Microsoft unveils Scout autonomous agent

Microsoft has started to describe a more concrete model for how autonomous workplace agents would be governed inside enterprise software. Scout, disclosed this week in Build-related coverage, is positioned as an always-on Microsoft 365 agent that can work across email, files and calendar rather than waiting for one prompt at a time. (petri.com) At the same event, Microsoft also introduced the Agent Control Specification, or ACS, an open-source format for policy files that define what agents are allowed to do. (m.techflowpost.com) Together, the announcements push the conversation from chatbot safety toward runtime controls, identity boundaries and auditability. ### What is different about Scout from a normal copilot? Scout is described as an autonomous agent for Microsoft 365, not just an assistant that responds when a user asks a question. The reported distinction is persistence: Scout is meant to stay on, monitor workflows and carry out tasks across email, documents and calendar activity inside Microsoft 365. That matters because an always-on agent creates a different security problem from a chat interface. A tool that can keep context, revisit work and trigger actions over time has to be governed around identity, credentials and approvals, not only around prompt filtering. (petri.com) Petri’s coverage framed Scout as an autonomous agent with enterprise security controls, which is the core claim Microsoft appears to be making around the product. ### Why did Microsoft launch ACS at the same time? Microsoft’s Build 2026 rollout also included the Agent Control Specification, which TechFlowPost described as an open-source standard for policy files that govern AI-agent behavior. (petri.com) The significance is that Microsoft is pairing a more autonomous agent model with a more explicit policy model. In practice, policy files give enterprises something more concrete to inspect than broad claims about “responsible AI.” A policy-defined system can specify which tools an agent may call, when it must escalate, and what kinds of actions are blocked. (petri.com) That makes agent behavior easier to map to compliance and internal controls than relying on prompt instructions alone. ### Why are identity and credentials the center of the story? Enterprise risk rises when an agent can act continuously across business systems. If Scout can touch mailboxes, files and calendars, the first question for security teams is which identity it uses and how far that authority extends. (m.techflowpost.com) The coverage around Scout emphasizes those control boundaries rather than model capability by itself. Credential handling is central because an autonomous agent may need standing access to complete work without a fresh user click every time. That creates pressure for tighter rules on delegated permissions, approval paths and revocation. (m.techflowpost.com) The reporting around Microsoft’s new agent framework points toward assurance based on bounded authority and evidence trails, not just on trying to make the model behave through better prompts. ### What does Microsoft mean by an “Agent Computer”? TechFlowPost said Microsoft used Build to outline an “Agent Computer” strategy linking Windows, Azure and IT governance. (petri.com) In that framing, agents are not treated as isolated chat features; they become managed computing entities that sit inside existing enterprise control planes. That approach suggests Microsoft wants agent governance to live alongside endpoint management, cloud policy and security administration. For customers, the practical question is whether agent identity, execution policy and logging can be administered with the same rigor as users, devices and apps. (petri.com) Microsoft’s announcements point in that direction, though the fuller implementation details will depend on what the company publishes in product documentation and tooling over time. ### What should readers watch next? The next concrete checkpoint is Microsoft’s own product and developer documentation around Scout, ACS and related Build tooling. (m.techflowpost.com) The most important details will be the ones that show how identity is assigned, how policy files are enforced, what evidence is logged, and where human approval is still required for sensitive actions. If Microsoft follows through, the proof will not be in the autonomy claim alone. It will be in published controls for agent permissions, runtime policy enforcement and audit records inside Microsoft 365, Windows and Azure. (m.techflowpost.com) (petri.com)