Microsoft expands Copilot Cowork

Microsoft is trying to turn Copilot from a smart answer box into a worker you can hand things to. That’s what Cowork is for. On May 5, Microsoft pushed that idea further by bringing Copilot Cowork to iPhone and Android, adding reusable “skills,” and expanding the data and app connections it can use. ### What is Cowork, exactly? Cowork is Microsoft’s task-running layer inside Microsoft 365 Copilot. Instead of just drafting a reply or summarizing a file, it can keep a multi-step job going in the background — things like research, meeting coordination, document creation, and workflow follow-up — while the user checks in, approves changes, or answers questions when needed. Microsoft first introduced it in March and then opened it through the Frontier preview program at the end of March. (microsoft.com) ### Why does mobile matter here? Because Cowork already runs in the cloud, the phone app is not just a smaller screen version of desktop Copilot. The point is that you can kick off work from anywhere, then come back later to a finished draft, a proposed action, or a task that needs approval. Microsoft says Cowork is now available on iOS and Android through the Microsoft 365 Copilot mobile app. (microsoft.com) ### What are “skills” supposed to do? Skills are basically saved playbooks. A team can capture a repeatable process — tone, structure, steps, rules — and have Cowork reuse it instead of starting from zero each time. Microsoft says customers can use built-in skills for common Microsoft 365 jobs and create custom ones of their own, with support for up to 50 custom skills added through natural language or OneDrive in the Frontier documentation. (microsoft.com) ### What new data can Cowork reach? This is the bigger shift. Microsoft is wiring Cowork into more business systems so it can move from “here’s an answer” to “here’s the action.” The company says Cowork can use plugins and connectors for Dynamics 365, Fabric IQ starting with Power BI, and Microsoft 365 data, with read-and-write behavior in some scenarios. It also says partner integrations for LSEG, Miro, monday.com, and S&P Global Energy are coming in the following weeks, with Adobe, Atlassian, Box, Harvey.AI, Morningstar, and others on the way. (microsoft.com) ### Why is Agent 365 part of this story? Because once an AI system can read across apps and sometimes write back into them, governance stops being a side issue. Microsoft’s Frontier documentation says Cowork is now integrated with Agent 365 for observability, security, and governance, so IT teams can extend identity, compliance, and endpoint controls from users to agents through one control plane. Basically — Microsoft knows this only works in big companies if admins can see it, govern it, and shut things down when needed. (techcommunity.microsoft.com) ### So where does the security tension show up? Right next to the launch. Microsoft’s security advisories published on May 7 disclosed three high-severity information-disclosure bugs tied to Microsoft 365 Copilot and Copilot Chat in Edge: CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111. The descriptions point to injection-style flaws that could let an unauthorized attacker disclose information over a network. Microsoft says the issues were mitigated and customer action was not required, but the timing is hard to miss. (learn.microsoft.com) ### Why do those bugs matter beyond patch notes? Because they underline the core tradeoff in enterprise AI. The more useful Cowork becomes, the more systems it touches, the more context it can pull in, and the more valuable any disclosure bug becomes. A chatbot leak is bad. A workflow agent leak is worse, because the agent may have access to mail, files, dashboards, CRM records, and write paths into business systems all at once. (nvd.nist.gov) That is exactly why Microsoft is pairing expansion with governance language. ### What’s the bottom line? Microsoft is building Copilot into an action surface, not just a chat surface. That could make it much more useful inside real companies. But the same move raises the stakes — because when AI stops merely answering questions and starts operating across enterprise systems, every permission, connector, and disclosure flaw matters a lot more. (techcommunity.microsoft.com)