Microsoft is making its boldest agentic AI bet yet. A newly formed team under Corporate Vice President Omar Shahine is building OpenClaw-style autonomous agents directly into Microsoft 365 Copilot โ€” a move that could fundamentally change how hundreds of millions of office workers interact with AI. The earliest public preview is expected at Build 2026 on June 2 in San Francisco.

Here is everything enterprise IT teams need to know right now.

The Ocean 11 Team: Who Is Building This

The initiative is led by Omar Shahine, formerly head of Microsoft Word, now a Corporate Vice President running a dedicated team informally known as “Ocean 11.” The group is deliberately small โ€” each member described as “a force multiplier.”

Their mission is distinct from traditional product teams. According to reporting from The Information and TechCrunch, the team’s job is not to write features directly but to “build and refine the system that writes features.” The goal: a team of agents โ€” not chatbots that respond when prompted โ€” that operates 24/7/365 within Microsoft 365.

Shahine’s own framing is direct:

“A new generation of proactive assistants, ones that lighten your load by taking on tasks end-to-end.”

“An always-on agent that works on your behalf, 24/7, with real access to your real life.”

What OpenClaw Proved โ€” and Where It Falls Short

To understand why Microsoft is doing this, you need to understand what OpenClaw demonstrated.

OpenClaw is an open-source personal AI assistant created by Peter Steinberger, first published in November 2025. It runs locally on a user’s device with deep system access, manages files, sends emails, browses the web, and automates workflows across 20+ messaging channels. As of April 2026, it has 354,000+ GitHub stars, 70,000+ forks, and 44,000+ skills on ClawHub.

OpenClaw proved the concept: autonomous agents that take action on your behalf, continuously, across the tools you already use. But for enterprises, it also exposed critical gaps. The platform grants agents direct access to host operating systems, filesystems, and networks. Security researchers have flagged exposed instances, plaintext credential leaks, and CVE-2026-25253 for token exfiltration. For organizations with compliance obligations and sensitive data, that attack surface is a non-starter without additional hardening.

Unlike open-source implementations, enterprise OpenClaw deployment requires robust security controls, identity management, and compliance frameworks that most organizations lack the expertise to implement independently. Microsoft is betting it can close that gap natively.

What Microsoft Is Building

Based on multiple reports from TechCrunch, The Verge, and The Information, here is what the Ocean 11 team is developing:

CapabilityDescription
Autonomous email managementClearing inboxes, drafting and sending responses without prompting
Calendar managementUpdating schedules, resolving conflicts, generating daily to-do lists
Report generationCreating reports across M365 data sources automatically
Cross-app task coordinationOrchestrating workflows spanning Outlook, Teams, Word, Excel
Persistent contextMaintaining information and state across sessions
Proactive interventionStepping in automatically when assistance is beneficial
Always-on operationRunning continuously without constant user prompts

Starting Small and Deliberate

Microsoft is not shipping unrestricted agents on day one. The initial scope is narrow: Copilot will be granted access to Outlook accounts and calendars to generate to-do lists. Shahine has indicated the company wants agentic features with deliberately limited powers compared to competitors, explicitly avoiding the “catastrophic damage” potential of unrestricted systems.

This graduated rollout is significant. It signals that Microsoft views trust and control as more important than feature breadth at launch โ€” a posture enterprise buyers should welcome.

Enterprise Security: Microsoft’s Key Differentiator

Security is where Microsoft’s approach diverges most sharply from open-source OpenClaw. The company is building its autonomous agents on top of existing enterprise infrastructure rather than bolting security on after the fact.

Identity management through Entra ID provides per-user and per-agent authentication and authorization. Isolation layers separate agent workspaces from each other and from the host environment. Cloud protections inherit Microsoft’s existing compliance certifications. Graduated permissions enforce controlled, limited access rather than full system autonomy. Data loss prevention integrates with existing M365 DLP policies that organizations have already configured.

This is not a new security model โ€” it is Microsoft’s existing enterprise security stack applied to autonomous agents. For organizations already invested in Entra ID, Intune, and Purview, the integration overhead should be minimal compared to securing a standalone OpenClaw deployment.

How This Fits the Competitive Landscape

Microsoft is not the only company racing to bring OpenClaw-style agents to enterprise. The market is moving fast:

Nvidia’s NemoClaw, announced at GTC 2026, takes a different approach โ€” wrapping OpenClaw in an enterprise sandbox with declarative YAML security policies and privacy-aware inference routing. Adobe, IBM’s Red Hat, and Box have expressed interest.

Tencent launched its own OpenClaw product suite. Alibaba Cloud, Moonshot, and Xiaomi have released supported apps. Salesforce has acknowledged parallels between OpenClaw’s architecture and its own development roadmap.

Meanwhile, Microsoft itself is hedging across AI providers. The company recently deployed Anthropic’s Claude to power Copilot Cowork, its first step into autonomous agents, while simultaneously building OpenClaw-inspired capabilities in-house. This multi-model strategy โ€” using the best available model for each capability rather than locking into a single provider โ€” is pragmatic and worth watching.

What IT Admins Should Do Right Now

You do not need to wait for Build 2026 to start preparing. Here are five concrete actions:

1. Audit your current Copilot deployment. Understand which users have Copilot licenses, what data they access, and what DLP policies are in place. Autonomous agents will amplify both productivity and risk across whatever permissions already exist.

2. Review your Entra ID posture. Autonomous agents will authenticate through Entra ID. Conditional access policies, MFA enforcement, and least-privilege role assignments need to be tight before you hand agents the keys.

3. Assess your DLP policies. If your current M365 DLP policies have gaps โ€” and most organizations’ do โ€” fix them now. An always-on agent operating 24/7 will find those gaps faster than any human user.

4. Inventory your M365 integration surface. Map which apps, connectors, and APIs your organization uses across M365. Autonomous agents that coordinate across apps need clear boundaries on what they can touch.

5. Start building your governance framework. Define who can enable autonomous agents, what tasks they can perform, what approval workflows apply to high-consequence actions, and how you will audit agent behavior. The organizations that have a governance model ready when these features ship will move fastest.

For organizations already running Windows 365 Cloud PCs, autonomous Copilot agents could enable new remote workforce automation scenarios โ€” from automated desktop provisioning to intelligent resource scaling based on usage patterns.

Timeline: What to Watch

  • Now: Ocean 11 team is in internal testing and exploration
  • June 2, 2026: Microsoft Build in San Francisco โ€” earliest expected public preview
  • Late 2026 (estimated): Broader preview or limited GA, likely tied to existing M365 Copilot licensing
  • Unknown: No official product name, pricing, or GA date announced

For weekly updates on OpenClaw developments and Microsoft AI announcements, read our OpenClaw Weekly briefing or contact our AI automation team to discuss your organization’s autonomous agent strategy.

Sources