what Scout can do, how it works technically, how it differs from Microsoft 365 Copilot and Google’s Gemini Spark – and which licensing, security and GDPR questions enterprises should resolve before the first Autopilot lands in their tenant.

Scout, Spark or Copilot? Sorting Out the Names First

Around Build 2026 and Google I/O 2026, several similar-sounding products appeared at once. If you are searching for “Microsoft Spark”, you almost certainly mean one of the following – because a Microsoft product with that name does not exist:

TermWhat it actually is
Microsoft ScoutAutonomous desktop agent for Microsoft 365 built on OpenClaw (Build 2026) – the subject of this article
Google Gemini SparkGoogle’s 24/7 agent for Gemini Enterprise and Workspace (I/O 2026) – runs in a managed Google Cloud runtime
Surface RTX Spark Dev BoxA mini PC with an NVIDIA Blackwell GPU for local AI workloads – hardware, not an agent
Apache Spark (in Microsoft Fabric)Big-data framework for analytics – nothing to do with AI agents
Microsoft 365 CopilotMicrosoft’s established AI assistant in Word, Excel, Outlook and Teams – a chat and drafting tool, not an autonomous agent

The confusion is understandable: Scout and Gemini Spark were introduced two weeks apart and deliver on the same promise – a personal agent that keeps working for you. Their architectures, however, differ fundamentally; more on that below.

What Is Microsoft Scout?

Microsoft officially describes Scout as an “always-on personal agent”: a desktop application for Windows and macOS that takes action on your behalf. According to Microsoft’s documentation, Scout reads and writes files, runs shell commands, controls a browser, queries Microsoft 365 data and works autonomously in the background – with approval dialogs before sensitive actions are executed.

The decisive difference from everything Microsoft has shipped under the Copilot umbrella so far: Scout is not a chat window in the cloud but a local agent on the employee’s machine. It combines three access layers:

  • Local capabilities: file system, shell commands and browser automation (Playwright) directly on the device
  • Microsoft 365 context: mail, calendar, Teams chats, OneDrive and meetings via the user’s work account
  • Extensions via MCP: connecting external systems through the Model Context Protocol, the same open standard that platforms like CompanyGPT build on

As its context layer, Scout uses Work IQ: according to Microsoft, the agent learns how the individual user works, what they care about and what needs to happen next – proactively preparing meetings, resolving scheduling conflicts or handling routine tasks.

How Microsoft Scout Works

Anyone familiar with the OpenClaw architecture will recognize many concepts in Scout – from skills to the persistent agent loop. The key building blocks according to Microsoft’s documentation:

Heartbeat mode. Scout checks in autonomously at configurable intervals (15 to 120 minutes) within defined working hours – governed by a separate, stricter permission policy for these autonomous runs.

Automations. Background tasks can be schedule-triggered, condition-triggered or one-shot – for example “summarize the unread mails of the project mailbox for me every morning”.

Sub-agents. For larger tasks, Scout delegates in parallel to specialized sub-agents, including research, code review and general-purpose agents.

Skills. Scout ships with skills for Word, Excel, PowerPoint, Loop and web artifacts. Custom skills are stored as SKILL.md files – effectively the same format OpenClaw uses (our observation; Microsoft itself does not draw that comparison). Existing OpenClaw know-how transfers directly.

Tiered permissions. Shell commands pass through a three-tier system (auto-approve / prompt / deny), sensitive paths can be marked, and Scout explicitly asks before sending emails or Teams messages. External content such as mails or web pages is tagged as untrusted and treated as data, not instructions – Microsoft’s answer to the prompt-injection problem.

Co-create. Human and agent can work in the same open file simultaneously; changes are merged automatically.

On the models behind Scout, Microsoft stays vague: the documentation only mentions the GitHub Copilot SDK, which “might connect to external AI models as a subprocessor”. Which models actually do the work is not publicly documented.

