Microsoft is developing an OpenClaw-style autonomous agent for enterprise customers, embedded directly into Microsoft 365 Copilot. The news, confirmed to The Information and reported by TechCrunch and The Verge on April 13, 2026, signals that Microsoft sees the always-on local agent pattern as the next frontier — and it intends to own the enterprise version of it.

This isn’t a research preview or a conceptual demo. It’s a strategic move to capture the enterprise automation market that OpenClaw accidentally created but can’t safely serve.

The Problem Microsoft Sees Clearly

OpenClaw changed how developers think about AI agents. Instead of chatting with a model, you hand it control of your machine. It browses, executes code, manages files, and chains tasks autonomously. The pattern is powerful, and adoption has been explosive — Mac Minis are selling out as developers build dedicated OpenClaw rigs.

But OpenClaw’s security model is essentially non-existent for enterprise use. It runs with the user’s full privileges, has minimal audit trails, no centralised permission management, and no compliance controls. For a solo developer experimenting on a personal machine, that’s acceptable. For a financial services firm under SOC 2 or a healthcare organisation under HIPAA requirements, it’s a non-starter.

I’ve had this conversation with multiple enterprise security teams over the past two months. They see the productivity potential. They absolutely cannot accept the risk posture.

What Microsoft Is Actually Building

Based on what’s been confirmed, Microsoft’s agent would be an always-on version of 365 Copilot — one that can take actions autonomously over extended periods, not just respond to prompts. Think: multistep workflows that run in the background, completing tasks across Microsoft 365 apps without waiting for you to click “next.”

This is distinct from what Microsoft has already shipped. Copilot Cowork, announced in March, takes actions inside 365 apps but runs in the cloud. Copilot Tasks, introduced in February, handles prosumer-level automation but also cloud-hosted. What’s new here is the ambition of local, persistent, autonomous operation — the exact pattern that made OpenClaw compelling.

The critical difference is what Microsoft wraps around it: sandboxed execution environments, role-based access controls integrated with Azure Active Directory, comprehensive audit logging, real-time monitoring that can detect and halt unexpected agent behaviour, and encrypted data handling throughout automation workflows.

In other words, Microsoft is taking the OpenClaw interaction pattern and embedding it into the enterprise identity, compliance, and governance infrastructure that already manages access for hundreds of millions of users.

Why This Changes the Agent Landscape

Three shifts matter here.

Enterprise Agent Security Becomes a Product Category

Until now, agent security has been an afterthought — something bolted on after the agent works. NVIDIA recognised this with NemoClaw at GTC 2026, building an open-source security stack that sits on top of OpenClaw with kernel-level sandboxing and policy enforcement. Microsoft is taking the opposite approach: building the agent inside an existing security perimeter rather than wrapping one around an existing agent.

Both approaches are valid. But Microsoft’s version has a deployment advantage that’s hard to overstate. If your organisation already runs Microsoft 365 with Entra ID (formerly Azure AD), Defender, and Purview, the agent inherits all of those controls. No additional infrastructure to deploy. No new identity system to configure. No separate audit pipeline to build.

The “Agent Tax” Is Coming

OpenClaw is free and open source. Microsoft’s version will carry Microsoft 365 licensing costs — likely at the Copilot tier, which already adds $30 per user per month on top of existing subscriptions. For a 200-person organisation, that’s $72,000 per year before you factor in consumption-based charges for heavy agent workloads.

But here’s the calculation enterprise buyers will actually make: what does it cost to secure OpenClaw to an enterprise standard versus what does it cost to use a pre-secured agent from a vendor you already trust? The security engineering hours, the custom policy frameworks, the audit trail infrastructure, the incident response planning — once you add those up, the licensing fee starts to look reasonable.

This is the same pattern we’ve seen with every major open-source-to-enterprise transition. The software is free. The operational overhead isn’t.

Platform Lock-In Gets Deeper

If Microsoft’s agent becomes the primary way enterprise workers interact with AI automation, it creates another reason to stay inside the Microsoft ecosystem. Your agent knows your 365 data, your SharePoint structure, your Teams conversations, your Outlook patterns. That context makes it better at its job — and progressively harder to replace.

For CIOs evaluating multi-cloud or platform independence strategies, this is a consideration worth flagging now, not after adoption.

What This Means for the OpenClaw Ecosystem

OpenClaw isn’t going away. The developer community is massive, the tool is genuinely flexible, and it works with multiple models — Claude, GPT-4, Gemini, local models. Microsoft building a competitor validates the pattern, not replaces it.

But the enterprise market was never really OpenClaw’s to win. Most large organisations were never going to run an open-source agent with root-level system access in production, regardless of how productively individual developers used it during prototyping. Microsoft is building for the customers who were watching from the sidelines.

The more interesting question is what happens to NVIDIA’s NemoClaw proposition. NemoClaw was specifically designed to make OpenClaw enterprise-ready by adding security and governance controls while preserving OpenClaw’s flexibility. If Microsoft offers a fully integrated alternative, the business case for “secure OpenClaw + NemoClaw” in enterprise settings becomes harder to justify — unless you specifically need the model flexibility and open-source customisation that Microsoft’s walled garden won’t provide.

The Signal Worth Watching

Microsoft has reportedly said one of the main features is an agent that is essentially always working — able to take actions at any time. This is a fundamental shift from the current Copilot model where you ask, it answers, you act.

An always-on agent that monitors, decides, and acts autonomously within your enterprise environment is a different category of software entirely. The security, governance, and oversight frameworks we’ve built for AI assistants aren’t designed for AI agents that operate independently. We don’t have mature patterns yet for “the agent did something at 3am and nobody reviewed it.”

Microsoft will need to solve that trust gap, not just with technology, but with enterprise change management. The organisations that figure out how to govern autonomous agents — not just secure them — will be the ones that actually capture the productivity gains.

The technology is moving faster than the governance models. That gap is where the real risk lives, and it’s where I’ll be watching most closely as Microsoft heads toward Build in June.

• Claude Code Users Will Pay Extra for OpenClaw
• From Demo to Production with Microsoft Agent Framework for Architects
• NemoClaw and the Rise of Secure Agent Platforms in Enterprise AI
• Microsoft Agent Framework Foundry MCP and Aspire in Practice
• I Asked Copilot to Build an Agent That Builds Other Agents. It Worked.