Microsoft tests agentic Copilot

Microsoft is testing a version of Microsoft 365 Copilot that can keep working in the background and take actions without waiting for a new prompt. (techcrunch.com) TechCrunch reported on April 13 that Microsoft confirmed to The Information it is exploring OpenClaw-like features for enterprise customers, including an “always working” Copilot that can handle multistep tasks over long periods. OpenClaw is an open source tool that runs on a user’s machine and performs tasks on that person’s behalf. (techcrunch.com) Microsoft has already been moving Copilot from chat toward automation. The company introduced Copilot Tasks on February 26, 2026, as a preview focused on work that “doesn’t just talk to you, but works for you,” and it announced Copilot Cowork on March 9, 2026, as a Research Preview for a limited set of customers. (microsoft.com 1) (microsoft.com 2) An agent is software that can carry out steps after you give it a goal, instead of stopping after it writes an answer. Microsoft’s own Copilot Studio preview already includes a “computer use” tool that lets an agent click buttons, choose menus, and type into websites and Windows desktop apps with a virtual mouse and keyboard. (learn.microsoft.com) That matters inside large companies because Copilot is tied to the same files, mailboxes, chats, and business apps employees already use. Microsoft says its Copilot Control System is meant to cover Microsoft 365 Copilot, Copilot Chat, prebuilt agents, and agents built in Copilot Studio, with controls for data security, compliance, privacy, and measurement. (learn.microsoft.com) The security problem is not only what an agent can do, but whose identity it is using when it does it. Microsoft’s Copilot Studio documentation says a tool can run with “user authentication” for work tied to a specific person’s access, or with “agent author authentication” for lower-risk cases where the agent uses credentials supplied for the tool. (learn.microsoft.com) Microsoft also says Copilot Studio does not store credentials and requires connections to external systems such as Microsoft Dataverse, SharePoint, or other application programming interfaces before an agent can act. Admins can see whether those connections are active, expired, deactivated, or broken from the agent’s connection settings. (learn.microsoft.com) For information technology teams, the immediate questions are less about whether Copilot can click through software and more about where those clicks are allowed, which data is overshared, and how actions are logged. Microsoft’s governance guidance tells customers to use Microsoft Purview and SharePoint Advanced Management to find overshared content and restrict Copilot and agent access while those risks are fixed. (learn.microsoft.com) Microsoft has not publicly said when this always-on Microsoft 365 Copilot will ship or whether it will run locally on a device or only in the cloud. What it has confirmed, through its recent previews and documentation, is that Copilot is being built to move from answering questions to taking actions. (techcrunch.com) (microsoft.com)