Scout vs. Microsoft 365 Copilot: Assistant Meets Autopilot

Scout does not replace Copilot – it requires it. The division of roles looks like this:

DimensionMicrosoft 365 CopilotMicrosoft Scout
PrincipleCloud assistant: ask, draft, summarizeLocal agent: plans and acts autonomously
Where it worksIn the M365 apps and Copilot ChatDesktop app on Windows/macOS
File accessM365 content via Microsoft GraphLocal file system, shell, browser + M365 data
AutonomyResponds to promptsHeartbeat, automations, sub-agents in the background
ExtensibilityCopilot Studio, Agent StoreSkills (SKILL.md), MCP servers
StatusGenerally availablePreview in the Frontier program

On the governance side, Scout plugs into the Microsoft Agent 365 control plane (generally available since May 2026): every Autopilot gets its own governed Entra identity – not an anonymous service account –, access is scoped per task, and according to Microsoft, Purview policies are enforced in the moment the agent wants to send or write anything.

Scout vs. Gemini Spark: Local vs. Cloud

Google’s Gemini Spark (introduced May 19, 2026) pursues the same goal with the opposite architecture: Spark runs as a 24/7 agent in a fully managed runtime on Google Cloud and works across Workspace, connectors and the open web – initially as a US beta for Google AI Ultra subscribers. Scout, by contrast, runs locally on the endpoint and thus inherits the OpenClaw philosophy including file and shell access.

For enterprises this means: Spark is easier to contain (everything runs in Google’s cloud sandbox), Scout is more powerful at the individual workplace – and therefore also the bigger governance topic.

The OpenClaw Heritage: Strength and Liability at Once

That a corporation like Microsoft turns a viral open-source project into a product foundation is remarkable – and not without irony. The facts:

  • OpenClaw (formerly Clawdbot and Moltbot) is Peter Steinberger’s agent project and became one of the fastest-growing GitHub projects ever within months; since February 2026 it has been stewarded by an independent OpenClaw Foundation.
  • In late January 2026, a security audit found 512 vulnerabilities, 8 of them critical; the CVE-2026-25253 flaw allowed token theft via crafted websites, and tens of thousands of instances were publicly reachable.
  • Microsoft’s own security team wrote on February 19, 2026 that OpenClaw is “not appropriate to run … on a standard personal or enterprise workstation”.

Three months later, exactly this technology became the foundation of Scout. Microsoft’s argument: the company has added what the open runtime lacked – Entra identities per agent, Intune device management, Purview policies, sandbox protections – and contributes policy conformance upstream to the open-source project. According to a report by The Verge, more than 3,000 Microsoft employees were already testing Scout internally.

Criticism remains plentiful nonetheless. Forrester analyst Jeff Pollard warns that an agent like Scout “amplifies whatever data governance problems already exist” – think data exposure, prompt injection, unexpected autonomous actions. And according to a report by 404 Media, an internal strategy paper describes a phase one titled “Make people addicted”; Satya Nadella publicly dismissed the report as “nonsense” without explicitly denying the document’s authenticity. Both belong in an honest assessment.

Availability, Licensing and Pricing

As of July 2026, Scout is an experimental preview – general availability is not in sight yet. The entry requirements are substantial:

  1. Enrollment in the Microsoft Frontier program
  2. Microsoft 365 work account (no personal accounts)
  3. Microsoft 365 Copilot license
  4. GitHub Copilot license (Business or Enterprise)
  5. Intune-managed device with an explicit policy opt-in by IT

Microsoft has not announced pricing; the phrase “pricing will vary based on usage” points to a consumption-based model. Whether Scout will later be included in Copilot subscriptions or billed separately is open. Regionally, according to Microsoft’s FAQ, the same restrictions apply as for other M365 Copilot features; there is no explicit EU statement.

GDPR and the EU AI Act: The Open Questions

For European enterprises, Scout is currently one thing above all: an open compliance question. Three points deserve particular attention.

First, there is no product-specific statement on the EU Data Boundary for Scout. The documentation only says Scout may connect to “external AI models as a subprocessor” via the GitHub Copilot SDK – which models process data where remains unclear. How sensitive this topic is was recently demonstrated by the debate around Copilot’s flex routing and data processing outside the EU.

Second, Scout works on the employee’s local file system and browser – potentially on everything stored there, from customer data to professional secrets. The tiered permissions help, but they replace neither data classification nor a documented risk assessment.

Third, from August 2026 the EU AI Act requires demonstrable AI literacy and clear responsibilities. An autonomously acting agent with its own identity must be covered in the company’s AI policy: who may activate Autopilots, on which data classes, with which approval tiers, and who reviews the logs?

Our recommendation is therefore the same as for all desktop agents: governance first, rollout second. Define Intune policies, block sensitive paths, set approval tiers conservatively, govern usage in the AI policy – and keep the pilot group small.

Where Scout Fits in an Enterprise AI Strategy

Scout confirms a trend we have been observing for months – most recently with Claude Cowork and Claude Code: the action increasingly happens on two levels. At the individual workplace, agentic desktop tools for power users emerge that master files, shell and browser. Underneath, organizations need a governed, auditable platform level for the entire workforce – with central model routing, logging, knowledge integration and clear data residency.

That platform level is exactly what CompanyGPT provides: operated in the company’s own cloud subscription, model-agnostic, with MCP support, document creation and usage reporting. Whether Scout, Cowork or both end up running at the workplace – the sovereign foundation underneath stays the same, and it belongs to the company, not to the agent’s vendor.

If you want to clarify what Autopilots mean for your AI strategy and compliance, our AI compliance consulting supports you – from risk assessment to your AI policy.

Frequently Asked Questions About Microsoft Scout

What is Microsoft Scout? An autonomous AI agent for Windows and macOS, introduced at Build 2026: Scout reads and writes files, runs shell commands, controls the browser, accesses Microsoft 365 data and works autonomously in the background – the first product in Microsoft’s “Autopilots” category.

Is there a product called “Microsoft Spark”? No. What people usually mean is Microsoft Scout, Google’s Gemini Spark or the Surface RTX Spark Dev Box. Apache Spark in Microsoft Fabric is a big-data framework unrelated to AI agents.

Is Scout really built on OpenClaw? Yes, according to Microsoft itself: Scout is “powered by OpenClaw open-source technology”; Microsoft adds enterprise governance (Entra, Intune, Purview) and contributes improvements upstream.

What does Microsoft Scout cost? No pricing has been published. Scout is a preview in the Frontier program; Microsoft signals usage-based billing. Among the prerequisites are a Microsoft 365 Copilot license and a GitHub Copilot license.

Can Microsoft Scout be used in a GDPR-compliant way? Open. There is no Scout-specific EU Data Boundary statement, and external models may be involved as subprocessors. Before rollout, a data-protection assessment, Intune policies and a provision in the AI policy belong on the agenda.

Conclusion

Microsoft Scout is the clearest confirmation yet that autonomous agents are arriving in enterprise daily life – built, of all things, on OpenClaw, the project Microsoft itself warned against in February. The enterprise wrapping of Entra identities, Intune and Purview is a serious step forward compared to the raw open-source agent. What remains open are pricing, the model question and, above all, the GDPR assessment.

Enterprises should watch Scout now, test it in a small circle and prepare their governance – while making sure the platform level underneath is set up sovereignly. That is exactly where we help.

Request a consultation now


Tobias Jonas is Founder of innFactory AI Consulting GmbH and innFactory GmbH, Microsoft Cloud Solution Provider and Google Cloud Partner. He advises companies on the secure and sovereign adoption of AI agents. LinkedIn profile

Tobias Jonas
Written by

Tobias Jonas

Co-CEO, M.Sc.

Tobias Jonas, M.Sc. ist Mitgründer und Co-CEO der innFactory AI Consulting GmbH. Er ist ein führender Innovator im Bereich Künstliche Intelligenz und Cloud Computing. Als Co-Founder der innFactory GmbH hat er hunderte KI- und Cloud-Projekte erfolgreich geleitet und das Unternehmen als wichtigen Akteur im deutschen IT-Sektor etabliert. Dabei ist Tobias immer am Puls der Zeit: Er erkannte früh das Potenzial von KI Agenten und veranstaltete dazu eines der ersten Meetups in Deutschland. Zudem wies er bereits im ersten Monat nach Veröffentlichung auf das MCP Protokoll hin und informierte seine Follower am Gründungstag über die Agentic AI Foundation. Neben seinen Geschäftsführerrollen engagiert sich Tobias Jonas in verschiedenen Fach- und Wirtschaftsverbänden, darunter der KI Bundesverband und der Digitalausschuss der IHK München und Oberbayern, und leitet praxisorientierte KI- und Cloudprojekte an der Technischen Hochschule Rosenheim. Als Keynote Speaker teilt er seine Expertise zu KI und vermittelt komplexe technologische Konzepte verständlich.

LinkedIn